SRM (50 pts)¶
The flag is : The valid serial number
Analyze the file by Trid.
-> trid_windows.exe RM.exe TrID/32 - File Identifier v2.20 - (C) 2003-15 By M.Pontello Definitions found: 5988 Analyzing... Collecting data from file: RM.exe 64.6% (.EXE) Win64 Executable (generic) (27646/36/4) 15.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.5% (.EXE) Win32 Executable (generic) (4508/7/1) 4.6% (.EXE) Generic Win/DOS Executable (2002/3) 4.6% (.EXE) DOS Executable Generic (2000/1)
So this is a Win64 PE. Analyze the file by ExeInfo for detecting file packer!
The file is not Packed. Analyze the file by IDAPro! You can see strings in Ida.
Find this string in code (Alt+T), perhaps we can find the validator function!
We could find series of branch that seems it’s the validator function, lets reverse it.
As you see below the first user input compared with
[the last user input] + 'C' compared with
155(9Bh), so the last input character must be
X(155-'C'). You can get the others by a series of simple iterative work!
At the end the flag is