Birthday Crackme Part 1

For this year’s birthday the most awesome gift I received was from hasherazade πŸ™‚
I am very thankful to her for making my birthday so special πŸ™‚
This crackme is a bootloader written in 16-bit assembly. This is how this look like.

View post on imgur.com


After attaching the process to IDA I placed a breakpoint in the user input and this is the algorithm which calculates the password.

View post on imgur.com

sub_7C5C proc near
push si
xor ax, ax
mov word_7DCB, ax
loc_7C62:
test cx, cx
jz loc_7C72
xor byte ptr word_7DCB+1, ah
lodsw
dec cx
add word_7DCB, ax
jmp short loc_7C62
loc_7C72:
pop si
retn
sub_7C5C endp

After calculating, the result is compared with 0x39A.

View post on imgur.com

There can be lots of possible collisions in this algorithm. I used a dictionary file to find all possible combinations of 0x39a. This is the cpp code using inline assembly.


View this gist on GitHub

This is cpp version where I’ve written the algorithm in cpp.


View this gist on GitHub

The results: http://pastebin.com/9rMwwVgq
Any of these passwords work πŸ™‚ but the correct password to unlock the source code in the link is β€œawesome” πŸ™‚

View post on imgur.com

Once again Thank You so much! <3

One thought on “Birthday Crackme Part 1

Leave a Reply