CrackMe® Practices for Newbies
Project 9: CrackMe 2 by Cronos

Re: Joseph's Thread
Wednesday, 31-Mar-99 21:02:44

    Greetings Cronose,

    Let me define few terms I will use and then put all the facts down before any discussion.
    Length = the number of bytes in each of the username and authorization number.
    n = 1 to length.
    NameCode(n) = the code for the respective byte in the name.=Ascii*2Bh
    AuthCode(n ) = the code of the respective byte in the authorization number = Ascii*2Bh
    X = result of calculation as shown next = 0 at the start
    For n = 1 to length
    X = X*3 + 93H + NameCode(n) - AuthCode(n)
    next n
    X * 5bfH = Z
    Z +79df = Y
    For a good solution we need, Y = 7777h and if so then Z must be F9D8H
    Z = 7777h - 79dfh = F9d8h
    So what is the value of X so that when multiplied by 5bfh will give Z?
    X canot beany thing but a 2 byte integer having a value from -32768 to 32767.
    For X = -32768 to 32767
    Z = X * 5bfH
    next X
    The above loop failed to an answer where Z = F9D8H
    79dfh + (5bfh * X) = Y, Y = 7777h and how to find X. In fact you really need to consider 79dfh + (5bfh * X) = 7777h mod (2^32) which is a completely different problem. You no longer consider the division, but the inverse of 5bf mod 2^32>

    Indeed I don't understand modular arithmetic, but I can manage simple multiplication. And as modular arithmetic I interpret the statement 10 mod 3 to be = 1 and 7 mod 8 to be = 7. So with this understanding let us take your statements and see if I understand what you are saying.
    7777h mod (2^32) = 7777h and if so then the statement 79dfh +(5bfh * X) = 7777h mod (2^32) is meaningless. The same is true for the other statement 5bfh mod (2^32).
    As for the inverse part of the statement, I fail to understand what you mean especially since the inverse is going to be a fraction

    Andy's suggestion of 2ch does not work and if it did I would not have asked the original question to start with. 2ch * 5bfh = fcd4h +79df =76b3h and it is obvious 76b3h <> 7777h, so this is not a valid answer since it will not lead to the "Authorization Granted" message which we are after.
    Now my big question to Cronos is: Is there an actual solution to this Crackme where by one can enter a user name and a correct number that will produce the "Authorized Granted" message. Off course the situation might be changed if patching is going to be a part of the solution.

    Cronos, No Solution!!!!


Message thread:

Joseph's Thread (Question to Cronos) (30-Mar-99 23:45:59)

Back to main board