Here’s the image as text:
eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c 0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00 d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00 00 5c 58 3d 41 41 41 41 75 43 58 3d 42 42 42 42 75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89 d1 89 df 29 cf 31 c0 31 db 31 d2 fe c0 02 1c 06 8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6 8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89 d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41
What happens when you convert it to ascii decimal?
235 4 175 194 191 163 129 236 0 1 0 0 49 201 136 12 12 254 193 117 249 49 192 186 239 190 173 222 2 4 12 0 208 193 202 8 138 28 12 138 60 4 136 28 4 136 60 12 254 193 117 232 233 92 0 0 0 137 227 129 195 4 0 0 0 92 88 61 65 65 65 65 117 67 88 61 66 66 66 66 117 59 90 137 209 137 230 137 223 41 207 243 164 137 222 137 209 137 223 41 207 49 192 49 219 49 210 254 192 2 28 6 138 20 6 138 52 30 136 52 6 136 20 30 0 242 48 246 138 28 22 138 23 48 218 136 23 71 73 117 222 49 219 137 216 254 192 205 128 144 144 232 157 255 255 255 65 65 65 65
Update 2
The URL www.canyoucrackit.co.uk/soyoudidit.asp does something interesting. It’s being spread as the solution. Or it could be a honeytrap -- you know, if you’re paranoid.
decode it
solution
Stage 1 – Reverse engineering and decryption
Ok, so from the main page,write all the hexadecimal into a binary file. Like this:
Ok, so from the main page,write all the hexadecimal into a binary file. Like this:
/* http://www.canyoucrackit.co.uk decrypter (and encrypter) Reverse Engineered by Davee http://lolhax.org 02/12/2011 */ #include #include #include typedef uint32_t u32; typedef uint8_t u8; #define TABLE_SIZE (0x100) u8 g_ciphertext[] = { 0x91, 0xD8, 0xF1, 0x6D, 0x70, 0x20, 0x3A, 0xAB, 0x67, 0x9A, 0x0B, 0xC4, 0x91, 0xFB, 0xC7, 0x66, 0x0F, 0xFC, 0xCD, 0xCC, 0xB4, 0x02, 0xFA, 0xD7, 0x77, 0xB4, 0x54, 0x38, 0xAB, 0x1F, 0x0E, 0xE3, 0x8E, 0xD3, 0x0D, 0xEB, 0x99, 0xC3, 0x93, 0xFE, 0xD1, 0x2B, 0x1B, 0x11, 0xC6, 0x11, 0xEF, 0xC8, 0xCA, 0x2F, }; static __inline__ u32 rotr(u32 data, u32 bits) { /* rotate right */ return ((data >> bits) | ((data & ((1 << bits) - 1)) << (32 - bits))); } void decrypt_data(u8 *table, u8 *data, u32 size) { int i; u8 bl = 0, dl = 0, dh = 0; /* do the mangle algorithm */ for (i = 0; i < size; i++) { /* read the table and swap bytes */ dl = table[i + 1]; dh = table[(bl + dl) & 0xFF]; table[i + 1] = dh; table[(bl + dl) & 0xFF] = dl; /* set bl */ bl = table[(dl + dh) & 0xFF]; /* do the decrypt (or encrypt...) of the data */ data[i] ^= bl; } } void generate_table(u8 *table, u32 seed) { int i; u8 seed_indx = 0; /* stage 1: set table value as index respectfully */ for (i = 0; i < TABLE_SIZE; i++) table[i] = i; /* stage 2: seed the table */ for (i = 0; i < TABLE_SIZE; i++) { /* update seed index */ seed_indx += (table[i] + (seed & 0xFF)); /* rotate the seed 8 bits right */ seed = rotr(seed, 8); /* backup element */ u8 temp = table[i]; /* byte swap */ table[i] = table[seed_indx]; table[seed_indx] = temp; } } int main(void) { int i; u8 table[TABLE_SIZE]; /* do decrypt etc */ printf("Decrypter, by Davee\nhttp://lolhax.org\n\n"); /* generate the table */ generate_table(table, 0xDEADBEEF); //0xAFC2BFA3); //3A3BFC2AF);//0xDEADBEEF); /* decrypt data */ decrypt_data(table, g_ciphertext, sizeof(g_ciphertext)); /* write decrypted data */ FILE *fd = fopen("decrypt.bin", "wb"); /* check for error */ if (fd == NULL) { /* rage */ return printf("fuuuuuuuuuuuuuuuuu (aka cant open decrypt.bin)\n"); } /* write */ fwrite(g_ciphertext, 1, sizeof(g_ciphertext), fd); fclose(fd); printf("done. check out decrypt.bin\n"); getchar(); return 0; }
Click here to see the live Encryption Process
No comments:
Post a Comment