The MBA is over and I’m enjoying my vacations to clear stuff from the Todo list, to read books, to play some games and to do other stuff. Today the MacSerialJunkies contest started and I decided to give it a go. It’s a very simple crackme with a small twist where you have to bruteforce a MD5 string. I had reversed the serial routine and was starting the bruteforce without thinking much about it (first attempts were by searching online MD5 hashes databases for the correspondent plaintext but no such luck). It was taking too much time and so it was a moment to start using the brain and less bruteforce (which is always the first thing we should do when dealing with bruteforces, although the maximum length of 6 digits instantaneously made me lazy on this). Paying attention to the serial routine, I noticed that everything was uppercase so this was a real hint to reduce the character set. With this “new” information I reloaded the bruteforcer, set it to A-Z and 0-9 plus – and 4 minutes after there was the magic string “KRACK-“.
The algorithm is like this:
- First six digits equal to KRACK-
- Compute the MD5 hash for the Name and use the first 7 digits for the serial number
- 14th character always equals to F
- 15th and 16th chars always equal to B and C
- Good serial length equal to 16 chars.
My test name was “fG” and test serial “654321abcdef”, and the correspondent valid serial number is KRACK-1D2BFC1FBC. A briefly commented analysis of just the algorithm is here: MSJ10-Challenge1-SerialAlgo.txt (the rest doesn’t matter, pretty normal stuff). Now you can have fun doing a small keygen for this since it should be pretty simple – just use Openssl libraries. For the bruteforce, just use one of the available alternatives for Unix or Windows.
This post is dedicated to The One Byte Fag (er… Wonder) from MSJ, the dude who thinks information should be spread as much as possible. So, free and spread it is!
Local copy of this crackme: Pie.zip
I was just bored into the night and decided to take the dust off XCode and my lazy C skills and create the keygen (pretty simple 5 mins dirty code). Maybe it’s time to start coding in Objective-C and code nice GUI keygens 🙂
Here it is:
Yes, I released the solution before the deadline as a small “revenge” against that one idiot at Macserialjunkies, who is even unable to keygen such a simple crackme. I will not release the other solutions since as I said before, I’m not interested anymore in teaching people how to crack. You can continue the contest without any further spoilers 🙂