API tools faq
paste
Advertisement
Guest User

tutorial 10 full solution

a guest
Jun 2nd, 2013
585
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.04 KB | None | 0 0
raw download clone embed print report
  1. The first 8 bytes after XORing etc. are given directly by the exe (little endian): 7a81b008 388dbf02
  2. The final 2 bytes are also specified (but ignore them for now): 42 de
  3.  
  4. Goal: Reverse the process as well as possible, i.e. reverse the AND operation, then reverse the XOR operation, then another AND and another XOR.
  5. Note that the exe does XOR and AND together for each block whereas here it's done one after another, but applying to both blocks at once (it makes no difference).
  6.  
  7. Second AND (i.e. the second AND as performed by the exe):
  8. Current bytes: 7a81b0 08 388dbf 02
  9.  
  10. I've separated 08 and 02 because these are the only two bytes that were affected by AND. The other bytes remain the same.
  11.  
  12. 08 is the result of unknown byte yy AND 0e:
  13. 08 00001000
  14. 0e 00001110
  15. yy xxxx100x
  16. So every x can independently be 0 or 1 and the result of yy AND 0e is still 08.
  17.  
  18. 02 is the result of unknown byte zz AND 0e:
  19. 02 00000010
  20. 0e 00001110
  21. zz xxxx001x
  22. So every x can independently be 0 or 1 and the result of zz AND 0e is still 02.
  23.  
  24.  
  25. Second XOR:
  26. Current bytes: 7a81b0yy 388dbfzz
  27.  
  28. The XOR operator is its own inverse (XOR^2 = 1).
  29. So when I have c = a XOR b, I can get "a" from the equation by applying XOR b from the right: c XOR b = a (XOR b)^2 = a
  30. Anyway, the important part is that to undo the XOR, just XOR it once more. This is similar to ROT13.
  31.  
  32.  
  33. XOR each part with 089abcde
  34.  
  35. => 721B0Cqq 301703rr (with qq and rr being the XORed yy and zz)
  36.  
  37. A closer look at what happens to yy and zz when XORing with de:
  38. yy xxxx100x
  39. de 11011110
  40. qq xxxx011x
  41.  
  42. zz xxxx001x
  43. de 11011110
  44. rr xxxx110x
  45.  
  46. These are different x too of course, but it makes no difference because they still can independently be 0 or 1 just like before.
  47.  
  48.  
  49. First AND:
  50. Current bytes: 721B0Cqq 301703rr
  51.  
  52. Byte ss is the result of byte qq AND 0e:
  53. qq xxxx011x
  54. 0e 00001110
  55. ss xxxx011x (it's the same as before)
  56.  
  57. Byte tt is the result of byte rr AND 0e:
  58. rr xxxx110x
  59. 0e 00001110
  60. tt xxxx110x (same here too)
  61.  
  62. Nothing has changed but that only makes sense. The AND with 0e filters out 4 bits on the left and one on the right.
  63. For the ones in the middle it just gives back the original bits.
  64.  
  65. First XOR:
  66. Current bytes: 721B0Css 301703tt
  67.  
  68. XOR each part with 01234567
  69.  
  70. => 733849uu 313446vv (with uu and vv being the XORed ss and tt)
  71.  
  72. A closer look at what happens to ss and tt when XORing with 67:
  73. ss xxxx011x
  74. 67 01100111
  75. uu xxxx000x
  76.  
  77. tt xxxx110x
  78. 67 01100111
  79. vv xxxx101x
  80.  
  81. That's it, the x here are in fact bits that the user is free to choose (unless the final two bytes complain, but they won't).
  82.  
  83.  
  84.  
  85. Consider the two final bytes now:
  86. byte8: 42
  87. byte9: de
  88.  
  89. These bytes are created by going through each byte of the string and adding it to the checksum.
  90.  
  91. There are two states for byte8 and byte9. Before modification (i.e. as entered by the user; null if the user has given a shorter key) and after modification.
  92. I.e. each byte is modified by taking the value before modification, then going through all bytes and adding them.
  93. As a result the byte is added to itself at one point (i.e. the value multiplied by 2) unless the user has entered a short key (but there is no valid short key, see below).
  94.  
  95.  
  96. Consider the de byte first (byte9):
  97. The advantage with this byte is that all XORing and ANDing has been done already.
  98. Therefore the first 8 bytes are those given by the exe: 7a81b008 388dbf02
  99.  
  100. Use:
  101. sum (of 7a 81 b0 08 38 8d bf 02) = 39 (the sum of the first 8 bytes, I'll just call it "sum" from now on)
  102. byte8'=42 (byte8 after modification; at this point byte8 only exists in modified form)
  103. byte9'=de (byte9 after modification)
  104.  
  105. If there is no byte8 (i.e. the user has entered 8 characters or less):
  106. The loop breaks out before byte9 so there is no multiplication by 2; it even breaks out before byte8 so the value there is ignored too.
  107.  
  108. The final value of byte9 is simply the sum of the first 8 bytes:
  109. byte9' = sum
  110. <=> de = 39
  111. FALSE, so entering 8 characters or less will never work.
  112.  
  113. If there is a byte8 but no byte9 (i.e. the user has entered exactly 9 characters):
  114. The loop breaks out before byte9 so there is no multiplication by 2.
  115.  
  116. The final value of byte9 is the sum of the first 8 bytes + the value of byte8 after modification:
  117. byte9' = sum + byte8'
  118. <=> de = 39 + 42
  119. FALSE, so only keys with 10 characters can be valid.
  120.  
  121. So without even looking at byte8 directly it is already established that the key must have 10 characters.
  122.  
  123.  
  124. If user has entered 10 chars:
  125. Start with the (unknown) original value of byte9, then add sum, then add byte8', then add the current value of byte9 to itself (i.e. multiply by 2):
  126. (byte9 + sum + byte8')*2 = byte9'
  127. (byte9 + 7b)*2 = de
  128.  
  129. There are two solutions:
  130. (7b + 74)*2 = 1de
  131. (7b + f4)*2 = 2de
  132.  
  133. Or written in an alternative way:
  134. (byte9 + 7b) = de/2 + n * 80
  135.  
  136. with an arbitary integer n.
  137.  
  138. Move the 7b to the other side and set n to one so the number doesn't turn negative:
  139. byte9 = de/2 - 7b + n * 80
  140. byte9 = 74 + n * 80
  141.  
  142. Choosing between the two solutions 74 and f4 is simple, f4 is not ascii, therefore byte9 = 74 = t.
  143.  
  144. However (I've noticed that later), the other solution does indeed work too, i.e. byte9 = f4 = ô.
  145.  
  146.  
  147. Consider the 42 byte now (byte8):
  148. In this case only one XOR/AND cycle was done. Therefore things are a bit more complicated as the exe doesn't tell everything instantly.
  149. The first 8 bytes at this point: 721B0C QQ 301703 RR (not qq and rr, see below)
  150.  
  151. We are here right after the AND with 0e operation, therefore it's not qq and rr (which would contain unknown bytes), but the result of the AND:
  152. qq xxxx011x
  153. 0e 00001110
  154. QQ 00000110 (6 in hex)
  155.  
  156. rr xxxx110x
  157. 0e 00001110
  158. RR 00001100 (c in hex)
  159.  
  160. Use:
  161. sum (of 72 1B 0C 06 30 17 03 0c) = f5
  162. byte8'=42
  163. byte9 =74 or f4 (as just calculated above! Without this value the following calculations would not give such nice solutions)
  164.  
  165. Start with the original value of byte8, then add sum, then add the value to itself (i.e. multiply by 2), then finally add the value of byte9:
  166. (byte8 + sum)*2 + byte9 = byte8'
  167.  
  168. (byte8 + f5)*2 + 74|f4 = 42 (separate the two cases 74 and f4 via | and note that left side is always case 74 and right side is always case f4)
  169. (byte8 + f5)*2 = ce|4e
  170.  
  171. byte8 + f5 = 67|27 + n * 80 (same method as before)
  172.  
  173. byte8 = 72|32 + n*80
  174.  
  175. Solutions for byte9==74 are 72 and f2:
  176. byte8 = 72 = r (in ascii range)
  177. byte8 = f2 = ò
  178. So the final two bytes are rt or òt in this case.
  179.  
  180. Solutions for byte9==f4 are 32 and b2:
  181. byte8 = 32 = 2 (in ascii range)
  182. byte8 = b2 = ²
  183. So the final two bytes are 2ô or ²ô in this case.
  184.  
  185.  
  186. Combine the findings:
  187. First 8 bytes: 733849uu 313446vv = s8I uu 14F vv
  188. I'll use "rt" for the final two letters here, but the possible combinations are "rt", "òt", "2ô", "²ô"
  189. Swap endians: uu I8s vv F41rt
  190.  
  191. So only uu and vv need more consideration.
  192.  
  193. As defined before:
  194. uu: xxxx000x
  195. vv: xxxx101x
  196.  
  197. Pick some values for uu and vv:
  198. E.g. stay within ascii (first bit 0), but use 1 everywhere else (too small numbers are not real letters, so better be safe):
  199. uu = 01110001 = 71 = q
  200. vv = 01111011 = 7b = {
  201.  
  202. Final key: qI8s{F41rt
  203.  
  204. Calculate the number of possible keys:
  205. Letters only start at 20 = 00100000 and can go till ff.
  206. Look at the two bytes in question (make a split):
  207. uu xxx x000x
  208. vv xxx x101x
  209.  
  210. On the left side, every combination is allowed except all three x = 0 (because then it wouldn't be a letter anymore):
  211. 2^3 options, minus 1, so there are 7 options.
  212. On the right side, there is no restriction at all:
  213. 2^2=4 options.
  214. So there would be 28 possibilities for each byte.
  215. However for uu, 10000001 and 10010000 do not exist. => 26
  216. => 26*28 = 728
  217.  
  218. There are also 4 different combinations for the final letters => 728*4 = 2912
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!