Hackthissite.org programming 3

This is a little programming challange where you are supposed to reverse an encryptet text. This is easier than you would think.

We get an example on how the keys could look like.
99Z-KH5-OEM-240-1.1
QGG-V33-OEM-0B1-1.1
Z93-Z29-OEM-BNX-1.1
IQ0-PZI-OEM-PK0-1.1
UM4-VDL-OEM-B9O-1.1
L0S-4R2-OEM-UQL-1.1
JBL-EYQ-OEM-ABB-1.1
NL1-3V3-OEM-L4C-1.1
7CQ-1ZR-OEM-U3I-1.1
XX0-IHL-OEM-5XK-1.1
KJQ-RXG-OEM-TW8-1.1
OZR-LW1-OEM-5EM-1.1
0B8-6K5-OEM-EFN-1.1
OE2-20L-OEM-SSI-1.1
0ME-HAE-OEM-9XB-1.1

(Don't forget the UNIX-style line breaks.)
We store these keys in one txt file, and gets the UNIX-style line breaks. Then we have to use out god given brain to take the code appart. We could to it another way, but understanding the code is better. Will become easier to do the other missions later atleast.

Understanding evalCrossTotal()

This is the easiest, so we begin here. This method first does str_split($strMD5, 1); witch takes the string, and makes an array.

Then you have this foreach method witch runs through the array and makes a sum of all the signs in the string. Here you much remember that the linebreak is "\n" and is used for in all the keys, except the last one.

If you don't know what value this is, it's the hex value of the sign.

Understanding encryptString()

First this makes one md5-hash from the $strPassword variable. Then getting the hex value of this hashcode combined. Since we know the last two signs of many of the keys on the example file is "\n", we can use this. We also use the fact that all the kays have "1.1" at the end.

We then try to see what the whole thing will print (we just use an empty password for now), but we use the whole example list.
-176 -220 -170 -202 -136 -123 -163 -205 -157 -128 -160 -213 -149 -159 -199 -238 -161 -226 -183 -148 -113-152 -177 -116 -161 -148 -148 -158 -218 -125 -139 -108 -219 -202 -157 -186 -174 -144 -188 -155 -115 -111-143 -155 -225 -162 -177 -140 -154 -146 -184 -145 -116 -232 -184 -124 -153 -186 -160 -160 -149 -226 -130-160 -170 -163 -173 -136 -142 -153 -189 -155 -126 -168 -178 -99 -183 -200 -226 -175 -214 -109 -169 -105-148 -145 -192 -182 -144 -176 -170 -187 -142 -141 -166 -186 -121 -206 -164 -164 -163 -223 -164 -147 -102-157 -224 -169 -185 -156 -163 -192 -175 -144 -161 -141 -218 -144 -166 -120 -167 -173 -171 -186 -98 -173-159 -170 -130 -227 -201 -146 -152 -179 -108 -156 -153 -175 -213 -183 -163 -188 -159 -229 -203 -164 -139-155 -182 -162 -129 -185 -143 -192 -199 -180 -203 -175 -158 -159 -184 -150 -178 -157 -213 -157 -111 -147-178 -202 -169 -175 -143 -158 -134 -173 -90 -167 -169 -237 -167 -178 -140 -195 -158 -147 -166 -117 -146-145 -123 -157 -208 -181 -144 -163 -173 -115 -159 -196 -181 -183 -166 -206 -164 -199 -168 -163 -204 -90-158 -165 -146 -180 -196 -140 -156 -157 -141 -154 -155 -217 -145 -130 -192 -179 -153 -192 -214 -158 -135-154 -147 -125 -197 -227 -167 -207 -151 -181 -150 -170 -218 -159 -127 -171 -225 -173 -133 -193 -134 -153-185 -201 -146 -157 -160 -155 -170 -142 -150 -179 -93 -217 -177 -157 -146 -170 -172 -177 -209 -134 -150-154 -168 -182 -118 -191 -138 -206 -194 -167 -148 -161 -216 -147 -163 -179 -180 -158 -148 -207 -170 -141-185 -190 -186 -237 -119 -158 -194 -237 -146 -75 -134 -168 -192 -130 -223 -177 -209 -152 -189

The encrypted text given to me is:

-193 -166 -105 -222 -163 -99 -223 -206 -177 -146 -186 -155 -183 -157 -192 -198 -134 -184 -188 -207 -162 -140 -182 -152 -191 -183 -151 -208 -122 -134 -170 -169 -144 -164 -163 -189 -150 -224 -201 -221 -73 -175 -150 -112 -191 -145 -156 -205 -168 -132 -172 -166 -171 -166 -133 -187 -201 -195 -196 -210 -146 -164 -189 -179 -155 -113 -180 -192 -135 -182 -147 -207 -156 -172 -105 -190 -137 -219 -179 -234 -90 -189 -198 -175 -182 -146 -143 -119 -163 -178 -179 -177 -161 -172 -160 -173 -114 -200 -211 -264

Lets try the last serial, since we are just supposed to give the last one back, it's good to know how much you need to do: -185 -190 -186 -237 -119 -158 -194 -237 -146 -75 -134 -168 -192 -130 -223 -177 -209 -152 -189

Just to the math, and you see that you are given 5 keys in the encrypted text for the mission. Then we need see how things are printed, to fully understand the code.

Check values:

We check the values by running one value at the time with an empty password

=-233=-232=-231=-230=-229=-228=-227=-226=-225
=-224 =-223 =-222 =-221 =-220=-219=-218=-217=-216
=-215=-214=-213=-212=-211=-210=-209=-208=-207
=-206=-205=-204=-203=-202 =-201!=-200"=-199#=-198
$=-197%=-196&=-195'=-194(=-193)=-192*=-191+=-190,=-189
-=-188.=-187/=-1860=-1851=-1842=-1833=-1824=-1815=-180
6=-1797=-1788=-1779=-176:=-175;=-174<=-173==-172>=-171
?=-170@=-169A=-168B=-167C=-166D=-165E=-164F=-163G=-162
H=-161I=-160J=-159K=-158L=-157M=-156N=-155O=-154P=-153
Q=-152R=-151S=-150T=-149U=-148V=-147W=-146X=-145Y=-144
Z=-143[=-142\=-141]=-140^=-139_=-138`=-137a=-136b=-135
c=-134d=-133e=-132f=-131g=-130h=-129i=-128j=-127k=-126
l=-125m=-124n=-123o=-122p=-121q=-120r=-119s=-118t=-117
u=-116v=-115w=-114x=-113y=-112z=-111{=-110|=-109}=-108
~=-107=-106=-105=-104=-103=-102=-101=-100=-99
=-98=-97=-96=-95=-94=-93=-92=-91=-90
=-89=-88=-87=-86=-85=-84=-83=-82=-81
=-80=-79=-78=-77=-76=-75=-74=-73=-72
=-71=-70=-69=-68=-67=-66=-65=-64=-63
=-62=-61=-60=-59=-58=-57=-56=-55=-54
=-53=-52=-51=-50=-49=-48=-47=-46=-45
=-44=-43=-42=-41=-40=-39=-38=-37=-36
=-35=-34=-33=-32=-31=-30=-29=-28=-27
=-26=-25=-24=-23=-22=-21=-20=-19=-18
=-17=-16=-15=-14=-13=-12=-11=-10=-9
=-8=-7=-6=-5=-4=-3=-2=-1=0
=1=2=3=4=5=6=7=8=9
=10=11=12=13=14=15=16=17=18
=19=20=21=22


The smallest number will be from the sign "-", and we got that. No matter what. This means we just use this to help us get the right difference.

Decrypt script: