# SecurityArtWork: Reversing challenge 


# wget --quiet http://www.securityartwork.es/wp-content/uploads/2013/11/serial.exe
# file serial.exe
serial.exe: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
- Breakpoints
004019B5  |. E8 F6FCFFFF               CALL serial.004016B0
00401776   . 83E8 0F                   SUB EAX,0F
004018FA   . 39C2                      CMP EDX,EAX
- Key function
004018D2   . 8B45 F8                   MOV EAX,DWORD PTR SS:[EBP-8]
004018D5   . 83C0 01                   ADD EAX,1
004018D8   . 8B0485 00404000           MOV EAX,DWORD PTR DS:[EAX*4+404000]
004018DF   . 8B1485 40704000           MOV EDX,DWORD PTR DS:[EAX*4+407040]
004018E6   . 8B45 F8                   MOV EAX,DWORD PTR SS:[EBP-8]
004018E9   . 83C0 02                   ADD EAX,2
004018EC   . 8B0485 00404000           MOV EAX,DWORD PTR DS:[EAX*4+404000]
004018F3   . 8B0485 40704000           MOV EAX,DWORD PTR DS:[EAX*4+407040]
004018FA   . 39C2                      CMP EDX,EAX
004018FC   . 75 0C                     JNZ SHORT serial.0040190A

# cat serial.py
#!/usr/bin/python

check = [0,4,6,0,6,0,0,5,6,3,0,5,6,9,2,5]
key = ""

for i in range(16):
        for j in range(10):
                if i*j % 10 == check[i]:
                        key += str(j)
                        break
print key
# ./serial.py
0430400527053331
# cat serials.py
#!/usr/bin/python

check = [0,4,6,0,6,0,0,5,6,3,0,5,6,9,2,5]
key = ""

def serial(key,p):
        for n in range(10):
                if p*n % 10 == check[p]:
                        if p < 15:
                                serial(key + str(n),p+1)
                        else:
                                print key + str(n)
serial("",0)

C:\> serial.exe 0430400527053331
Valid serial number :-)
Posted by t0n1
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)