Knight Squad Blog

Cracking the “robot[1]: find key” from Crackmes.one

Posted on by Noman Prodhan

Hey cracker,

Today I am going to crack the “robot[1]: find key” from crackmes.one . You can download the binary from here.

It’s a keygen like crackme. We need to reverse it, analyze the key checking algorithm and generate a key. So I ran the binary and I got this…

I checked my current directory and what, I have been hacked!!! 😋😋

So the program created a file called “YOU_WAS_HACKED.txt” in my current directory with the content “Gotcha! You should probably check what you run next time :)”. However, I opened the binary with Radare2 and decompiled the main function.

First the program is checking if I am running it as ./robot1 or not. Then it’s doing some subtraction but interestingly it’s taking the 4th character from “./robot1” which is ‘o’ and subtracting it with ‘k’ and the result is 4.

Then it’s checking if I’ve passed a total of 4 arguments. So I ran the program with 4 arguments and now its asking for a key 🤓

Unfortunately I don’t have a key but now I’m going to create one. So back to the decompiled code again

The program is checking if I supplied a key of length 19. Otherwise it is exiting with a message. However, the program contains two arrays with some values. Then its xoring these two arrays element by element and checking if the result is the same as the correct key.

So, we can write a script to generate the correct key.

I created the following script

#! /usr/bin/evn python

key_array_one = [0] * 19
key_array_one[0] = 0x1a
key_array_one[1] = 0x43
key_array_one[2] = 0x53
key_array_one[3] = 0x51
key_array_one[4] = 0xa
key_array_one[5] = 0x41
key_array_one[6] = key_array_one[1] + 0x13
key_array_one[7] = 0x1c
key_array_one[8] = 0x2
key_array_one[9] = 0x5c
key_array_one[10] = 0x18
key_array_one[11] = 0x1c
key_array_one[12] = 0x5
key_array_one[13] = 0x3
key_array_one[14] = 0x10
key_array_one[15] = 0x5b
key_array_one[16] = 0x3
key_array_one[17] = 0x68
key_array_one[18] = 0x14

key_array_two = [0] * 19

flag = False
for i in range(0, 19):
    if flag:
        key_array_two[i] = 0x30 + i % 10
    else:
        key_array_two[i] = 0x61 + i % 10
    flag = flag == False
key = ''
for i in range(0, 19):
    key += chr(key_array_one[i] ^ key_array_two[i])

print(f"Robot 1 Key : {key}")

It was an easy crackme but fun and I enjoyed solving it.

Happy Cracking 🤟🤟

Leave a Reply

Your email address will not be published. Required fields are marked *