Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Try to find my password - [Episode 2]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Tue Jan 25, 2011 9:57 pm    Post subject: Try to find my password - [Episode 2] This post has 1 review(s) Reply with quote

Hello, i created my frist "Password-me" a few years ago, when i was a beginner. ppl found the password 3 minutes later Embarassed .
i created this one today in 30 minutes and i expect u guys spend over 20 minutes to find the right password Twisted Evil

Here is the [NEW] link:
http://localhostr.com/file/sXmXUjt/PasswordMeeeh.rar


Last edited by natanreis1 on Sun Jan 30, 2011 10:46 am; edited 1 time in total
Back to top
View user's profile Send private message
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Fri Jan 28, 2011 3:41 pm    Post subject: Reply with quote

Is it that hard o.o?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 133

Joined: 25 Jan 2006
Posts: 7030
Location: 127.0.0.1

PostPosted: Sun Jan 30, 2011 6:58 am    Post subject: Reply with quote

Got time to check this out, not sure if there is something wrong with it though.

Password I got was: 200211000

Reads calendar info, didn't really look into what it did with it though. However the app crashes after entering the password, doesn't give the fail box though.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Sun Jan 30, 2011 10:45 am    Post subject: Reply with quote

ok. this is not the password, but the application should not crash when u type a strange string. so I re-compiled it, with a better Checker.
Back to top
View user's profile Send private message
zile
Advanced Cheater
Reputation: 0

Joined: 11 Jul 2009
Posts: 75

PostPosted: Thu Feb 24, 2011 1:53 am    Post subject: Reply with quote

is it close to J0XH0 ? thats what i got lol but it doesnt seem to work :X
Back to top
View user's profile Send private message
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Thu Feb 24, 2011 6:42 pm    Post subject: Reply with quote

no it's not the password and it isn't either close the right password.
Back to top
View user's profile Send private message
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Sun Mar 27, 2011 7:54 pm    Post subject: Reply with quote

the password is : 4725656
Back to top
View user's profile Send private message
Hans Henrik
Expert Cheater
Reputation: 0

Joined: 18 Feb 2007
Posts: 177

PostPosted: Fri Jul 22, 2011 8:42 pm    Post subject: Reply with quote

seems the password is a memory pointer to a function..ik9ok
going to bed, good night x

_________________
Im not around.

im almost never checking the forum anymore
Back to top
View user's profile Send private message MSN Messenger
natanreis1
Cheater
Reputation: 1

Joined: 01 Apr 2008
Posts: 44
Location: Somewhere over the rainbow

PostPosted: Sun Jul 31, 2011 10:46 pm    Post subject: Reply with quote

yep, it is a pointer to a LoadForm Function, but it isn't impossible to find the password, if you reverse it u might see that there is a function after IsBadReadPtr that compares the first few bytes to check if the "pointer" is the right one, so if u search those few bytes in CE you would find like 50 address, and then find the right pointer by using the pro's ultimate cracking method -> Testing Razz
Back to top
View user's profile Send private message
Hans Henrik
Expert Cheater
Reputation: 0

Joined: 18 Feb 2007
Posts: 177

PostPosted: Mon Aug 01, 2011 3:51 am    Post subject: Reply with quote

natanreis1 wrote:
u might see that there is a function after IsBadReadPtr that compares the first few bytes to check if the "pointer" is the right one
yeap, that's what i saw
_________________
Im not around.

im almost never checking the forum anymore
Back to top
View user's profile Send private message MSN Messenger
atom0s
Moderator
Reputation: 133

Joined: 25 Jan 2006
Posts: 7030
Location: 127.0.0.1

PostPosted: Mon Aug 01, 2011 1:29 pm    Post subject: Reply with quote

natanreis1 wrote:
the password is : 4725656


Gunna assume this isn't the real answer due to the picture.

I got a chance to take a second look at this and there are actually several solutions. Probably not what you intended but because of how its programmed there are more then 1 password.

Passwords:
4428852 - Instantly closes the app but is correct.
4425299 - Crashes the app but is correct.
4428868 - Instantly closes the app but is correct.
4428881 - Instantly closes the app but is correct.
4428894 - Instantly closes the app but is correct.
4429063 - Crashes the app but is correct.
4429079 - Crashes the app but is correct.
4429263 - Crashes the app but is correct.
4429387 - Crashes the app but is correct.
4434180 - Crashes the app but is correct.
4434489 - Crashes the app but is correct.
4434507 - Crashes the app but is correct.
4434860 - Crashes the app but is correct.
4435027 - Crashes the app but is correct.
4437212 - Crashes the app but is correct.
<and a bunch more>

I didn't take the time to find the correct one cause there's about 50 more of them that match the byte check. Making it more of a hassle to find then a challenge.

Byte check is:
Code:

00481BD8   $ 55             PUSH EBP
00481BD9   . 8BEC           MOV EBP,ESP
00481BDB   . 83C4 F8        ADD ESP,-8
00481BDE   . 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
00481BE1   . 8D4D F8        LEA ECX,DWORD PTR SS:[EBP-8]
00481BE4   . 8B5D FC        MOV EBX,DWORD PTR SS:[EBP-4]
00481BE7   . 8A03           MOV AL,BYTE PTR DS:[EBX]
00481BE9   . 3C A1          CMP AL,0A1
00481BEB   . 75 2A          JNZ SHORT Password.00481C17
00481BED   . 8A43 01        MOV AL,BYTE PTR DS:[EBX+1]
00481BF0   . 3C 00          CMP AL,0
00481BF2   . 75 23          JNZ SHORT Password.00481C17
00481BF4   . 8A43 02        MOV AL,BYTE PTR DS:[EBX+2]
00481BF7   . 3C 58          CMP AL,58
00481BF9   . 75 1C          JNZ SHORT Password.00481C17
00481BFB   . 8A43 03        MOV AL,BYTE PTR DS:[EBX+3]
00481BFE   . 3C 48          CMP AL,48
00481C00   . 75 15          JNZ SHORT Password.00481C17
00481C02   . 8A43 04        MOV AL,BYTE PTR DS:[EBX+4]
00481C05   . 3C 00          CMP AL,0
00481C07   . 75 0E          JNZ SHORT Password.00481C17
00481C09   . BA 01000000    MOV EDX,1
00481C0E   . C745 F8 010000>MOV DWORD PTR SS:[EBP-8],1
00481C15   . EB 10          JMP SHORT Password.00481C27
00481C17   > 31D2           XOR EDX,EDX
00481C19   . C745 F8 000000>MOV DWORD PTR SS:[EBP-8],0
00481C20   . EB 05          JMP SHORT Password.00481C27
00481C22   .^E9 71FFFFFF    JMP Password.00481B98
00481C27   > 90             NOP
00481C28   . 8B01           MOV EAX,DWORD PTR DS:[ECX]
00481C2A   . 59             POP ECX
00481C2B   . 59             POP ECX
00481C2C   . 5D             POP EBP
00481C2D   . C3             RETN


Which is:
Code:
A1 00 58 48 00



I say the above passwords are 'correct' in the sense they validate through your byte check but crash the app. They might not be the solutions but they do pass the 'is this correct?'.

If anyone is that bored here is a full list of any of the addresses it could be, just convert the address to decimal and enter it as the password:

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites