The executable
is a classic example of a standard “keygen me”. There is a text box and a
button which on click checks the serial. We need to figure out the text that
will lead to the “good boy message”.
Before running
the executable, a quick summary of the import table using PEiD helps
getting an overview of the layout of the exe. There is a call to
GetDlgItemTextA which is used to retrieve contents of a dialog box.
Inside immunitydebugger, using the “Search for all Intermodular calls” functionality the calls
to API are enumerated. By setting a breakpoint on the GetDlgItemTextA the
textbox, we land in the check routine.
The routine
applies the following operation to the text entered: (x[i]+i) ^ “Hackplanet\x00”.
Then it compares the result with each character of the following string "\x27\x0f\x0b\x01\x3c\x0a\x08\x1c\x08\x19\x0a".
On successful comparison it displays the “good boy message”.
The algorithm
can be easily reversed using the following python code, which leads to the
expected text.
The flag for this is : omfgHacked
Posts
0 comments:
Post a Comment