Fix crackme

Author: cyberfined

crackme.c

@@ -201,9 +201,34 @@ static inline void int3() {
     __asm__ __volatile__ ("int3");
 }
 
+typedef struct {
+    int      offset;
+    uint16_t key;
+} pass_info_t;
+
+static bool check_password(pass_info_t *pass_info, size_t count) {
+    uint16_t password[8] = {42824,42175,27030,55028,31997,4578,9264};
+
+    if(pass_info->offset == 7) {
+        struct timespec tv;
+        nano_clock_gettime(CLOCK_REALTIME, &tv);
+        password[7] = (tv.tv_sec / (24 * 3600) % 229) ^ 40704;
+    }
+
+    if(pass_info->offset < 8) {
+        if((password[pass_info->offset] ^ pass_info->key) == count) {
+            pass_info->key *= (pass_info->offset + 10) * 5;
+            pass_info->offset++;
+            return true;
+        }
+    } else {
+        return true;
+    }
+    return false;
+}
+
 int main(int argc, char **argv) {
     // killer256
-    uint16_t password[8] = {42824,42175,27030,55028,31997,4578,9264};
     char greetings[] = "Crackme v0.1.666 by cyberfined\nReading from stdin\n";
     char success_msg[] = "Congratulations, dear hacker!\n";
     char fail_msg[] = "Password is wrong!\n";
@@ -256,12 +281,11 @@ int main(int argc, char **argv) {
         }
     }
 
-    struct timespec tv;
-    nano_clock_gettime(CLOCK_REALTIME, &tv);
-    password[7] = (tv.tv_sec / (24 * 3600) % 229) ^ 40704;
+    pass_info_t pass_info = {
+        .key    = 42787,
+        .offset = 0,
+    };
 
-    uint16_t key = 42787;
-    int pass_offset = 0;
     bool is_auth = true;
     size_t count = 0;
     for(;;) {
@@ -275,15 +299,7 @@ int main(int argc, char **argv) {
                 }
 
                 write_all(1, prev_line, strlen(prev_line));
-
-                if(pass_offset < sizeof(password) / sizeof(*password)) {
-                    if(is_auth && (password[pass_offset] ^ key) == count) {
-                        key *= (pass_offset + 10) * 5;
-                        pass_offset++;
-                    } else {
-                        is_auth = false;
-                    }
-                }
+                is_auth = is_auth && check_password(&pass_info, count);
             }
 
             if(!is_eof)
@@ -296,7 +312,7 @@ int main(int argc, char **argv) {
         count++;
     }
 
-    if(is_auth && pass_offset == sizeof(password) / sizeof(*password)) {
+    if(is_auth && pass_info.offset == 8) {
         nano_write(1, success_msg, sizeof(success_msg) - 1);
     } else {
         nano_write(1, fail_msg, sizeof(fail_msg) - 1);

utils/gen-add-round-key/src/Generator.hs

@@ -298,20 +298,13 @@ randomExprForXor rnd withRound destWord = do
     numOps <- randomR (2, 5)
     ops <- replicateM (numOps - 1) (randomChoice [Add, Mul, Rotl, Rotr, Xor])
     partialExpr <- randomPartialExpr ops
-    partialResult <- runExpr32 Nothing Nothing (Just rnd) partialExpr
+    partialResult <- runExpr32 rnd partialExpr
     (lastOp, lastOperand) <- randomLastOperand partialResult [Add, Mul, Xor]
     pure (Binop lastOp partialExpr lastOperand)
   where randomPartialExpr :: [Binop] -> GenM Expr
-        randomPartialExpr (op : ops@(_:_)) = do
+        randomPartialExpr ops@(op : _) = do
             (lOperand, isRoundUsed) <- randomOperand op (not withRound)
-            (rOperand, isRoundUsed') <- randomOperand op isRoundUsed
-            randomPartialExpr' ops isRoundUsed' (Binop op lOperand rOperand)
-        randomPartialExpr [op] = do
-            (fstOperand, isRoundUsed) <- randomOperand op (not withRound)
-            sndOperand <- if isRoundUsed
-                             then fst <$> randomOperand op True
-                             else pure (Var VarRound)
-            pure (Binop op fstOperand sndOperand)
+            randomPartialExpr' ops isRoundUsed lOperand
         randomPartialExpr _ = error "Never executed"
 
         randomPartialExpr' :: [Binop] -> Bool -> Expr -> GenM Expr
@@ -385,12 +378,12 @@ lookupVariable var state = case Interpreter.lookupVariable var state of
     Left err  -> lift $ throwE err
     Right val -> pure val
 
-runExpr32 :: Maybe AesState -> Maybe Address -> Maybe Round -> Expr -> GenM Word32
-runExpr32 aesState addr rnd expr = runExpr aesState addr rnd expr >>= \case
+runExpr32 :: Round -> Expr -> GenM Word32
+runExpr32 rnd expr = runExpr rnd expr >>= \case
     Val32 w32 -> pure w32
     Val64 w64 -> pure (fromIntegral w64)
 
-runExpr :: Maybe AesState -> Maybe Address -> Maybe Round -> Expr -> GenM Value
-runExpr aesState addr rnd expr = case runInterpreterExpr aesState addr rnd expr of
+runExpr :: Round -> Expr -> GenM Value
+runExpr rnd expr = case runInterpreterExpr rnd expr of
     Left err  -> lift $ throwE err
     Right res -> pure res

utils/gen-add-round-key/src/Interpreter.hs

@@ -62,24 +62,10 @@ runInterpreter (AesState w1 w2 w3 w4) (Address addr) (Round rnd) stmts = result
 runInterpreterM :: Traversable t => t Stmt -> InterpretM ()
 runInterpreterM = mapM_ runStmt
 
-runInterpreterExpr :: Maybe AesState
-                   -> Maybe Address
-                   -> Maybe Round
-                   -> Expr
-                   -> Either InterpretError Value
-runInterpreterExpr mAesState mAddr mRnd expr =
-    runExcept (evalStateT (runExpr expr) initState)
+runInterpreterExpr :: Round -> Expr -> Either InterpretError Value
+runInterpreterExpr (Round rnd) expr = runExcept (evalStateT (runExpr expr) initState)
   where initState = State initVariables
-        initVariables = HashMap.fromList $  aesStateVariables
-                                         ++ addrVariable
-                                         ++ roundVariable
-        aesStateVariables = case mAesState of
-            Nothing -> []
-            Just (AesState w1 w2 w3 w4) ->
-                let f idx w = (VarState idx, Val32 w)
-                in zipWith f [0..] [w1, w2, w3, w4]
-        addrVariable = maybe [] (\(Address addr) -> [(VarAddress, Val64 addr)]) mAddr
-        roundVariable = maybe [] (\(Round rnd) -> [(VarRound, Val32 rnd)]) mRnd
+        initVariables = HashMap.fromList [(VarRound, Val32 rnd)]
 
 runStmt :: Stmt -> InterpretM ()
 runStmt = \case