CrackMe® Practices for Newbies
PROJECT 6: caveman by Ghiribizzo

Re: Re: Shadow's thread - keyfilemaker almost ready
Tuesday, 23-Feb-99 00:46:34



    /*

    My c-sources for generating caveman.dat.
    Final checksum generating missing from file because
    I can't figure it out..

    Copyright (c) Shadow 1999 - released as freeware.

    */

    #include
    #include
    #include
    #include
    #include

    static unsigned char memory[200];


    /* xlat & stuff */
    void manipulation(unsigned int checksum);
    /* username-file-checksum */
    unsigned int calc_checksum(unsigned char *bytestring);

    void main(int argc, char *argv[])
    {
    unsigned int word1,word2,word3,word4,temppi;
    unsigned int word5,result;
    unsigned char *ptr = NULL;
    unsigned char byte1 = 'o';
    FILE *fd = NULL;
    int i;
    word5=0;

    if(argc < 2)
    ptr = "Shadow$"; // $ is important
    else
    ptr = argv[1];

    clrscr();
    memset(memory,0,sizeof(memory));
    printf("Keyfile maker for caveman.com (unfinished)\n");
    // pass filechecks and checksum 1
    word1 = strlen(ptr);
    word2 = calc_checksum(ptr);

    // generate xlat and other table conversion to memory..
    manipulation(word2);

    printf("Name:%s\nChecksum from name: %04x\n",ptr,word2);
    printf("Memory after xlat & other table:\n");
    for(i = 0 ; i < 100 ; i++) {
    printf("%04x ",memory[i]);
    }
    printf("\n");
    printf("Same in chars:\n");
    for(i = 0 ; i < 100 ; i++) {
    printf("[%02c],", memory[i]);
    }

    if((fd = fopen("f:\\cave\\caveman.dat","wb")) == NULL) {
    perror("caveman.dat");
    exit(1);
    }
    fwrite(&word1,sizeof(unsigned int),1,fd);
    fwrite(ptr,strlen(ptr),1,fd);
    fwrite(&word2,sizeof(unsigned int),1,fd);
    fwrite(memory,100*sizeof(unsigned char),1,fd);
    fclose(fd);
    }
    /*

    This part generates checksum from username

    */

    unsigned int calc_checksum(unsigned char *bytestring)
    {
    unsigned int i,temp;
    temp = 0;

    for(i = 0 ; i < strlen(bytestring) ; i++) {
    temp&= 0xFF00;
    temp|= bytestring[i];
    asm {
    mov ax,word ptr temp
    add ah,al
    rol ax,1
    rol ax,1
    rol ax,1
    mov word ptr temp,ax
    }
    }
    return temp;
    }
    /*

    This part generates 100 bytes lenght "checksum" to table memory

    */

    void manipulation(unsigned int checksum)
    {
    unsigned int temp,i, regcx;
    unsigned char regcl, index,byte,memindex;

    unsigned char xlattable[] = {
    '\x54','\x2e','\x61','\x62','\x63','\x66',
    '\x77'
    };
    unsigned char table2[] = {
    '\x0B','\x18','\x02','\x13','\x42','\x13',
    '\x02','\x18','\x03','\x12','\x03','\x12',
    '\x02','\x11','\x23','\x33','\x11','\x02',
    '\x18','\x02','\x12','\x02','\x14','\x02',
    '\x12','\x01','\x51','\x62','\x12','\x0B',
    '\x00'
    };

    temp = i= regcx = regcl= index= byte= memindex = 0;
    asm {
    mov ax, word ptr checksum
    xor al,ah
    and ah,0x1
    mov bl,0x4e
    div bl
    mov word ptr temp,ax
    }
    while(table2[i] != 0) {
    temp &= 0xFF00;
    temp |= table2[i];
    asm {
    mov ax,word ptr temp
    mov cl,al
    and ax, 0xF0
    shr al,4
    and cl,0xF
    mov word ptr temp,ax
    mov byte ptr regcl,cl
    // mov regcx,cx
    }
    byte = xlattable[temp & 0x00FF];
    // regcl = regcx & 0x00FF;
    memset(&memory[memindex],byte,regcl);
    memindex+=regcl;
    i++;
    }
    // for debugging purposes
    //
    // printf("%s: %d",memory,memindex);
    }
    /* eof */

    Keyfile maker for caveman.com (unfinished)
    Name:Shadow$
    Memory after xlat & other table:
    (this algorith always produces same result???)
    0054 0054 0054 0054 0054 0054 0054 0054 0054 0054 0054 002e 002e 002e 002e
    002e 002e 002e 002e 0054 0054 002e 002e 002e 0063 0063 002e 002e 002e 0054
    0054 002e 002e 002e 002e 002e 002e 002e 002e 0054 0054 0054 002e 002e 0054
    0054 0054 002e 002e 0054 0054 002e 0061 0061 0061 0062 0062 0062 002e 0054
    0054 002e 002e 002e 002e 002e 002e 002e 002e 0054 0054 002e 002e 0054 0054
    002e 002e 002e 002e 0054 0054 002e 002e 0054 0066 0077 0077 002e 002e 0054
    0054 0054 0054 0054 0054 0054 0054 0054 0054 0054
    Same in chars:
    [ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ .],[ .],[ .],[ .],
    [ .],[ .],[ .],[ .],[ T],[ T],[ .],[ .],[ .],[ c],[ c],[ .],[ .],[ .],[ T],
    [ T],[ .],[ .],[ .],[ .],[ .],[ .],[ .],[ .],[ T],[ T],[ T],[ .],[ .],[ T],
    [ T],[ T],[ .],[ .],[ T],[ T],[ .],[ a],[ a],[ a],[ b],[ b],[ b],[ .],[ T],
    [ T],[ .],[ .],[ .],[ .],[ .],[ .],[ .],[ .],[ T],[ T],[ .],[ .],[ T],[ T],
    [ .],[ .],[ .],[ .],[ T],[ T],[ .],[ .],[ T],[ f],[ w],[ w],[ .],[ .],[ T],
    [ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],[ T],

    Validation on keyfile:

    100bytes -> filebuffer (crypted key)
    byte -> al
    rol al,2
    and al,0x3 (only 3 lowest bit)

    al must be after that 02 to jump last key validation part.

    1 byte from memorytable -> al and if al is 0x66 = valid key..




    Shadow


Message thread:

Shadow's thread - keyfilemaker almost ready (Shadow) (22-Feb-99 01:32:03)

Back to main board