Birthday Crackme Part 1

For this year’s birthday the most awesome gift I received was from hasherazade πŸ™‚
I am very thankful to her for making my birthday so special πŸ™‚
This crackme is a bootloader written in 16-bit assembly. This is how this look like.

View post on

After attaching the process to IDA I placed a breakpoint in the user input and this is the algorithm which calculates the password.

View post on

sub_7C5C proc near
push si
xor ax, ax
mov word_7DCB, ax
test cx, cx
jz loc_7C72
xor byte ptr word_7DCB+1, ah
dec cx
add word_7DCB, ax
jmp short loc_7C62
pop si
sub_7C5C endp

After calculating, the result is compared with 0x39A.

View post on

There can be lots of possible collisions in this algorithm. I used a dictionary file to find all possible combinations of 0x39a. This is the cpp code using inline assembly.

This is cpp version where I’ve written the algorithm in cpp.

The results:
Any of these passwords work πŸ™‚ but the correct password to unlock the source code in the link is β€œawesome” πŸ™‚

View post on

Once again Thank You so much! <3

One thought on “Birthday Crackme Part 1

Leave a Reply