View previous topic :: View next topic |
Author |
Message |
Uligor Grandmaster Cheater Reputation: 0
Joined: 21 Jan 2006 Posts: 956
|
Posted: Mon Apr 30, 2007 12:04 pm Post subject: [Very hard] Uligor's crackme #3 |
|
|
Contains many tricks, but less obfuscation than before.
Made in FASM, enjoy.
http://rapidshare.com/files/28770265/ulicraxme_3.rar
ulicraxme 3.rar
size: 1686
MD5: 4FD94017282A9B564C9CC8C6F618B375
_________________
|
|
Back to top |
|
|
Coramda Expert Cheater Reputation: 0
Joined: 11 Apr 2007 Posts: 135
|
Posted: Mon Apr 30, 2007 12:25 pm Post subject: |
|
|
Currently, starting with modifying the header. Isn't really working out. BUTTTTTT, I'll make it working..
I want to beat it!
|
|
Back to top |
|
|
opcode0x90 Cheater Reputation: 0
Joined: 05 Aug 2006 Posts: 27
|
Posted: Fri May 04, 2007 6:30 pm Post subject: |
|
|
Solved
Code: |
; prepare the input
mov esi, String("\e\e\e\e\e\e\e\e\e\e")
mov ecx, 10
mov edi, (offset szInput)
rep movsb
.while TRUE
; prepare the input
mov esi, (offset szInput)
mov ecx, 10
.repeat
.if (byte ptr [esi] == 7Eh)
.if (ecx == 0)
; all combinations tried
int 3
.else
mov byte ptr [esi], 21h
inc esi
.endif
.else
inc byte ptr [esi]
.break
.endif
.untilcxz
; prepare the buffer
mov ecx, 10
mov esi, (offset szInput)
mov edi, (offset szBuffer)
rep movsb
mov ecx, 3
mov esi, (offset szJunk1)
.repeat
mov eax, [esi]
add esi, 4
stosd
.untilcxz
mov ecx, 5
mov esi, (offset szBuffer)
rep movsd
movsw
; hashing begin
mov ebx, 1
mov ecx, 9
lodsb
dec esi
.repeat
xor al, byte ptr [esi+ebx]
inc ebx
.untilcxz
mov ebx, 1
mov ecx, 15h
.repeat
xor byte ptr [esi+ebx], al
inc ebx
.untilcxz
mov edi, esi
stosb
add esi, 15h
mov ebx, -1
mov ecx, 0Ch
mov edi, (offset szBuffer) + 02Bh
lodsb ; / mov al, byte ptr [esi]
dec esi ; \
.repeat
xor al, byte ptr [esi+ebx]
dec ebx
.untilcxz
mov ebx, -1
mov ecx, 15h
.repeat
xor byte ptr [esi+ebx], al
dec ebx
.untilcxz
stosb
sub esi, 15h
xor word ptr [esi], 03F47h
mov ecx, 0Ah
.repeat
lodsw
xor word ptr [esi], ax
.untilcxz
sub esi, 2Ah
; is this the answer ?
mov ecx, 0Bh
add esi, 16h
mov edi, (offset szCode)
repe cmpsb
.if zero?
; found the answer
int 3
.endif
.endw
|
...or not. [/sarcasm]
|
|
Back to top |
|
|
compactwater I post too much Reputation: 8
Joined: 02 Aug 2006 Posts: 3923
|
Posted: Sat May 05, 2007 5:17 am Post subject: |
|
|
Hmm...
I injected it with my hooker but it didn't respond.
|
|
Back to top |
|
|
Uligor Grandmaster Cheater Reputation: 0
Joined: 21 Jan 2006 Posts: 956
|
Posted: Sun May 06, 2007 4:48 am Post subject: |
|
|
Opcode you must patch it or get the pass ;p
_________________
|
|
Back to top |
|
|
opcode0x90 Cheater Reputation: 0
Joined: 05 Aug 2006 Posts: 27
|
Posted: Tue May 08, 2007 6:32 am Post subject: |
|
|
Solved it for real this time lol
|
|
Back to top |
|
|
Renkokuken GO Moderator Reputation: 4
Joined: 22 Oct 2006 Posts: 3249
|
Posted: Tue May 08, 2007 11:36 am Post subject: |
|
|
Opcode, what did I tell you?
Ironic right, I said it was probably "ILoveLinda" or "LindaIsMyPie" or something on that IRC.
|
|
Back to top |
|
|
opcode0x90 Cheater Reputation: 0
Joined: 05 Aug 2006 Posts: 27
|
Posted: Tue May 08, 2007 8:41 pm Post subject: |
|
|
Statement proved.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sun Jul 15, 2007 2:42 am Post subject: |
|
|
am i the only 1 who gets error when opening with olly or reflector?
|
|
Back to top |
|
|
|