The MBA is over and I’m enjoying my vacations to clear stuff from the Todo list, to read books, to play some games and to do other stuff.
Today the MacSerialJunkies contest started and I decided to give it a go. It’s a very simple crackme with a small twist where you have to bruteforce a MD5 string. I had reversed the serial routine and was starting the bruteforce without thinking much about it (first attempts were by searching online MD5 hashes databases for the correspondent plaintext but no such luck). It was taking too much time and so it was a moment to start using the brain and less bruteforce (which is always the first thing we should do when dealing with bruteforces, although the maximum length of 6 digits instantaneously made me lazy on this). Paying attention to the serial routine, I noticed that everything was uppercase so this was a real hint to reduce the character set. With this new information I reloaded the bruteforcer, set it to A-Z and 0-9 plus – and 4 minutes after there was the magic string KRACK-.

The algorithm is like this:

  1. First six digits equal to KRACK-
  2. Compute the MD5 hash for the Name and use the first 7 digits for the serial number
  3. 14th character always equals to F
  4. 15th and 16th chars always equal to B and C
  5. Good serial length equal to 16 chars.

My test name was fG and test serial 654321abcdef, and the correspondent valid serial number is KRACK-1D2BFC1FBC. A briefly commented analysis of just the algorithm is here: MSJ10-Challenge1-SerialAlgo.txt (the rest doesn’t matter, pretty normal stuff). Now you can have fun doing a small keygen for this since it should be pretty simple – just use OpenSSL libraries. For the bruteforce, just use one of the available utilities for Unix or Windows.

Have fun,

Local copy of this crackme:
(SHA1( 50930794ef1fbd8fe72dfbb1fa5aba50b799d460)

Update 2:
I was just bored into the night and decided to take the dust off XCode and my lazy C skills and create the keygen (pretty simple 5 mins dirty code). Maybe it’s time to start coding in Objective-C and code nice GUI keygens.
SHA1(msj10-challenge1-keygen.c)= 266d8184b82803ef4d6cac79375880ba637a3a89