Wow!! 9 months and few days after my last crackme tutorial. Here it is ! Many many things have happened but i take few days to have fun with this ToolMe! My english is still the same ... : bad ! So, as usual i apologize for my grammar errors. Nice read.
It's a nice little .com (776 bytes). You can desassemble it with IDA (see magic.lst), and trace it with Soft-ICE (use in the command.com shell, the dldr command in the util16 directory). Ok, the decryption key is 10 chars long, more exactly 10 digits from 0 to 9, each digit appears one time. So it makes 10! = 3628800 possibilities ! We must think twice times before launching a computation, of course all my code will be written in assembly.
The first thing to do is to rewrite the algo, to perfectly understand it (see step1/algo.asm).
This is our decryption key (10 digits) :
key db S0 S1 S2 S3 S4 S5 S6 S7 S8 S9
This is our cryptogram (10*14 chars) :
db X00 X01 X02 X03 X04 X05 X06 X07 X08 X09 X0A X0B X0C X0D
db X0E X0F X10 X11 X12 X13 X14 X15 X16 X17 X18 X19 X1A X1B
db X1C X1D X1E X1F X20 X21 X22 X23 X24 X25 X26 X27 X28 X29
db X2A X2B X2C X2D X2E X2F X30 X31 X32 X33 X34 X35 X36 X37
db X38 X39 X3A X3B X3C X3D X3E X3F X40 X41 X42 X43 X44 X45
db X46 X47 X48 X49 X4A X4B X4C X4D X4E X4F X50 X51 X52 X53
db X54 X55 X56 X57 X58 X59 X5A X5B X5C X5D X5E X5F X60 X61
db X62 X63 X64 X65 X66 X67 X68 X69 X6A X6B X6C X6D X6E X6F
db X70 X71 X72 X73 X74 X75 X76 X77 X78 X79 X7A X7B X7C X7D
db X7E X7F X80 X81 X82 X83 X84 X85 X86 X87 X88 X89 X8A X8B
The result plaintext [with algo applied one time !!!] (Y00 .. Y8B) will be :
Y0xA*k = X0xE*S0+k (k=0,1,..,13d)
and better:
Yi + 0xA*k = X0xE*Si + k (k=0,1,..,13d and i=0,1,..,9)
It's look like somme matrix transformation, but i don't see. And after x loops, the result plaintext come back to the initial cryptogram (it's a cycle).
The are 5 uppercase letters : L, D, S, I, H, C and 4 points. There's no "'", "!" or "?".
Well, i don't know.. however i will begin to generate all the possible combinations for the 10 digits numbers, let's reinvent the wheel (see step2/Allpermutations.java) ;). I have now a 119 mo inc file containing all combinations :
db 0,1,2,3,4,5,6,7,8,9, 6 dup(0) ... db 9,8,7,6,5,4,3,2,1,0, 6 dup(0)
Assuming the UltraEdit-32 is not able to edit a little 100 mo file. I will now work under linux which seems (and is!) more stable. I will try to generate some sentence, and see how many time it takes..
Oki, this is now the step 3 :
My little isPlainText() routine will be written in Perl (see step4/Filter.pl). It's very very simple it just checks 1-letter and 2-letter words.
Note: search "2-letter words" in www.google.com. You'll find many answers : http://thewordlist.tripod.com/2letter.html, http://www.cis.upenn.edu/~davidj2/sc/2s.html, ...
Now, just launch the last script and watch the final generated file (there are now 46 possibilities left).
$ ./step4.sh filtering file r0 filtering file r1 filtering file r2 filtering file r3 filtering file r4 filtering file r5 filtering file r6 filtering file r7 filtering file r8 filtering file r9 $ head -n 245276 r5 | tail -n 1 "Seize the Day", I heard him say.Life will not always be this way.Look around, Hear the sounds.Cherish your life while you are still around. $ head -n 245276 keys5.i | tail -n 1 .byte 5,7,0,6,4,9,8,1,3,2, 0,0,0,0,0,0
Leave your keygens and cracks alone, forget int3 and Soft-ICE for few months, switch off your computer .. Carpe diem ;).
Well, even if i did it :)), brute force is never a good solution, 653 mo for a 10 digits key is too much. I'd prefered finding a more elegant solution. However i don't study maths anymore since 3 or 4 years, i've forgotten a lot :( Maybe i'm wrong, but i think, we could solve this crackme in another way : it's only permutations.. i'm sure, there are some properties to use (the "Key format invalid!" message is not here by hazard).
However, The+Q asked us : Write a program to recognize english plaintext, and so crack the given cryptogram. It is what i did. Finally all the computations are not so long.
Last note: My site is banned ! I have been kicked by multimania. www.multimania.com/lucifer48
can't be upgraded anymore. However, it's still possible to visit the site (they are really too stupid !) but the ftp
access is dead (is there some hackers around ?). I'm looking for another free homepage, but i don't know where to go yet.
Greetings: The+Q (how are you finding all that time ? I want to enjoy my real life !), Volatility (ID
without you is not ID), Savage (no news, mail me !), all french dudes (qui regardent Loft Story, j'en suis sūr).