Rule: Find the Name when the Serial is 5B134977135E7D13
With the above Serial, we can guess the Name will have 8 characters. Combine analysis target by both IDA and OllyDBG, we have the pseudo code is:
int __cdecl main(int argc, const char **argv, const char **envp)
{
signed int j; // ebp@1
signed int i; // esi@1
int result; // eax@6
int v6; // [sp+0h] [bp-13Ch]@0
int v7; // [sp+0h] [bp-13Ch]@1
char defVal[3]; // [sp+Ch] [bp-130h]@1
char szBuff; // [sp+10h] [bp-12Ch]@1
char v10; // [sp+11h] [bp-12Bh]@1
__int16 v11; // [sp+71h] [bp-CBh]@1
char v12; // [sp+73h] [bp-C9h]@1
char szCalSerial; // [sp+74h] [bp-C8h]@1
char v14; // [sp+75h] [bp-C7h]@1
__int16 v15; // [sp+139h] [bp-3h]@1
char v16; // [sp+13Bh] [bp-1h]@1
szBuff = 0;
szCalSerial = 0;
memset(&v10, 0, 0x60u);
v11 = 0;
v12 = 0;
memset(&v14, 0, 0xC4u);
v15 = 0;
v16 = 0;
defVal[0] = 0x10;
defVal[1] = 0x20;
defVal[2] = 0x30;
sub_4011B9((int)"Input Name: ", v6);
scanf("%s", &szBuff);
j = 0;
for ( i = 0; j < (signed int)strlen(&szBuff); ++i ) { if ( i >= 3 )
i = 0;
sprintf(&szCalSerial, "%s%02X", &szCalSerial, *(&szBuff + j++) ^ defVal[i]);
}
memset(&szBuff, 0, 0x64u);
sub_4011B9((int)"Input Serial: ", v7);
scanf("%s", &szBuff);
if ( !strcmp(&szBuff, &szCalSerial) )
{
sub_4011B9((int)"Correct!\n", *(int *)defVal);
result = 0;
}
else
{
sub_4011B9((int)"Wrong\n", *(int *)defVal);
result = 0;
}
return result;
}
Very clearly, this code gets the Input Name to szBuff. Through the loop to convert the Input Name by using XOR operator with defVal array and finally store value at szCalSerial. After that it compares Input Serial with szCalSerial, so szCalSerial must equal “5B134977135E7D13”. Perform reverse the XOR calculations we’ll have the correct Input Name:
Input_Name[0] ^ 0x10 = 5B -> 4B K Input_Name[1] ^ 0x20 = 13 -> 33 3 Input_Name[2] ^ 0x30 = 49 -> 79 y Input_Name[3] ^ 0x10 = 77 -> 67 g Input_Name[4] ^ 0x20 = 13 -> 33 3 Input_Name[5] ^ 0x30 = 5E -> 6E n Input_Name[6] ^ 0x10 = 7D -> 6D m Input_Name[7] ^ 0x20 = 13 -> 33 3
- Right Input Name : K3yg3nm3
End.
0day in {REA_TEAM} 