Birthday Crackme Part 1

For this year’s birthday the most awesome gift I received was from hasherazade 🙂
I am very thankful to her for making my birthday so special 🙂
This crackme is a bootloader written in 16-bit assembly. This is how this look like.


After attaching the process to IDA I placed a breakpoint in the user input and this is the algorithm which calculates the password.

sub_7C5C proc near

push si

xor ax, ax

mov word_7DCB, ax



loc_7C62:

test cx, cx

jz loc_7C72



xor byte ptr word_7DCB+1, ah

lodsw

dec cx

add word_7DCB, ax

jmp short loc_7C62



loc_7C72:

pop si

retn

sub_7C5C endp

After calculating, the result is compared with 0x39A.

There can be lots of possible collisions in this algorithm. I used a dictionary file to find all possible combinations of 0x39a. This is the cpp code using inline assembly.

This is cpp version where I’ve written the algorithm in cpp.

The results: http://pastebin.com/9rMwwVgq
Any of these passwords work 🙂 but the correct password to unlock the source code in the link is “awesome” 🙂

Once again Thank You so much! ❤

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s