Realistic 14 - Valid Key

1. Introduction

This is my first tutorial.
This tutorial isnt meant to be for whole mission.
Just part of it.

2. Getting the source code

Its assumed you got m*******.***s code and understand perls
code or at least syntax which is very similar to c or php.

3. Searching for exploits in code

Ive extracted particularly validkey function because rest of code
is doing pretty much nothing, if you cant have other functions.
You should have noticed that by now.

4. Understanding the code

If first argument($_[0]) isnt in range of alphanumerical
chars it will return 0 value or outside the function:
"You have entered an invalid id."
As you can see it uses regexp.
Splits every character in first argument($_[0]) and total,counter = 0
While idchars array is defined (true),
total of ascii code from given character plus total itself * counter
will give $total and counter goes up by 1.
If total is in range from 925559-927901 then we have valid id
anything else outside the range will return 0 (invalid key).

5. Coding

There are to ways two do this (in general):
Inputting different keys until we get right value which is range or
brute-force function until we get list of valid keys.

Pseudo code:
CODE :
__________________________________________________________________________
split keys
for i = 0 to len(keys)
do
key = keys[i]
validkey+= (ord(key[i]) + (total*i))
echo validkey
if valid key in range 925559-927901
then echo "valid key"
__________________________________________________________________________

6. Links

Regular Expressions
http://www.php.net/
http://www.python.org/download/
http://www.perl.com/download.csp
http://en.wikipedia.org/wiki/Regular_expression

PM or Email me with your codes or questions.
Thats pretty much all.