NDH2k15 crackme prime writeup

Crackme prime[1] was a crackme challenge worth 150 pts. A binary is provided. Let start by looking at main @ 0x08048deb we see that it takes input which must be of length 0x1d and contains no ascii zero then it splits the input to 6 parts expecting something like 1111-2222-3333-4444-5555-6666. For all parts it does the following :

1: http://static.challs.nuitduhack.com/prime.tar.gz

so what we need to do to win this is for each part we need to get 1 from c1() function and at the end for parts (1+2+3+4+5) % 6 should also result in 1 from c1() function. The c1 function looks as follows.

what this function does is it uses AES with a specific key to decrypt an encrypted function at .data@0x0821a0c0 then it calls it with our part/input. The decrypted function looks something like this

at this point it's easy to build bruteforce/key generator. A very bad solution that works looks something like this

which will generate a lot of keys

and

submit key and get flag.

Proxied content from gemini://0x80.org/gemlog/2015-04-05-ndh2k15-crackme-prime-writeup.gmi.
Get a proper gemini browser and visit!

Gemini request details:

Original URL
gemini://0x80.org/gemlog/2015-04-05-ndh2k15-crackme-prime-writeup.gmi
Status code
20
Meta
text/gemini;lang=en-US