Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[crackme] find the pass 2 (easier)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
zart
Master Cheater
Reputation: 0

Joined: 20 Aug 2007
Posts: 351
Location: russia

PostPosted: Tue Aug 21, 2007 11:14 am    Post subject: [crackme] find the pass 2 (easier) Reply with quote

coded in vc++
another console app since sunbeam loved it last time Wink


should be easier than the last

post password - not a patch that allows any password o_0

_________________
0x7A 0x61 0x72 0x74

TEAM RESURRECTiON
Back to top
View user's profile Send private message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.

PostPosted: Tue Aug 21, 2007 11:35 am    Post subject: Reply with quote

u have to patch it right?
becuase it test edx,edx and if theyre equal (which they are...) it jumps to the badboy...

umm why is this oposite?
like its:
____
|title|
line1
line2

so in olly its

line2
line1
title

O_O lol nvm...
Back to top
View user's profile Send private message
zart
Master Cheater
Reputation: 0

Joined: 20 Aug 2007
Posts: 351
Location: russia

PostPosted: Tue Aug 21, 2007 12:08 pm    Post subject: Reply with quote

this *should* be done without patching... though go for patching if it helps

oh, and this should be easier than my other one... but that doesn't mean it's a cake walk..

_________________
0x7A 0x61 0x72 0x74

TEAM RESURRECTiON
Back to top
View user's profile Send private message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.

PostPosted: Tue Aug 21, 2007 1:15 pm    Post subject: Reply with quote

yea i havent learned that much to crack even that... im now downloading lena's 3rd tutorial of like 17 Very Happy i learned how to use a fake file that is being read by the program so its like a keygen Smile
Back to top
View user's profile Send private message
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Tue Aug 21, 2007 9:50 pm    Post subject: Reply with quote

zart, i must fix u, this is WAY more easier then ur first 1.
ur first 1 i didnt even find where the msg is called.
now i just search for text strings and i see the goodboy and badboy.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
zart
Master Cheater
Reputation: 0

Joined: 20 Aug 2007
Posts: 351
Location: russia

PostPosted: Tue Aug 21, 2007 9:56 pm    Post subject: Reply with quote

haha01haha01 wrote:
zart, i must fix u, this is WAY more easier then ur first 1.
ur first 1 i didnt even find where the msg is called.
now i just search for text strings and i see the goodboy and badboy.


I tried to make it easier for everyone... Very Happy just because i left SOME strings in there - doesn't mean it THAT much easier!

_________________
0x7A 0x61 0x72 0x74

TEAM RESURRECTiON
Back to top
View user's profile Send private message
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Tue Aug 21, 2007 10:15 pm    Post subject: Reply with quote

it is much easier.
i alredy dig deep in the code and almost find solution.
i found that the main idea is that the dword on 12ff70 will be equal to eax. if it is that command that i first saw in ur code, sete, will make cl 1 then when cl is being moved into 12ff50 it will be 1, then after 12ff50 being moved to edx it will be 1, then the test edx,edx will show zf 0, mean the JE wont be taken.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
zart
Master Cheater
Reputation: 0

Joined: 20 Aug 2007
Posts: 351
Location: russia

PostPosted: Tue Aug 21, 2007 10:19 pm    Post subject: Reply with quote

haha01haha01 wrote:
it is much easier.
i alredy dig deep in the code and almost find solution.
i found that the main idea is that the dword on 12ff70 will be equal to eax. if it is that command that i first saw in ur code, sete, will make cl 1 then when cl is being moved into 12ff50 it will be 1, then after 12ff50 being moved to edx it will be 1, then the test edx,edx will show zf 0, mean the JE wont be taken.


so whats the pass? Rolling Eyes

_________________
0x7A 0x61 0x72 0x74

TEAM RESURRECTiON
Back to top
View user's profile Send private message
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Tue Aug 21, 2007 10:48 pm    Post subject: Reply with quote

i dunno.
but i just reached the lvl when i dont feel like digging deeper so im kina quitting.
for those who crack the crackme - take a look at 401120 until 4011a6. the main idea in this peice of code is that LOCAL3 will be C057A843.
if it will be that, ur pass is right, and i alredy verified that by patching.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
merkark12
Advanced Cheater
Reputation: 0

Joined: 04 Jul 2007
Posts: 74
Location: In that program you just downloaded

PostPosted: Tue Aug 21, 2007 10:58 pm    Post subject: Reply with quote

wtf? i dont think it can be cracked only patched before the AND 0ff theres a MOV, which moves edx into ebx-28 which is ÌÌÌ and the pass needs to be ÌÌÌ + edx which is your pass... so the pass would be ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ times infinity correct me if im wrong
_________________


Back to top
View user's profile Send private message
zart
Master Cheater
Reputation: 0

Joined: 20 Aug 2007
Posts: 351
Location: russia

PostPosted: Tue Aug 21, 2007 11:20 pm    Post subject: Reply with quote

merkark12 wrote:
wtf? i dont think it can be cracked only patched before the AND 0ff theres a MOV, which moves edx into ebx-28 which is ÌÌÌ and the pass needs to be ÌÌÌ + edx which is your pass... so the pass would be ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ times infinity correct me if im wrong


nope

_________________
0x7A 0x61 0x72 0x74

TEAM RESURRECTiON
Back to top
View user's profile Send private message
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Tue Aug 21, 2007 11:29 pm    Post subject: Reply with quote

haha01haha01 wrote:
i dunno.
but i just reached the lvl when i dont feel like digging deeper so im kina quitting.
for those who crack the crackme - take a look at 401120 until 4011a6. the main idea in this peice of code is that LOCAL3 will be C057A843.
if it will be that, ur pass is right, and i alredy verified that by patching.

merkark, look at the part i was talking about, ull understand if ur a good cracker.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4022
Location: Romania

PostPosted: Wed Aug 22, 2007 4:37 am    Post subject: Reply with quote

haha01haha01 wrote:
it is much easier.
i alredy dig deep in the code and almost find solution.
i found that the main idea is that the dword on 12ff70 will be equal to eax. if it is that command that i first saw in ur code, sete, will make cl 1 then when cl is being moved into 12ff50 it will be 1, then after 12ff50 being moved to edx it will be 1, then the test edx,edx will show zf 0, mean the JE wont be taken.

You realize those are STACK addresses, which means they change data/content like 246174168741 a second? O_O Jeez...

@zart: I never said I couldn't find the pass. I just refused to post any info, since all mass-pretenders tend to try and make themselves look "cool" once someone posts the solution (e.g.: "Wow, it was so easy I broke my dick on it" after some dude posts the solution)

Cheers...
Back to top
View user's profile Send private message
Ksbunker
Advanced Cheater
Reputation: 0

Joined: 18 Oct 2006
Posts: 88

PostPosted: Wed Aug 22, 2007 6:55 pm    Post subject: re: Reply with quote

Just started messing with this one, I like it.

Ok this is what i've gathered thus far;

Code:
004012A9 MOV EDX,DWORD PTR SS:[EBP-28] ;edx=CCCCCC00h
004012AC AND EDX,0FF ;AND CCCCCC00, FF = 00h
004012B2 TEST EDX,EDX ; EDX = 00h
004012B4 JE SHORT crackme2.004012D3 ;IF EQUAL, JMP.BADBOY


Now, as long as [ebp-28] contains CCCCCC00h, it will jump to badboy. So, one can only presume that a correct serial, modifies ebp-28... so that it does not contain the above dword.

Anyway, bbs hopefully with a solution.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites