| View previous topic :: View next topic |
| Author |
Message |
xPerfection
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 06 Dec 2006
Posts: 1707
Location: echo $location
|
 Posted: Sat Sep 15, 2007 3:23 am Post subject: [Challenge] Crack Me |
 |
|
******
_________________
Last edited by xPerfection on Sun Aug 16, 2009 7:18 am; edited 2 times in total |
|
| Back to top |
|
 |
haha01haha01
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Sat Sep 15, 2007 9:54 am Post subject: |
|
|
ur crackme is broken. i think.
@#nÑ65)ª
this is the correct pass. ur using the vbastrcmp thingy, i returns ffffffff if pass is wrong, and 1 if pass is right. but even if the return value is 1 its still wrong. cya need to go eat..
|
|
| Back to top |
|
|
zart
Master Cheater
 Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Sat Sep 15, 2007 10:43 am Post subject: |
|
|
lol u think its comparing to @#n¥65)¦? cause u did copy paste to notepad, or some other place.
i took the ascii values, changed them into a word with my ascii2word program that i built myself, and copied it to the program. i saw how vbastrcmp returns 1, but then it make sbb esi,esi so it doesnt matter what the return value will be, it will be wrong.
|
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
xPerfection
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 06 Dec 2006
Posts: 1707
Location: echo $location
|
| Posted: Sat Sep 15, 2007 12:18 pm Post subject: |
|
|
******
_________________
Last edited by xPerfection on Sun Aug 16, 2009 7:17 am; edited 1 time in total |
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
xPerfection
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 06 Dec 2006
Posts: 1707
Location: echo $location
|
| Posted: Sat Sep 15, 2007 1:03 pm Post subject: |
|
|
******
_________________
Last edited by xPerfection on Sun Aug 16, 2009 7:17 am; edited 4 times in total |
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
| Posted: Sat Sep 15, 2007 1:20 pm Post subject: |
|
|
You might want to check the code then, because it only checks it at that one time. Doesn't check it at the other forms.
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
| Back to top |
|
|
xPerfection
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 06 Dec 2006
Posts: 1707
Location: echo $location
|
| Posted: Sat Sep 15, 2007 1:27 pm Post subject: |
|
|
******
_________________
Last edited by xPerfection on Sun Aug 16, 2009 7:17 am; edited 2 times in total |
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
|
| Back to top |
|
|
xPerfection
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 06 Dec 2006
Posts: 1707
Location: echo $location
|
| Posted: Sat Sep 15, 2007 1:35 pm Post subject: |
|
|
******
_________________
Last edited by xPerfection on Sun Aug 16, 2009 7:18 am; edited 1 time in total |
|
| Back to top |
|
|
zart
Master Cheater
Reputation: 0
Joined: 20 Aug 2007
Posts: 351
Location: russia
|
| Posted: Sat Sep 15, 2007 1:43 pm Post subject: |
|
|
| xPerfection wrote: | | Can you tell me how did you find that address? |
Found the routine getting called bye the click event, and looked at this;
| Code: |
004035E8 > 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004035EB . 50 PUSH EAX ; out password
004035EC 68 AC284000 PUSH Crack_Me.004028AC ; the password
004035F1 . FF15 40104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
004035F7 . 8BF0 MOV ESI,EAX ; load result into esi
004035F9 . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
004035FC . F7DE NEG ESI ; negate esi
004035FE . 1BF6 SBB ESI,ESI ; sub esi esi
00403600 . 46 INC ESI ; increase esi by one
00403601 . F7DE NEG ESI ; negate esi
00403603 . FF15 98104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00403609 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0040360C . FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00403612 . 66:3BF7 CMP SI,DI
00403615 0F84 D7000000 JE Crack_Me.004036F2
|
An invalid serial would return 1 to eax, making the end result when it gets to 00403612 be comping 0 to 0... A valid serial would be something else and zero, taking the jump.
Changing the JE to JNZ would make it jump on everything but the real password.
_________________
0x7A 0x61 0x72 0x74
TEAM RESURRECTiON |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
