Skip to content

Commit 1c62437

Browse files
committedOct 14, 2023
Fix crackme
1 parent 25676bb commit 1c62437

File tree

3 files changed

+42
-47
lines changed

3 files changed

+42
-47
lines changed
 

‎crackme.c

+32-16
Original file line numberDiff line numberDiff line change
@@ -201,9 +201,34 @@ static inline void int3() {
201201
__asm__ __volatile__ ("int3");
202202
}
203203

204+
typedef struct {
205+
int offset;
206+
uint16_t key;
207+
} pass_info_t;
208+
209+
static bool check_password(pass_info_t *pass_info, size_t count) {
210+
uint16_t password[8] = {42824,42175,27030,55028,31997,4578,9264};
211+
212+
if(pass_info->offset == 7) {
213+
struct timespec tv;
214+
nano_clock_gettime(CLOCK_REALTIME, &tv);
215+
password[7] = (tv.tv_sec / (24 * 3600) % 229) ^ 40704;
216+
}
217+
218+
if(pass_info->offset < 8) {
219+
if((password[pass_info->offset] ^ pass_info->key) == count) {
220+
pass_info->key *= (pass_info->offset + 10) * 5;
221+
pass_info->offset++;
222+
return true;
223+
}
224+
} else {
225+
return true;
226+
}
227+
return false;
228+
}
229+
204230
int main(int argc, char **argv) {
205231
// killer256
206-
uint16_t password[8] = {42824,42175,27030,55028,31997,4578,9264};
207232
char greetings[] = "Crackme v0.1.666 by cyberfined\nReading from stdin\n";
208233
char success_msg[] = "Congratulations, dear hacker!\n";
209234
char fail_msg[] = "Password is wrong!\n";
@@ -256,12 +281,11 @@ int main(int argc, char **argv) {
256281
}
257282
}
258283

259-
struct timespec tv;
260-
nano_clock_gettime(CLOCK_REALTIME, &tv);
261-
password[7] = (tv.tv_sec / (24 * 3600) % 229) ^ 40704;
284+
pass_info_t pass_info = {
285+
.key = 42787,
286+
.offset = 0,
287+
};
262288

263-
uint16_t key = 42787;
264-
int pass_offset = 0;
265289
bool is_auth = true;
266290
size_t count = 0;
267291
for(;;) {
@@ -275,15 +299,7 @@ int main(int argc, char **argv) {
275299
}
276300

277301
write_all(1, prev_line, strlen(prev_line));
278-
279-
if(pass_offset < sizeof(password) / sizeof(*password)) {
280-
if(is_auth && (password[pass_offset] ^ key) == count) {
281-
key *= (pass_offset + 10) * 5;
282-
pass_offset++;
283-
} else {
284-
is_auth = false;
285-
}
286-
}
302+
is_auth = is_auth && check_password(&pass_info, count);
287303
}
288304

289305
if(!is_eof)
@@ -296,7 +312,7 @@ int main(int argc, char **argv) {
296312
count++;
297313
}
298314

299-
if(is_auth && pass_offset == sizeof(password) / sizeof(*password)) {
315+
if(is_auth && pass_info.offset == 8) {
300316
nano_write(1, success_msg, sizeof(success_msg) - 1);
301317
} else {
302318
nano_write(1, fail_msg, sizeof(fail_msg) - 1);

‎utils/gen-add-round-key/src/Generator.hs

+7-14
Original file line numberDiff line numberDiff line change
@@ -298,20 +298,13 @@ randomExprForXor rnd withRound destWord = do
298298
numOps <- randomR (2, 5)
299299
ops <- replicateM (numOps - 1) (randomChoice [Add, Mul, Rotl, Rotr, Xor])
300300
partialExpr <- randomPartialExpr ops
301-
partialResult <- runExpr32 Nothing Nothing (Just rnd) partialExpr
301+
partialResult <- runExpr32 rnd partialExpr
302302
(lastOp, lastOperand) <- randomLastOperand partialResult [Add, Mul, Xor]
303303
pure (Binop lastOp partialExpr lastOperand)
304304
where randomPartialExpr :: [Binop] -> GenM Expr
305-
randomPartialExpr (op : ops@(_:_)) = do
305+
randomPartialExpr ops@(op : _) = do
306306
(lOperand, isRoundUsed) <- randomOperand op (not withRound)
307-
(rOperand, isRoundUsed') <- randomOperand op isRoundUsed
308-
randomPartialExpr' ops isRoundUsed' (Binop op lOperand rOperand)
309-
randomPartialExpr [op] = do
310-
(fstOperand, isRoundUsed) <- randomOperand op (not withRound)
311-
sndOperand <- if isRoundUsed
312-
then fst <$> randomOperand op True
313-
else pure (Var VarRound)
314-
pure (Binop op fstOperand sndOperand)
307+
randomPartialExpr' ops isRoundUsed lOperand
315308
randomPartialExpr _ = error "Never executed"
316309

317310
randomPartialExpr' :: [Binop] -> Bool -> Expr -> GenM Expr
@@ -385,12 +378,12 @@ lookupVariable var state = case Interpreter.lookupVariable var state of
385378
Left err -> lift $ throwE err
386379
Right val -> pure val
387380

388-
runExpr32 :: Maybe AesState -> Maybe Address -> Maybe Round -> Expr -> GenM Word32
389-
runExpr32 aesState addr rnd expr = runExpr aesState addr rnd expr >>= \case
381+
runExpr32 :: Round -> Expr -> GenM Word32
382+
runExpr32 rnd expr = runExpr rnd expr >>= \case
390383
Val32 w32 -> pure w32
391384
Val64 w64 -> pure (fromIntegral w64)
392385

393-
runExpr :: Maybe AesState -> Maybe Address -> Maybe Round -> Expr -> GenM Value
394-
runExpr aesState addr rnd expr = case runInterpreterExpr aesState addr rnd expr of
386+
runExpr :: Round -> Expr -> GenM Value
387+
runExpr rnd expr = case runInterpreterExpr rnd expr of
395388
Left err -> lift $ throwE err
396389
Right res -> pure res

‎utils/gen-add-round-key/src/Interpreter.hs

+3-17
Original file line numberDiff line numberDiff line change
@@ -62,24 +62,10 @@ runInterpreter (AesState w1 w2 w3 w4) (Address addr) (Round rnd) stmts = result
6262
runInterpreterM :: Traversable t => t Stmt -> InterpretM ()
6363
runInterpreterM = mapM_ runStmt
6464

65-
runInterpreterExpr :: Maybe AesState
66-
-> Maybe Address
67-
-> Maybe Round
68-
-> Expr
69-
-> Either InterpretError Value
70-
runInterpreterExpr mAesState mAddr mRnd expr =
71-
runExcept (evalStateT (runExpr expr) initState)
65+
runInterpreterExpr :: Round -> Expr -> Either InterpretError Value
66+
runInterpreterExpr (Round rnd) expr = runExcept (evalStateT (runExpr expr) initState)
7267
where initState = State initVariables
73-
initVariables = HashMap.fromList $ aesStateVariables
74-
++ addrVariable
75-
++ roundVariable
76-
aesStateVariables = case mAesState of
77-
Nothing -> []
78-
Just (AesState w1 w2 w3 w4) ->
79-
let f idx w = (VarState idx, Val32 w)
80-
in zipWith f [0..] [w1, w2, w3, w4]
81-
addrVariable = maybe [] (\(Address addr) -> [(VarAddress, Val64 addr)]) mAddr
82-
roundVariable = maybe [] (\(Round rnd) -> [(VarRound, Val32 rnd)]) mRnd
68+
initVariables = HashMap.fromList [(VarRound, Val32 rnd)]
8369

8470
runStmt :: Stmt -> InterpretM ()
8571
runStmt = \case

0 commit comments

Comments
 (0)
Please sign in to comment.