KeyMe by BadSector/k232 minutes read
The post is about creating
keyfile generator for
KeyMe by BadSector/k23
I encourage you to do it yourself before reading the solution.
reginf.k23 file and reads
0x24 bytes from it:
Check 1 it checks if the first byte contains two same nibbles, for example,
'w' is same as
0x77 in hex, if so it goes to invalid keyfile message.
Check 2 it checks if the second byte is the reverse of first one, for example, if the first byte is
0x64, second must be
Check 3, the third byte must be sum of first two ones.
Check 4, the fourth byte must be
We can implement this part of
keyfile generator in C++:
After that, it modifies middle part of the key (from 5 to 20), in modification it uses the third byte of the key:
We can randomly generate this part:
It modifies the last part of the key (from 21 to 36), in modification it uses a table of bytes (this table as an array is in
keyfile generator code), it uses
xlatb instruction to get a byte from the table:
After that, it compares results of the last two modifications:
What we know:
- Nibbles in the first byte should not be same.
- The second byte should be reverse of the first one.
- The third is a sum of first two ones.
- The fourth is
- This is the first part of a key and we can generate this one.
- We can also generate middle part of a key which uses the third byte the first part.
- After modification of the last part of the key, it should be same as middle part after modification, we can brute-force this part and that’s exactly what I’m doing in my
Source of the
Any feedback appreciated.