Cheat Engine

killersamurai · Posted: Sat Nov 03, 2007 3:24 pm Post subject: CrackMe

I made this crackme in order to test out certain things. You can patch it, but you have to provide the password with it. I'm expecting this to be a fast one.

haha01haha01 · Posted: Sun Nov 04, 2007 9:41 am Post subject:

well ill try cracking this but just to retrieve my lost honor as a valid hacker.
lulz liked the method of calling message box and all other api.
EDIT: found ur routine Wink

a min or two and ill get the pass.

OK! NOW THAT WAS 1 GOOD CRACKME BUT NOTHING WILL BEAT HAHA01HAHA01 MUAHAHAHA

pass = Can't think of 1

now how did i find the pass?
1. break olly when the badboy msg is on.
2.look at call stack.
3.go to the place where the msg is called from.
4.set bp on retn and return to the code.
5. now go up in the calls by setting breakpoints on push ebp in the beginning of each routine.
6.follow the code and ull see where the getdlgitemtexta is called
7.go to the msgbox and look on the jnz b4 it.
8.the jnz is decided with 1 stack address. folow it in dump and set bp after getdlgitemtexta
9.follow the code, ull see that another stack address (ebp-32 or something like that) is deciding what that stack address will be.
now see that ebp-32 is decided 1 line upper by eax.
10.follow the code again from the getdlgitemtexta and see where eax is being changed.
11.olly dont show that like this, but its a spaghetti loop. set breakpoint on the line moving the final password into the password buffer, and follow the dword in dump.
12.pwn samurai.

ok killersamurai. THAT, i call a draw Razz

killersamurai · Posted: Sun Nov 04, 2007 11:37 am Post subject:

Figured it wouldn't take long. Since it worked for you, then I know now that this way of hiding an api works.

haha01haha01 · Posted: Sun Nov 04, 2007 12:01 pm Post subject:

i really liked that way. i was looking for a way to hide api's for a long time. ill use this MUCH.
still, no protection is epik enough to stand me.
now lets see if u can crack my crackme.

killersamurai · Posted: Sun Nov 04, 2007 12:59 pm Post subject:

1.Break point on lstrlenA
2.When you get to 40302a, change z flag to 1
3.Enter in the second call (403031)
4.Trace till you get to 41d01c
This is where the password is located and subtracts by 8

Flyte · Posted: Sun Nov 04, 2007 1:28 pm Post subject:

Cx · Posted: Sun Nov 04, 2007 2:10 pm Post subject:

I don't like you haha01haha01, you're a cocky bitch.
And to "hide" an API, get creative with how you call it/what you call.

haha01haha01 · Posted: Mon Nov 05, 2007 3:51 am Post subject:

ok ok im really sry for trying to learn how to hide apis.