Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-05-2017, 12:54
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 100
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
Newbie with potential ECC protection

***ATTEMPT THE CHALLENGE BELOW*** SOLUTION IS COUPLE POSTS DOWN

I am a hobbyist of Reverse Engineering, for software and hardware. I am not a programmer by any means, so this may be a basic problem.
Took me about 12 hours to solve really digging in. This can be solved using human pattern recognition.

I have a small table of valid Device ID and serial numbers the challenge is to determine the function that makes them valid.
The Serial check function is being performed in the hardware of a standalone device. Therefore no RE using OllyDBG or WinDBG possible. Entirely mental exercise.


ID SN
1029679 8958024
1029720 8993161
1029978 9214267
1030639 8923744
1033030 8401831
1033109 8469534
1033659 8940884
1033767 9033440
1035843 9098572
1035899 9146564

Last edited by psgama; 09-18-2017 at 01:58. Reason: Edited as I was able to solve. Now challenge for others
Reply With Quote
  #2  
Old 09-09-2017, 08:58
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 100
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
So I came across another device and used the pattern that I noticed with the Differential of Device ID from the last valid number in the series multiplied by the prime number 857 Plus the valid Serial Number from the first device and I ended up with a valid serial number that worked!!

Now I just need to figure out how the original start point was arrived at.

My example was as follows
New Dev ID requiring licensing 1033123
Previous Dev ID: 1033109
Previous S/N: 8469534
Difference In Dev ID: 14
14 * 857 = 11998
Previous S/N Plus 11988 = 8481532 = Working code.

So I'm not sure what the scheme is here, I know there is a pattern, but I can't seem to find the actual calculation. I know that it may use part of the Software revision of the unit, as that is asked for when licensing is purchased.

In all of these cases the revision is 5.4.5

I have graphed the points I have so far with polynomial trendline to 6th order, but calculation gives R value of .9995 (Still too much error when dealing with 10,000,000 possible serial number)
Won't seem to let me add picture to show graph, but can be done in excel.

What more should I look for? Solution is partial and works, but the method to get to serial from scratch still goes unknown.
Reply With Quote
The Following User Says Thank You to psgama For This Useful Post:
tonyweb (09-10-2017)
  #3  
Old 09-14-2017, 21:39
silver silver is offline
Friend
 
Join Date: May 2017
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 12
Thanks Rcvd at 4 Times in 4 Posts
silver Reputation: 0
Your pattern seems not working for the first few pairs of SN?

Check the software might be a good idea.
Reply With Quote
  #4  
Old 09-15-2017, 06:37
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 100
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
I solved it.

*SPOILER ALERT* FOR THOSE WHO WISH TO TAKE A CRACK AT IT.






I broke the equation down to the factors that made sense and worked out the patterns from there. In Excel if A2 contained the DevID the serial number would equal


Code:
*****SPOILER ALERT******
=((10000+(RIGHT(A2,1)+3)+((LEFT(RIGHT(A2,2),1)+7)*10)+((LEFT(RIGHT(A2,3),1)-3)*100))*857)+660

A complex problem broken down into patterns of numbers based on an input / output table of 10 original pairs. I'm feeling pretty darn good right now!

Last edited by psgama; 09-18-2017 at 01:52.
Reply With Quote
The Following 4 Users Say Thank You to psgama For This Useful Post:
bolo2002 (09-15-2017), niculaita (09-17-2017), silver (09-15-2017), tonyweb (09-15-2017)
  #5  
Old 09-17-2017, 00:23
chants chants is online now
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
In general we take a white-box approach to reverse engineering. You took much more of a black-box or grey-box approach and this seems to becoming a very popular method in the cryptography field. Software trace comparison, software fault injections, etc. But there is no one approach best suited for every sample you find out there. You have to study it and come up with the fastest attack plan route. Be it inductive or deductive strategies
Reply With Quote
  #6  
Old 09-18-2017, 01:53
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 100
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
I appreciate your comments.
My math is good but not great. This was fairly easy to solve, only maybe 12 total hours. Good challenge though.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie needs help again MrCracking General Discussion 6 03-22-2004 19:51
Newbie need help MrCracking General Discussion 2 03-10-2004 05:38
Newbie needs help :) Please. knight General Discussion 1 02-25-2004 15:42


All times are GMT +8. The time now is 09:46.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )