Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Sunday, March 29 2020 @ 07:53 PM CEST

Tutorial on BoR0's Riddle [#5]

   

TutorialsLevel : intermediate

Solution for bor0's 5th crackme using a modified base64 table.

----------------

BoR0's 5th Crackme (Riddle)

----------------

Written by: TDC - The Dutch Cracker

Tools used: Notepad and a mind

Level: 4/10

Attachment: attachment

Contact info
------------

ICQ: 264541651

-----------

Introduction:
-=-=-=-=-=-=-

Welcome to this tutorial, we are going to solve BoR0's riddle this time, hope you have fun with it, good luck :)

The Tutorial
-=-=-=-=-=-=

Start-up the crackme5.exe, you will see he says "Find more information in the data section"... Hmm? Well just notepad the file =P. We see something like this if we scroll down a little bit:

Filename startup-- (Stuff) --Filename endup

So, it looks like Base64 if you really checked it in notepad. And... it is some encoded file we can see from the hint BoR0 gives.

Download Base64 decoder http://www.fourmilab.ch/webtools/base64/

Ok, when you got that we can prepare, save all the information between Filename startup and Filename endup in a file, called for example "blabla.bla".

Theres always a signature in a file, lets decrypt the first 4 bytes of the string. Yes "R0lG" that part. Use the online Base64 decoder:

http://makcoder.sourceforge.net/demo/base64.php

If you decrypted R0lG, you see it is GIF, aha so our file should be called not "blabla.bla" but "blabla.GIF". We are now ready to decode this file. The commandline of Base64.EXE is -d to decode something, well we are not interesting in errors too so use -n switch also.

Commandline: "Base64 -d -n blabla.gif output.gif"
Now if all went good you have a output.gif that is a valid .GIF file. Open it up, doesn't it look like a Base64 table? 8x8 = yep 64, it's a Base64 table :-). But wait, it looks also modified, we see also 0RoB in it, seems like BoR0's name as a kind of signature =P. I included my decoded gif file in the zipfile.

What I did is, search a online webpage that decodes Base64, saved the source to my harddisk, I changed the table and opened the file from my harddisk in the web browser.

http://ostermiller.org/calc/encode.html (that decoder I used)

Cool we have the modified Base64 now. Check my included encode.html, it's the modified thing :-)

Ready? Insert BoR0's encrypted stuff (U can COPY/PASTE from notepad because it uses as the name Base64 says, 64 characters, notepad can read those) So put that stuff into our own modified decoder, yeap it's working :-)

The decrypted stuff is:
------------ DECRYPTED ------------
Part #1:
Well, as you can see (and you probably reversed my application by now)
this is my fifth crackme :) I am using base64 (modified) for this text,
and base64 (not modified) in a file table.gif that contains the

Part #2:
table of the modified base64. Anyway, I hope you had a great time
while solving this crackme :) it was more a riddle, but anyway..
My greetings list is: Detten, ZaiRoN, upb, TDC, Tanatos, parabytes,
Zephyrous, Muad'Dib, HMS, bluffer, and all my other friends.
Respectful webpages: www.reversing.be
My webpage: www.freewebs.com/bor0/

Part #3:
This tool I have done 28.7.2oo5 when I was playing with base64
------------ DECRYPTED ------------

Oh and BoR0, thanks for greetings ;-)

Greetings
-=-=-=-=-

To BoR0 for this funny crackme of course :-), to all BiW and special thanks to thorpe, guyonasm, detten, xb0z, Soul12, parabytes, upb :-)




What's Related

Story Options

Tutorial on BoR0's Riddle [#5] | 4 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Tutorial on BoR0's Riddle [#5]
Authored by: Falcon1 on Thursday, September 01 2005 @ 09:47 AM CEST
How did you know that it was Base64 encryption?

---
PLAY WITH THE BEST, LOSE LIKE THE REST
(I did...)

Tutorial on BoR0's Riddle [#5]
Authored by: BoR0 on Saturday, September 03 2005 @ 11:47 AM CEST
I gave a small hint.. "All your base has been reversed" :) some say that I gave too much hints, but I dont want it uncrackable hehe
Tutorial on BoR0's Riddle [#5]
Authored by: Falcon1 on Saturday, September 03 2005 @ 03:45 PM CEST
I didn't know about the existance of the Base64 encryption lol

---
PLAY WITH THE BEST, LOSE LIKE THE REST
(I did...)

Tutorial on BoR0's Riddle [#5]
Authored by: BoR0 on Saturday, September 03 2005 @ 04:01 PM CEST
On this link Base64 is explained very well:

http://email.about.com/cs/standards/a/base64_encoding.htm

There is also the table and why base64 is useful (attachments in mails, etc). I kinda love B64 ;)
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.92 seconds