|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Mon Apr 21, 2008 12:57 pm Post subject: CrackMeV2 |
|
|
Man, this was so fun too make . Still shitty and I want to see how Wiccaan or someone rips it apart in seconds .
PS: Tips on making a sweet crackme are appreciated =D.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Apr 21, 2008 1:37 pm Post subject: |
|
|
Firstly, you make a thread, to make a thread, to check IsDebuggerPresent via inline:
Pulls the debugger present flag from the TEB->PEB block.
Code: | 004012D8 . 64:A1 1800000>MOV EAX,DWORD PTR FS:[18]
004012DE . 3E:8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
004012E2 . 3E:0FB640 02 MOVZX EAX,BYTE PTR DS:[EAX+2]
004012E7 . 83F8 01 CMP EAX,1 |
To "crack" it you can simply edit:
Code: | 00401201 . 83F8 01 CMP EAX,1 |
This is the overall compare to check if the password was correct or not.
Anyway the key:
fr15-fhe1eh1-gdsl31ftd-lkf203fq
Fairly easy:
Code: | 00401350 |> /8A4C04 10 /MOV CL,BYTE PTR SS:[ESP+EAX+10]
00401354 |. |80F9 25 |CMP CL,25
00401357 |. |75 07 |JNZ SHORT CrackMeV.00401360
00401359 |. |C64404 10 2D |MOV BYTE PTR SS:[ESP+EAX+10],2D
0040135E |. |EB 07 |JMP SHORT CrackMeV.00401367
00401360 |> |80F1 02 |XOR CL,2
00401363 |. |884C04 10 |MOV BYTE PTR SS:[ESP+EAX+10],CL
00401367 |> |8A5C04 10 |MOV BL,BYTE PTR SS:[ESP+EAX+10]
0040136B |. |8D0C06 |LEA ECX,DWORD PTR DS:[ESI+EAX]
0040136E |. |C64404 10 00 |MOV BYTE PTR SS:[ESP+EAX+10],0
00401373 |. |3A5C0C 10 |CMP BL,BYTE PTR SS:[ESP+ECX+10]
00401377 |. |75 06 |JNZ SHORT CrackMeV.0040137F
00401379 |. |40 |INC EAX
0040137A |. |45 |INC EBP
0040137B |. |3BC2 |CMP EAX,EDX
0040137D |.^\7C D1 \JL SHORT CrackMeV.00401350 |
C++ code to generate the key:
Code: | #include <windows.h>
int main()
{
char szEncKey[] = "dp37%djg3gj3%efqn13dvf%nid021ds";
for( int x=0; x<strlen(szEncKey); x++ )
{
if( szEncKey[x] != '%' )
szEncKey[x] = (char)(szEncKey[x] ^ 2);
else
szEncKey[x] = 0x2D;
}
return 0;
} |
_________________
- Retired. |
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Mon Apr 21, 2008 1:43 pm Post subject: |
|
|
Code: | 00401360 |> |80F1 02 |XOR CL,2 |
Yeah, it's pretty simple. But hey, i've got the whole of tomorrow to write a proper encryption routine.
Oh and the thread which makes the other thread also checks for a debugger.
EDIT: Lol, i'm stupid. I spent so long making it all stupid and obfuscated in places that I actually forgot to de-optimize my encryption function.
|
|
Back to top |
|
|
DeletedUser14087 I post too much Reputation: 2
Joined: 21 Jun 2006 Posts: 3069
|
Posted: Mon Apr 21, 2008 2:35 pm Post subject: |
|
|
So it baiscly generates a random password using random typed characters ?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
|
|