The MBA is over and I’m enjoying my vacations to clear stuff from the Todo list, to read books, to play some games and to do other stuff. Today the MacSerialJunkies contest started and I decided to give it a go. It’s a very simple crackme with a small twist where you have to bruteforce a MD5 string. I had reversed the serial routine and was starting the bruteforce without thinking much about it (first attempts were by searching online MD5 hashes databases for the correspondent plaintext but no such luck). It was taking too much time and so it was a moment to start using the brain and less bruteforce (which is always the first thing we should do when dealing with bruteforces, although the maximum length of 6 digits instantaneously made me lazy on this). Paying attention to the serial routine, I noticed that everything was uppercase so this was a real hint to reduce the character set. With this “new” information I reloaded the bruteforcer, set it to A-Z and 0-9 plus – and 4 minutes after there was the magic string “KRACK-”.
The algorithm is like this:
- First six digits equal to KRACK-
- Compute the MD5 hash for the Name and use the first 7 digits for the serial number
- 14th character always equals to F
- 15th and 16th chars always equal to B and C
- Good serial length equal to 16 chars.
My test name was “fG” and test serial “654321abcdef”, and the correspondent valid serial number is KRACK-1D2BFC1FBC. A briefly commented analysis of just the algorithm is here: MSJ10-Challenge1-SerialAlgo.txt (the rest doesn’t matter, pretty normal stuff). Now you can have fun doing a small keygen for this since it should be pretty simple – just use Openssl libraries. For the bruteforce, just use one of the available alternatives for Unix or Windows.
This post is dedicated to The One Byte Fag (er… Wonder) from MSJ, the dude who thinks information should be spread as much as possible. So, free and spread it is!
Have fun,
fG!
Update:
Local copy of this crackme: Pie.zip
(SHA1(Pie.zip)= 50930794ef1fbd8fe72dfbb1fa5aba50b799d460)
Update 2:
I was just bored into the night and decided to take the dust off XCode and my lazy C skills and create the keygen (pretty simple 5 mins dirty code). Maybe it’s time to start coding in Objective-C and code nice GUI keygens 
Here it is:
msj10-challenge1-keygen.c
SHA1(msj10-challenge1-keygen.c)= 266d8184b82803ef4d6cac79375880ba637a3a89
Update 3:
Yes, I released the solution before the deadline as a small “revenge” against that one idiot at Macserialjunkies, who is even unable to keygen such a simple crackme. I will not release the other solutions since as I said before, I’m not interested anymore in teaching people how to crack. You can continue the contest without any further spoilers
-
Thanks for the information.
It’s always nice to see a new blog-entry here – you learn something every time. -
I followed the same technique. Only difference was that I wrote my own multi-threaded objective-c brute forcer. Mine took a little over an hour to crack the hash though… yours was quite a bit faster
-
How about releasing the code? And maybe adapting it to use OpenCL? That could be a nice tool/project
-
-
Duh! Should have posted that AFTER the first challenge.
Used this via VMware Fusion: http://www.timwarriner.com/software/md5brute.html
-
It was published before on purpose
-
Didn’t work out well, though. I guess “that one idiot” gives a shit. You didn’t hurt him but everyone who has participated in this challenge and – this is bugging me even more – everyone who wanted to.
-
You are right and wrong. Right that it could not work “well” and I didn’t expect it to have a big impact. It was only a demonstration of how annoying it can be to not respect others work.
Wrong in the way that everyone has a chance to not look at the solution and try it by theirselves. That’s the concept of choice. You don’t need to look at my solution. Yes, I’m pretty aware that the human brain is somewhat lazy and it doesn’t fully work when it knows there’s an easy way – a solution is available. Usually that’s the feeling you experience when you study mathematics with solutions available – you feel the effort is much smaller and you haven’t learn as much as you should.
Anyway, publishing tutorials suffers from the same problem since it takes the challenge out of the equation Yes, I like very much to discuss and yes I’m fully aware of my actions. But never forget we are all dealing in a grey area so the morality and ethics are very complicated here.
-
-
-
-
Meh, agree with hawke – you should have posted that AFTER the first challenge ending on 9th Aug.
This is not a challenge anymore and not funny!!! -
I think you are being childish my friend. If you have personal issues with someone I think you should talk it over and not ruin thousands of people’s chance to learn on the msj challenge. At least that’s how adults deal with it. Posting this solution in public is not making you look better in any way.
I had great respect for you long ago … but you are having serious attitude problems lately.
Let me give you a piece of advice: Keep on doing what you are good at but without bothering hundreds of other mac users like us.Have a nice day.
-
You can always learn since it’s your choice to read or not the solution. I’m sorry but don’t turn your personal choice problems over me
I love how people like to cheat and then blame others. You can always stop visiting or unsubscribe the rss feed if I’m bothering you and thousands of others or I show no respect. Once again it’s a matter of choice.-
You are correct. No one was forced to read this entry, the title was very clear as to the content of the article.
People who cheat are only cheating them selves. Its their choice, perhaps others learn better this way, or like my self, are more interested in reading about it then taking part.
More information on the subject on the internet, the better.
-
Indeed no one was forced into reading this blog, but just to highlight the author’s reason for posting this again:
“Yes, I released the solution before the deadline as a small “revenge” against that one idiot at Macserialjunkies, who is even unable to keygen such a simple crackme.”This is an interesting statement. Never mind the elitist, egotistical drivel contained in that statement, but instead focus on the content: Who indeed cares who can or cannot keygen a crackme? Yeah, here the author might say something like “if you don’t like it, don’t read my blog”, or “stop complaining about your personal choice to read my blog”. But here’s a little truth, I don’t care about the blog or who this post disrupted. I really don’t. I am just commenting on the statement and the facts between the lines here, as someone professionally qualified in the area of social interaction. It’s quite clear that while you may have somewhat of an online identity (rapidly deteriorating, I might add), you are most likely lacking in personal identity, and are indeed acting out much like a child.
Sure, here is where you might say “you don’t know anything about me” or “i don’t really care what people think”, but both of those would be untrue. Your reasoning behind this recent post and your statements on the subject say quite a lot about you. And I don’t believe for a second that you would have made this post if you didn’t care. Your actions remind me much of a child acting out. There are a few recent blog posts I’ve just glanced at that seem to portray a sulky, scorned attitude. Perhaps because you were banned from MSJ?
Well, here is where it’s easy for you to say “you don’t know what you’re talking about” or just simply call me names or some other drivel. This is something I expect. I don’t expect you to agree with me, in fact, it would be shocking if you did. People as entrenched in their ego as you are tend to not to see much beyond themselves, and tend to think that nobody else knows what they are talking about if it’s in direct opposition to their views. It’s quite a common personality, I’m afraid, and I’m familiar with all the tactics that these personalities employ to belittle and throw off others who are debating with them.
Anyhow, perhaps one day you will mature beyond this type of interaction. Indeed, you will find yourself happier because of it.
-
Uau now this is an interesting analysis, especially when you don’t know half of the facts or what is behind. I especially like the attack between the lines, based on “professional” profiling.
Ah and I’m skilled enough to see different positions, that’s one of the reasons why I’m so good at what I do. I’m not “professionally qualified” in social interaction but I do know a couple of things
We could keep continuing discussing this but there’s not really much to do. I really like the assimetric analysis of the situation. One side can release and spread information even after it was asked not to do it, while the same side is the victim when the position is inverted. Now that’s funny shit… You are missing one piece of the puzzle here… That the “supporters” of that MSJ idiot have an incentive to support him, since he supports the release of pirated software. In the end that’s what most of MSJ users care about, free stuff. You just need to observe the reaction to the release of software that was protected with Pace. 99% doesn’t give a flying fuck about how it was acomplished.
Your skilled analysis is pretty interesting, only problem is that it is biased to the side you are interested in. Nice attempt
Btw I was never banned from MSJ and I’m still there
-
Well now, that is an intellectual argument, and something I can respond to! My previous post was an analysis of your statements, particularly your boastful insults and their egocentric nature. I did not take a stance on the content of your MSJ Cracking Challenge blog post nor the point you were trying to make behind it, because what I found more interesting to analyze was the way that you chose to lash out about it. If we drill down on that to the exclusion of whatever point you were trying to make, I think you will be forced to admit that it is indeed immature, especially your attack on someone else’s skills in reversing (or lack thereof, if that’s the case).
I am not on a “side”, so my opinion is not biased towards one or the other. I will be truthful and tell you that if I saw an unprovoked slander against you or any other, by a member of MSJ or another board, I would also give the same opinion you see here. It matters not “sides”, but as an intellectual there is a much better way than slander and insults to make your point.
I am also good at what I do, and people think in predictable patterns. There is no new personality today than there was a thousand years ago, and those patterns can be identified and defined if you know what you’re looking for. Much like reversing an application, you can reverse someone’s thought processes from the most insignificant of statements and put together an accurate analysis
I can relate to your point of view on software piracy because I share many of the same opinions. However, those that share pirated software thrive on the drama that comes from flame wars and insults batted back and forth. However, since this seems to be a one-sided war with you as the aggressor, perhaps it’s time to step back and reconsider your tactics? It’s highly doubtful that the people you intended this for actually see your point… And in reflection, I don’t think the “do to others what they do to people so they know how it feels” tactic ever really works
fG!, once upon a time, you had some insightful posts here. Up until the whole PACE fiasco and the resulting blog post you made on that subject, I don’t think you ever had one bad word to say against anyone, at least not publicly on your blog. You carried yourself like a professional, and it’s a little sad to see you slipping.
-
Your analysis continues to be based on incomplete information. You can try to predict whatever pattern you want that you will stay wrong.
The whole argument you are trying to lay down is based on what you think about my objective was while in reality you don’t know what it really was.
I don’t give a flying fuck about MSJ and The One Byte Fag and all other losers that lay there, except the ones that are really interested in learning and advancing OS X reversing knowledge. TOBW behaves in the forum like he’s the loser’s god, while he’s a moron who only does shitty cracks on simple protections and boasts his shit. In reality I don’t give a shit about it, but hey it’s MY blog so I write about whatever I want and about who I want. And you and everyone else has the choice to read it or not, and you even have the choice to comment on it, since there’s no censorship. Else I could simply delete your comments and keep on with my super ego. The blog was reopened as an incentive to myself to keep working on stuff and release it. The problem is that everything is the same and very few people contribute (unless they are doing in some place I don’t know).There’s no flame war whatsoever because I really don’t care. Else I could continue to release solutions and that’s it. If I wanted a war I could even do much more nastier things to MSJ board. Do I really care? No…
I’m working on pretty interesting stuff but nobody else is contributing, at least publicly. This blog was created because there was so few knowledge about OS X reversing. I made a mistake by publishing information about Pace because it was a challenge and because I thought people would know how to handle the information. Greed dominates the world these days more than never.I really love people’s reaction to all of this. It really shows the interest off a few and why it’s worthless to publish public information. I’m not professionally qualified but I do love to study and experiment with social interaction.
About the real motive for releasing the solution and keygen: you as a professinally qualified should know Dan Ariely or his and others experiences on human behavior. There is a particular one that I tested with this post
-
I really-really-really…. like the way you talk and your point of view in your comments above.
The good thing is that the .nfo file does not have a “reply” section so you wont get a on-the-fly fuck if you mess things up by accident. People on public forums are not talking, they are more like ass-kissing and fucking all around for the god sake.
-
-
Well “john”, you should be shot. Just taken out back and shot. No self respecting, or well respected, “professionally qualified social interactionist” would dare to speak to the social nature of some one they have never met. Your information on “fG!” consists of this blog, and thats is. I am no expert, and do not claim to be. But I do know, from spending countless years interacting with people on the internet, people come across much differently on the internet then in real life. For many reasons, the least of them the complete lack of tone of voice and body language. For you to claim some sort of understanding based on the limited writings available here is just naive and you know it.
-
-
-
-
-
-
-
Have you solved the second challenge as well?
-
No, I haven’t tried since I was asked to not release the solutions.
-
Hello!
You are very welcome to post any solutions you might have after the one week time frame. Oh, and as the author of the challenges I was of course sad to see the solution posted here before the one week time frame was over, especially since it appeared to be due to some silly and childish personal vendetta fG! seems to have against a user at MSJ.
But on the other hand he (and others who have mentioned it too) are of course right when they say that no one is forced to read the blog.So could we now please as a community move on and explore new things together? (I am very much interested in any development of new, muti-core optimized and using fancy OpenCL tricks md5(and other hashes) bruteforcers..keep us posted on this!)
Peace..
or to quote a friend: “Less chat. Moar crax”.
-
-
Now that’s an excellent comment and great tool
Testing !!! -
Wow that’s impressive. Mine was fairly simple and just used NSInvocationOperations for the threading. Anyone with a good knowledge of obj-c could have come up with it in a few hours. Moreover the md5 hash, expected length, and expected character set from the challenge were hard-coded into it so it’s not exactly universally useful. I do wish I was better able to wrap my head around languages like OpenCL and rewrite the app using it, but I’ve looked into it and OpenGL/OpenCL are far too different from objective-c for me to pickup quickly. That bruteforcer above looks great though and I’m definitely going to take a look at it.
-
Wanna share your code? It’s always good to have source code for tools
-
I’ll have a look and see if I’ve still got it. I just wrote it for the challenge and did the bruteforcing with NSLog() in the debug window so I very well might have trashed the code when I was done with it.
-
-
-
-
-
-
-
I’d love it if you did a post on reversing some kind of realbasic app and tracing though explaining some of the assembly. The second challenge is realbasic and although I got it cracked with one nop it would be a stretch to say I really understand whats going on in a lot of the code. Realbasic otx dumps always turn into a big mess with code that’s much more annoying to follow than objective c dumps so I know I’d appreciate a post or tutorial about it
-
LMAO @ “The One Byte Fag”
27 comments
Comments feed for this article
Trackback link: http://reverse.put.as/2010/08/02/how-to-keygen-msj-kracking-challenge-10-challenge-1/trackback/