View previous topic :: View next topic |
Author |
Message |
ups2000ups I post too much
Reputation: 0
Joined: 31 Jul 2006 Posts: 2471
|
Posted: Fri Aug 24, 2007 10:56 am Post subject: Noobis CrackMe v3 (you cant get it .....) =D |
|
|
No patch needed only serial (hope it will be harder lol)
+ Rep to the first who get the real password (sorry sunbeam cant +rep you =D )
tell me if it was harder this time ....
_________________
dont complain about my english...
1*1 = 2? |
|
Back to top |
|
 |
zart Master Cheater
Reputation: 0
Joined: 20 Aug 2007 Posts: 351 Location: russia
|
Posted: Fri Aug 24, 2007 11:20 am Post subject: |
|
|
pass is: 156516
set a bp at;
0045385B |. E8 8C0DFBFF CALL Project1.004045EC
you can peak the values pretty quickly, eax holds your pass, edx holds correct one
didn't take longer than a minute if that... so it was better - but thats not saying much... nice work though, keep it up and make them harder!
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
Back to top |
|
 |
ups2000ups I post too much
Reputation: 0
Joined: 31 Jul 2006 Posts: 2471
|
Posted: Fri Aug 24, 2007 11:28 am Post subject: |
|
|
zart wrote: | pass is: 156516
set a bp at;
0045385B |. E8 8C0DFBFF CALL Project1.004045EC
you can peak the values pretty quickly, eax holds your pass, edx holds correct one
didn't take longer than a minute if that... so it was better - but thats not saying much... nice work though, keep it up and make them harder! |
hmm just 1 question how did you got the password from 1 address when they should be at 3 different positions ? (it taked the caption from 3 different buttons)
btw +rep =D
_________________
dont complain about my english...
1*1 = 2? |
|
Back to top |
|
 |
zart Master Cheater
Reputation: 0
Joined: 20 Aug 2007 Posts: 351 Location: russia
|
Posted: Fri Aug 24, 2007 11:51 am Post subject: |
|
|
How are you comparing it?
Are you combining the password from different places - then comparing it to my value?
It doesn't matter how much you encrypt the password if you do that;
example (i know you used delphi, but i hate it and refuse to code in it so this is c code)
i enter the password
you 'decode' your password
then perform a check something like if (string1==string2) then win
if your not comparing an 'encrypted' string1 to an 'encrypted' string2, then both values are peekable.
i KNOW what my string is, so if i find it in text being compared to something, that means the other string must not be encrypted... see what i mean?
edit:
now that i think of it, it may help everyone too, post your code for this crackme. I'll analyze it and show you where the weakness is.
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
Back to top |
|
 |
merkark12 Advanced Cheater
Reputation: 0
Joined: 04 Jul 2007 Posts: 74 Location: In that program you just downloaded
|
Posted: Fri Aug 24, 2007 1:07 pm Post subject: |
|
|
its kinda like to same thing as the last one, set a bp on the call before the jnz, f7 in the call, and the pass is in plain text ... seemed the same as the first one
_________________
|
|
Back to top |
|
 |
SunBeam I post too much
Reputation: 65
Joined: 25 Feb 2005 Posts: 4023 Location: Romania
|
Posted: Fri Aug 24, 2007 1:30 pm Post subject: |
|
|
Sorry for not being able to make it in time. House chores, cleaning up, painting, shit like that. Anyway, if it's a VB app, stop using god damn __vbaStrCmp. If it's C++ or Delphi, hash your real_pass (XOR it or something, or have it statically implemented and decoded during run-time) and compare hashes, not passwords
@ups: Yeah, no rep for me =] No biggie...
|
|
Back to top |
|
 |
Symbol I'm a spammer
Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Fri Aug 24, 2007 1:38 pm Post subject: |
|
|
after zart told me that eax holds the pass, of course i didnt want to see it but i saw that he said "eax holds your pass" didnt actually see what it is, u can see it at: 45386A
see picture:
i see u used 3 variables and then did edit1.text = var1+var2+var3
i couldnt find that eax and edx holds the pass, im still kinda new to olly but i saw other usful (maybe better programs like olly in lena's tuts, but didnt downloaded :O
|
|
Back to top |
|
 |
zart Master Cheater
Reputation: 0
Joined: 20 Aug 2007 Posts: 351 Location: russia
|
|
Back to top |
|
 |
Symbol I'm a spammer
Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Fri Aug 24, 2007 1:50 pm Post subject: |
|
|
oh yea, only now it makes sence... i never thought about it, i thought about the registers as random values or something... but they must hold the pass yea i get it... how stupid of me ^_^
well every day im being better at cracking
|
|
Back to top |
|
 |
ups2000ups I post too much
Reputation: 0
Joined: 31 Jul 2006 Posts: 2471
|
|
Back to top |
|
 |
haha01haha01 Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sat Aug 25, 2007 8:40 am Post subject: |
|
|
Symbol wrote: | after zart told me that eax holds the pass, of course i didnt want to see it but i saw that he said "eax holds your pass" didnt actually see what it is, u can see it at: 45386A
see picture:
i see u used 3 variables and then did edit1.text = var1+var2+var3
i couldnt find that eax and edx holds the pass, im still kinda new to olly but i saw other usful (maybe better programs like olly in lena's tuts, but didnt downloaded :O |
symbol if pass was 16+65+15 it was 96 dont u know math?
pass is 160000+6500+15
btw its just a joke i know u mean 16+65+15 in strcat.
|
|
Back to top |
|
 |
|