This page looks best with JavaScript enabled

S01den's cube

Unix/linux c/c++ difficulty: 4.3

 ·  ☕ 5 min read  ·  👻 Ahmed Raof

Intro

Welcome to my blog! Today, we will be diving into the world of solving a Rubik's cube, as represented by the crackme. As a huge fan of solving Rubik's cube, I was immediately drawn to this particular crackme challenge. I own a 3x3 Rubik's cube and have even been able to solve it in under 50 seconds 😊

rubik cube

Before diving into the reverse engineering process, let's first take a look at the file we will be working with. If we try to run the file and enter any input, we will immediately be presented with the message [!] Bad flag! This is to be expected

run

Closer look

It's time to take a closer look, so let's launch IDA and open our target file, and see what secrets we can uncover! One of the first things we can do in IDA is to open the Strings view, which will show us all the hard-coded strings that are used in the program. By doing this, we can quickly locate the message [!] Bad flag!, which we encountered when we first ran the program. This is a good starting point, so let’s jump to it.

strings

Now that we have located the [!] Bad flag! message in the program, let's move on to the main function to begin our analysis. The first thing we notice is that the program takes our input, which must be less than or equal to 99 characters, and then proceeds to loop through each character of the input. This is where the program checks if the input characters match any of the characters BDFLRUbdflru. The program then performs specific operations on a set of bytes defined in the program based on the input character.

ida decompiler

which are the basic moves of a Rubik's cube. As a Rubik's cube player, you already know that these symbols represent the Up, Down, Right, Left, Front, and Back moves of a Rubik's cube. Additionally, small symbols represent the vice versa.

rubiks movement

There are 24 unique values. This tells us that this crackme is related to a 2x2 Rubik's cube. This is because a 2x2 Rubik's cube has 24 total cubes or stickers in total, which means each face has 4 stickers. This is consistent with the 24 unique values we found in the program's code.

Each value is assigned to a different value. Upon further examination, we find that there are only 6 unique values [0x6f, 0x62, 0x76, 0x6a, 0x42, 0x72], which are related to the 4 colors in a 2x2 Rubik's cube (red, orange, blue, green, white, yellow).

2*2 rubik cube
ida bytes

It becomes clear that the program is checking the input against a scrambled 2x2 Rubik's cube. This means that we need to find the correct sequence of moves that will solve the scrambled cube.

Solution

To solve the crackme, we first need to understand the position of the bytes in the program and how they relate to the physical 2x2 Rubik's cube. We can also assign color to each value like cube = {0x6f: ‘orange’, 0x72: ‘red’, 0x6a: ‘green’, 0x42: ‘white’, 0x76: ‘yellow’, 0x62: ‘blue’}. (OR YOU CAN REPLACE WHITE TO YELLOW & GREEN TO BLUE & RED TO ORANGE)

cube structure

In order to understand the physical location of the bytes, we can take advantage of the symbols represented in the switch case statements in the program. These symbols likely correspond to the basic moves of the Rubik's cube, such as Up, Down, Right, Left, Front, and Back. By analyzing the program's switch case statements, we can determine how the bytes are moved and manipulated in relation to the cube.

BYTE_NUM VALUE COLOR
byte_4049 0x6F orange
byte_404A 0x62 blue
byte_404B 0x76 yellow
byte_404C 0x62 blue
byte_404D 0x62 blue
byte_404E 0x6A green
byte_404F 0x42 white
byte_4050 0x72 red
byte_4051 0x6F orange
byte_4052 0x72 red
byte_4053 0x76 yellow
byte_4054 0x6A green
byte_4055 0x42 white
byte_4056 0x76 yellow
byte_4057 0x72 red
byte_4058 0x6A green
byte_4059 0x42 white
byte_405A 0x72 red
byte_405B 0x76 yellow
byte_405C 0x6A green
byte_405D 0x42 white
byte_405E 0x6F orange
byte_405F 0x62 blue

Ex1

For example, when the case is 'L', we can notice that the program is swapping several bytes in the array which indicates that the left face of the cube is being rotated.

Ex2

For example, when the case is 'R', we can notice that the program is swapping several bytes in the array which indicates that the right face of the cube is being rotated.

Conclusion

As you continue analyzing the switch cases and the byte movements, you will be able to map all the byte positions in the program to the physical positions of the stickers on the cube. This will give you a clear image of the cube's state and the moves required to solve it.

Once we have determined the positions of the bytes in relation to the physical 2x2 Rubik's cube, you can use online tools like cube solver


Great, now that you have found the correct keys using the website, we can test your program by entering the keys as the input.
By inputting the correct keys, the program should verify the input and confirm that it is correct.

Share on
Ahmed Raof. AKA 50r4.
WRITTEN BY
Ahmed Raof
📚Learner🤓Nerd🔫reverse engineering👾malware analysis🔒cryptography

See Also

©2023 50r4, All Rights Reserved