LSDtrip crackme! |
# LSDtrip Crackme - Solution
The password algorithm is as follows:
```c
void __noreturn sub_401000()
{
int i; // [esp+0h] [ebp-Ch]
int v1; // [esp+4h] [ebp-8h]
char *Buffer; // [esp+8h] [ebp-4h]
printf("\n \"LSDtrip\"\" crackme by Alon Alush, alonalush5@gmail.com \n\n PASSWORD ");
Buffer = (char *)malloc(0x14u);
fgets(Buffer, 20, (FILE *)iob[0]._ptr);
v1 = 0;
for ( i = 0; Buffer[i]; ++i )
v1 += (i + 1) * Buffer[i];
if ( strlen(Buffer) == 5 && v1 == 945 )
printf("\n [+] Good job! You sober! \n");
else
printf("\nWrong! I think you're on LSD?");
getch();
exit(0);
}
```
## The catch:
It's important to consider the line feed (0x0a) (\n) (10).
The last character is fixed -- \n.
So you need to solve for the first four:
`a*1 + b*2 + c*3 + d*4 + 10*5 = 945`
## Z3
Using z3 in python:
```python
from z3 import *
solver = Solver()
buffer = [Int(f'buffer_{i}') for i in range(5)]
for i, b in enumerate(buffer):
if i == 4:
solver.add(b == 0x0a)
continue
solver.add(b = 65, b |