- Name - SRM
- Category - Reverse Engineering
- Points - 50
- Description - The flag is : The valid serial number
- Binary - Download here
Yep it's a Windows binary! It's not everyday we encounter a Windows binary in a CTF. Run it:
Looks like a keygen. Inputting garbage in both fields pops up the following message box:
In IDA we notice that the validation logic resides in the DialogFunc() function. The first check is done on the email address.
The functions accept any valid email address so test@test.com will do (for now ?). The error message now is different:
Next is the Serial Number validation. The code is quite simple:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | if ( strlen(v11) != 16 || v11[0] != 67 || v23 != 88 || v11[1] != 90 || v11[1] + v22 != 155 || v11[2] != 57 || v11[2] + v21 != 155 || v11[3] != 100 || v20 != 55 || v12 != 109 || v19 != 71 || v13 != 113 || v13 + v18 != 170 || v14 != 52 || v17 != 103 || v15 != 99 || v16 != 56 ){ sub_4030C7(&Text, 256, &v28);}else{ sub_4030C7(&Text, 256, &v25); sub_403121(&Text, 256, v11);} |
The serial number has to be 16 characters long (line 1). The checks are not sequential but they do follow a pattern: 1st, last, 2nd, 2nd to last, 3rd, 3rd to last, etc. At this point either go through it step by step or order the variables: v11[0], v11[1], v11[2], v11[3], v12, v13, .., v23. Converting from decimal to ASCII we get CZ9dmq4c8g9G7bAX. Input the email and serial number:
No comments:
Post a Comment