CrackMe by JunkCode
-------------------

Rules
-----
1. Find a valid Solution
2. and try to copde a solution generator :-)

Solution
--------
Name : anything
Key : a prime number between 10000 and 20000
Combination : the same number ( 16 bits ) is represented as check boxes
where checked stand for 1, and unchecked stand for 0. and the bit is
ticked in the reverse order.

for eg:- for the number 19991 ( prime )
binary equiv is 100111000010111
now, for the comb.. ( the bits are marked from last to first )
[X]	[X]	[X]	[ ]
[X]	[ ]	[ ]	[ ]
[ ]	[X]	[X]	[X]
[ ]	[ ]	[X]	[ ]

How To Proceed
--------------
The validation function starts at 40148E.. called from 401375...
* Referenced by a CALL at Address:
|:00401375   
|
:0040148E 55                      push ebp
:0040148F 89E5                    mov ebp, esp
:00401491 83EC0C                  sub esp, 0000000C

first of all, all the check boxes are checked if its checked, and the
result is stored to the corresponding bit position.
code till 401866 does that... lots of fake/junk calls are made in
between this code, just for the sake of it!

:0040188D D91C24                  fstp dword ptr [esp]
:00401890 E856FBFFFF              call 004013EB
:00401895 57                      push edi
:00401896 E88BFBFFFF              call 00401426 <- Function1()
:0040189B 89C7                    mov edi, eax

inside the Function1().. you can noticed the following code...
:0040142D 8B5D08                  mov ebx, dword ptr [ebp+08]
:00401430 8A0538304000            mov al, byte ptr [00403038]
:00401436 F6C301                  test bl, 01
:00401439 7410                    je 0040144B
:0040143B 81FB10270000            cmp ebx, 00002710
:00401441 7208                    jb 0040144B
:00401443 81FB204E0000            cmp ebx, 00004E20
:00401449 7604                    jbe 0040144F
the number is check if its divisible by 2, and it its in between
10000 and 20000. the rest of the code, checks if the number provided
is a prime number of not.

:0040189D 689C304000              push 0040309C
* Reference To: CRTDLL.atoi, Ord:01F9h
                                |
:004018A2 E889010000              Call 00401A30
here you can notice that our number is converted to an interger.

now, the number given by our combination is referenced...
:004018A7 8945F8                  mov dword ptr [ebp-08], eax
:004018AA FF35D0304000            push dword ptr [004030D0]
:004018B0 E871FBFFFF              call 00401426
:004018B5 83C444                  add esp, 00000044
:004018B8 89C7                    mov edi, eax
:004018BA 8B45F8                  mov eax, dword ptr [ebp-08]
:004018BD 3305D0304000            xor eax, dword ptr [004030D0]
:004018C3 29F8                    sub eax, edi
and it then xored with the value we have provided in the edit box. and
the combination is checked if its prime, and the result is subtracted
from the xored value. if it the right combination, then the function
returns -1.

so, all you have to do to make a solution generator, is to make a
program that can generate primes between 10000 & 20000 and represent
it in the combination form in the reversed bit order :-)

regards,
junkcode