| View previous topic :: View next topic |
| Author |
Message |
zart
Master Cheater
 Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
 |
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
 Posted: Tue Aug 21, 2007 11:35 am Post subject: |
 |
|
u have to patch it right?
becuase it test edx,edx and if theyre equal (which they are...) it jumps to the badboy...
umm why is this oposite?
like its:
____
|title|
line1
line2
so in olly its
line2
line1
title
O_O lol nvm...
|
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
| Posted: Tue Aug 21, 2007 12:08 pm Post subject: |
|
|
this *should* be done without patching... though go for patching if it helps
oh, and this should be easier than my other one... but that doesn't mean it's a cake walk..
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Tue Aug 21, 2007 1:15 pm Post subject: |
|
|
yea i havent learned that much to crack even that... im now downloading lena's 3rd tutorial of like 17  i learned how to use a fake file that is being read by the program so its like a keygen 
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Tue Aug 21, 2007 9:50 pm Post subject: |
|
|
zart, i must fix u, this is WAY more easier then ur first 1.
ur first 1 i didnt even find where the msg is called.
now i just search for text strings and i see the goodboy and badboy.
|
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Tue Aug 21, 2007 10:15 pm Post subject: |
|
|
it is much easier.
i alredy dig deep in the code and almost find solution.
i found that the main idea is that the dword on 12ff70 will be equal to eax. if it is that command that i first saw in ur code, sete, will make cl 1 then when cl is being moved into 12ff50 it will be 1, then after 12ff50 being moved to edx it will be 1, then the test edx,edx will show zf 0, mean the JE wont be taken.
|
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Tue Aug 21, 2007 10:48 pm Post subject: |
|
|
i dunno.
but i just reached the lvl when i dont feel like digging deeper so im kina quitting.
for those who crack the crackme - take a look at 401120 until 4011a6. the main idea in this peice of code is that LOCAL3 will be C057A843.
if it will be that, ur pass is right, and i alredy verified that by patching.
|
|
| Back to top |
|
|
merkark12
Advanced Cheater
 Reputation: 0
Joined: 04 Jul 2007
Posts: 74
Location: In that program you just downloaded
|
| Posted: Tue Aug 21, 2007 10:58 pm Post subject: |
|
|
wtf? i dont think it can be cracked only patched before the AND 0ff theres a MOV, which moves edx into ebx-28 which is ÌÌÌ and the pass needs to be ÌÌÌ + edx which is your pass... so the pass would be ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ times infinity correct me if im wrong
_________________
|
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
| Posted: Tue Aug 21, 2007 11:20 pm Post subject: |
|
|
| merkark12 wrote: | | wtf? i dont think it can be cracked only patched before the AND 0ff theres a MOV, which moves edx into ebx-28 which is ÌÌÌ and the pass needs to be ÌÌÌ + edx which is your pass... so the pass would be ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ times infinity correct me if im wrong |
nope
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Tue Aug 21, 2007 11:29 pm Post subject: |
|
|
| haha01haha01 wrote: | i dunno.
but i just reached the lvl when i dont feel like digging deeper so im kina quitting.
for those who crack the crackme - take a look at 401120 until 4011a6. the main idea in this peice of code is that LOCAL3 will be C057A843.
if it will be that, ur pass is right, and i alredy verified that by patching. |
merkark, look at the part i was talking about, ull understand if ur a good cracker.
|
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Wed Aug 22, 2007 4:37 am Post subject: |
|
|
| haha01haha01 wrote: | it is much easier.
i alredy dig deep in the code and almost find solution.
i found that the main idea is that the dword on 12ff70 will be equal to eax. if it is that command that i first saw in ur code, sete, will make cl 1 then when cl is being moved into 12ff50 it will be 1, then after 12ff50 being moved to edx it will be 1, then the test edx,edx will show zf 0, mean the JE wont be taken. |
You realize those are STACK addresses, which means they change data/content like 246174168741 a second? O_O Jeez...
@zart: I never said I couldn't find the pass. I just refused to post any info, since all mass-pretenders tend to try and make themselves look "cool" once someone posts the solution (e.g.: "Wow, it was so easy I broke my dick on it" after some dude posts the solution)
Cheers...
|
|
| Back to top |
|
|
Ksbunker
Advanced Cheater
![]() Reputation: 0
Joined: 18 Oct 2006
Posts: 88
|
| Posted: Wed Aug 22, 2007 6:55 pm Post subject: re: |
|
|
Just started messing with this one, I like it.
Ok this is what i've gathered thus far;
| Code: | 004012A9 MOV EDX,DWORD PTR SS:[EBP-28] ;edx=CCCCCC00h
004012AC AND EDX,0FF ;AND CCCCCC00, FF = 00h
004012B2 TEST EDX,EDX ; EDX = 00h
004012B4 JE SHORT crackme2.004012D3 ;IF EQUAL, JMP.BADBOY |
Now, as long as [ebp-28] contains CCCCCC00h, it will jump to badboy. So, one can only presume that a correct serial, modifies ebp-28... so that it does not contain the above dword.
Anyway, bbs hopefully with a solution.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
