keygenme.py
Jan 4, 2023
keygenme.py
is a picoCTF challenge in the reverse engineering category. You have to retrieve the key in order to access the full version of the "Arcane Calculator"
. Let's run the python script using our command line.
We can see a prompt as well as a list of options.
Before taking a look inside we can note 2 interesting stuff. These are the option c
that lets us enter the license key and that for some reason the program is calling us "FRASER"
.
Peeking inside
Looking at the first lines already we can see how the key is structured. At a first glance, a brute force attack comes to mind. Later on, we will see why that attack is not appropriate for this situation. We also see that "FRASER"
is in fact a username and is set as a constant. Let's keep that in mind.
Alright. There are a lot of functions in the application so let's start our investigation by declaring what functions are important for the generation of the dynamic part of the license key and focus on them.
menu_trial()
doesn't look important. It validates the choice entered by the user and afterward runs different functions depending on the user's input.We can easily ignore the
validate_choice
function as well as theestimate_burn()
one.The
locked_estimate_vector()
just prints a warning that informs the user that a feature he tried to use is accessible only through the full version of the product. Now we are getting somewhere.The
enter_license()
function has some interesting calls. Firstly it asks the user to enter the license key. Then it runs thecheck_key
function using as arguments the license key entered as well as the byte version of the username constant that is stored asbUsername_trial
If thecheck_key
call returns true then the application proceeds to decrypt the full version using the license key.
Dynamic Key
The check_key
function first checks if the key is even long enough.
After that, the application checks the first part of our license key comparing it to the 1st static part using a for loop (that check will be quite easy to bypass since copy paste is still a thing!).
The iterator is now where the dynamic part begins. Next, we see a big tree of if/else
statements that check the validity of the dynamic part of the key.
Notice that each letter of the dynamic part gets compared to a substitute of the SHA256 hash of the username. This is really easy to exploit.
Exploitation
Firstly lets import hashlib
so that we can craft the required SHA256 hash.
From the application's source code, we will . . . borrow a bunch of variables. These are the license key's structure as well as the byte-encoded username.
Now we will store the specific indexes used by the application in a list.
Finally, we craft the dynamic part one letter at a time and append it to the result
After we craft the dynamic part, we only need to put the pieces together.
And thats it! Lets now run the exploit and get our sweet license key.
I hope you had a great time learning and exploiting this application! This is my first writeup, more to come.
Last updated