#1
|
|||
|
|||
Newbie with potential ECC protection
***ATTEMPT THE CHALLENGE BELOW*** SOLUTION IS COUPLE POSTS DOWN
I am a hobbyist of Reverse Engineering, for software and hardware. I am not a programmer by any means, so this may be a basic problem. Took me about 12 hours to solve really digging in. This can be solved using human pattern recognition. I have a small table of valid Device ID and serial numbers the challenge is to determine the function that makes them valid. The Serial check function is being performed in the hardware of a standalone device. Therefore no RE using OllyDBG or WinDBG possible. Entirely mental exercise. ID SN 1029679 8958024 1029720 8993161 1029978 9214267 1030639 8923744 1033030 8401831 1033109 8469534 1033659 8940884 1033767 9033440 1035843 9098572 1035899 9146564 Last edited by psgama; 09-18-2017 at 01:58. Reason: Edited as I was able to solve. Now challenge for others |
#2
|
|||
|
|||
So I came across another device and used the pattern that I noticed with the Differential of Device ID from the last valid number in the series multiplied by the prime number 857 Plus the valid Serial Number from the first device and I ended up with a valid serial number that worked!!
Now I just need to figure out how the original start point was arrived at. My example was as follows New Dev ID requiring licensing 1033123 Previous Dev ID: 1033109 Previous S/N: 8469534 Difference In Dev ID: 14 14 * 857 = 11998 Previous S/N Plus 11988 = 8481532 = Working code. So I'm not sure what the scheme is here, I know there is a pattern, but I can't seem to find the actual calculation. I know that it may use part of the Software revision of the unit, as that is asked for when licensing is purchased. In all of these cases the revision is 5.4.5 I have graphed the points I have so far with polynomial trendline to 6th order, but calculation gives R value of .9995 (Still too much error when dealing with 10,000,000 possible serial number) Won't seem to let me add picture to show graph, but can be done in excel. What more should I look for? Solution is partial and works, but the method to get to serial from scratch still goes unknown. |
The Following User Says Thank You to psgama For This Useful Post: | ||
tonyweb (09-10-2017) |
#3
|
|||
|
|||
Your pattern seems not working for the first few pairs of SN?
Check the software might be a good idea. |
#4
|
|||
|
|||
I solved it.
*SPOILER ALERT* FOR THOSE WHO WISH TO TAKE A CRACK AT IT. I broke the equation down to the factors that made sense and worked out the patterns from there. In Excel if A2 contained the DevID the serial number would equal Code:
*****SPOILER ALERT****** =((10000+(RIGHT(A2,1)+3)+((LEFT(RIGHT(A2,2),1)+7)*10)+((LEFT(RIGHT(A2,3),1)-3)*100))*857)+660 A complex problem broken down into patterns of numbers based on an input / output table of 10 original pairs. I'm feeling pretty darn good right now! Last edited by psgama; 09-18-2017 at 01:52. |
#5
|
|||
|
|||
In general we take a white-box approach to reverse engineering. You took much more of a black-box or grey-box approach and this seems to becoming a very popular method in the cryptography field. Software trace comparison, software fault injections, etc. But there is no one approach best suited for every sample you find out there. You have to study it and come up with the fastest attack plan route. Be it inductive or deductive strategies
|
#6
|
|||
|
|||
I appreciate your comments.
My math is good but not great. This was fairly easy to solve, only maybe 12 total hours. Good challenge though. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Newbie needs help again | MrCracking | General Discussion | 6 | 03-22-2004 19:51 |
Newbie need help | MrCracking | General Discussion | 2 | 03-10-2004 05:38 |
Newbie needs help :) Please. | knight | General Discussion | 1 | 02-25-2004 15:42 |