Your name is used to generate an input buffer. Your serial decides which bits of the input buffer are complemented. Finally, the CRC32 of the input buffer must equal a predefined value (0xFAF3CCCE).
Though CRC is so old and there are numerous resources online about its many variations, this turned out to be much much harder than I expected. Here is the final technique:
- find what 32-bit input has CRC32 of 0xFAF3CCCE (brute all 32-bit values or try to work backwards with the long division)
- calculate CRC32 of the input buffer less 32-bits
- since CRC32(input,4,X) == CRC32(input^X,4,0) we can concatenate the four bytes discovered from step 1 to the buffer after having xor'd them by the result from step 2
- the CRC32 of the full input buffer now is 0xFAF3CCCE
If you're facing a similar task, the solution text includes a hand-worked example of CRC32. Oh! And a challenge to you: given a CRC lookup table, how can you quickly find which polynomial was used to generate it?
Hey , Thanks man once again for posting solution.
ReplyDeleteThe So;X
Yo So;X! NP! I was thinking of what a second version of the crackme could do to fight this method.... 64-bit polynomial maybe (the small brute in this solution would not longer work) and bit mods would happen on the highest-degree terms instead of the lowest
ReplyDelete