# iCTF 2011. Challenge 32 (\$ ?)

Program is not packed x86 executable ELF file.
There is a very easy logic here. Secret information about bank account is generated from input code.

Code which is converted test code to binary is the same as in challenge 31

There is a different check code:

signed int __cdecl check(int *a1) { signed int result; // eax@2 int v2; // eax@3 int v3; // [sp+Ch] [bp-4h]@7   if ( *a1 == 0x65BCFF45 ) { v2 = __ROL__(a1[1], 13); if ( v2 == 0x34A7FB12 ) { if ( *a1 + a1[1] == a1[2] ) { v3 = a1[3]; if ( v3 - 0x75718FF8u <= 0x7C40 && (unsigned __int16)v3 == 0xAB39 ) { if ( (signed int (__cdecl *)(int *))a1[4] == check ) { if ( a1[5] == 0xDEADBABE ) result = 0; else result = -1; } else { result = -1; } } else { result = 1; } } else { result = 1; } } else { result = 1; } } else { result = 1; } return result; }

So, the easiest way to get a code is to write keygen:

#include <stdio.h> #include <windows.h>   unsigned int key[6]; int main(int argc, char* argv[]) { key[0] = 0x65BCFF45; unsigned int tmp = 0x34A7FB12; __asm { push eax mov eax, tmp ror eax, 13 mov tmp, eax pop eax } key[1] = tmp; key[2] = key[1] + key[0]; tmp = 0x75718FF8; key[3] = 0; for (int i = 0; i <= 0x7C40 ; i++) { if (((tmp + i)&0xFFFF) == 0xAB39) key[3] = (tmp + i); } if (key[3] == 0) { printf ("Error! can't generate key[3]!\n"); return -1; } key[4] = 0x080484E4; key[5] = 0xDEADBABE; printf("Secret code: "); for (int i = 0; i < 0x18; i++) printf("%02x", (*((char*)key+i))&0xFF);   }

C:\ctf\~writeups\ictf2011\challenge32>keygen.exe