View previous topic :: View next topic |
Author |
Message |
killersamurai Expert Cheater Reputation: 0
Joined: 10 Sep 2007 Posts: 197 Location: Colorado
|
Posted: Sat Nov 03, 2007 3:24 pm Post subject: CrackMe |
|
|
I made this crackme in order to test out certain things. You can patch it, but you have to provide the password with it. I'm expecting this to be a fast one.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sun Nov 04, 2007 9:41 am Post subject: |
|
|
well ill try cracking this but just to retrieve my lost honor as a valid hacker.
lulz liked the method of calling message box and all other api.
EDIT: found ur routine a min or two and ill get the pass.
OK! NOW THAT WAS 1 GOOD CRACKME BUT NOTHING WILL BEAT HAHA01HAHA01 MUAHAHAHA
pass = Can't think of 1
now how did i find the pass?
1. break olly when the badboy msg is on.
2.look at call stack.
3.go to the place where the msg is called from.
4.set bp on retn and return to the code.
5. now go up in the calls by setting breakpoints on push ebp in the beginning of each routine.
6.follow the code and ull see where the getdlgitemtexta is called
7.go to the msgbox and look on the jnz b4 it.
8.the jnz is decided with 1 stack address. folow it in dump and set bp after getdlgitemtexta
9.follow the code, ull see that another stack address (ebp-32 or something like that) is deciding what that stack address will be.
now see that ebp-32 is decided 1 line upper by eax.
10.follow the code again from the getdlgitemtexta and see where eax is being changed.
11.olly dont show that like this, but its a spaghetti loop. set breakpoint on the line moving the final password into the password buffer, and follow the dword in dump.
12.pwn samurai.
ok killersamurai. THAT, i call a draw
|
|
Back to top |
|
|
killersamurai Expert Cheater Reputation: 0
Joined: 10 Sep 2007 Posts: 197 Location: Colorado
|
Posted: Sun Nov 04, 2007 11:37 am Post subject: |
|
|
Figured it wouldn't take long. Since it worked for you, then I know now that this way of hiding an api works.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sun Nov 04, 2007 12:01 pm Post subject: |
|
|
i really liked that way. i was looking for a way to hide api's for a long time. ill use this MUCH.
still, no protection is epik enough to stand me.
now lets see if u can crack my crackme.
|
|
Back to top |
|
|
killersamurai Expert Cheater Reputation: 0
Joined: 10 Sep 2007 Posts: 197 Location: Colorado
|
Posted: Sun Nov 04, 2007 12:59 pm Post subject: |
|
|
1.Break point on lstrlenA
2.When you get to 40302a, change z flag to 1
3.Enter in the second call (403031)
4.Trace till you get to 41d01c
This is where the password is located and subtracts by 8
|
|
Back to top |
|
|
Flyte Peanuts!!!! Reputation: 6
Joined: 19 Apr 2006 Posts: 1887 Location: Canada
|
Posted: Sun Nov 04, 2007 1:28 pm Post subject: |
|
|
haha01haha01 wrote: | i really liked that way. i was looking for a way to hide api's for a long time. ill use this MUCH.
still, no protection is epik enough to stand me.
now lets see if u can crack my crackme. |
I think you need to lose a bit of your ego there.
|
|
Back to top |
|
|
Cx Master Cheater Reputation: 0
Joined: 27 Jul 2007 Posts: 367
|
Posted: Sun Nov 04, 2007 2:10 pm Post subject: |
|
|
I don't like you haha01haha01, you're a cocky bitch.
And to "hide" an API, get creative with how you call it/what you call.
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Mon Nov 05, 2007 3:51 am Post subject: |
|
|
ok ok im really sry for trying to learn how to hide apis.
|
|
Back to top |
|
|
|