View previous topic :: View next topic |
Author |
Message |
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Jan 07, 2008 12:52 pm Post subject: |
|
|
Decompiled it to check out the code (not the actual code but easier to tell whats what) and noticed your class module. Not sure if you are using everything from this module (I see a hex string when you break on the checks and such so I would assume you are using at least 3 of the things in that module.)
I assume you are using these ones:
- HexToDec (or HeToBinary)
- DecryptToText
- RemoveAllSpaces
Along with that you have a string that gets passed:
asdkjlfhbdsjkfalbdskajfdbsakfjdbsal
I assume this is being used with the EncryptKey function to set the encryption key that is used to decrypt the pass. (If it is encrypted.)
I didn't spend too much time with this, just looked for the basics, then for a few more advanced methods. As for what I can guess the password is:
29 16 1D 4B 27 0D 08 48 35 0C 12 1E 18 46 34 1C 5D 44 3A 1F 12 4A 2B 1D 42 41 0F 0F 46 29 16 03 10 0
Again, in hex, not positive it's just what shows up in the push stack for the compare. I'm not really in the mood to sit and figure out the encryption method to find out what that line means.
To anyone that wants to figure it out by phishing:
Open in Olly, push play to start. Ctrl+A to analyze. Right click in the code, goto Search -> All String References. Locate:
Code: | Text strings referenced in CrackMe:.text, item 208
Address=00402BA0
Disassembly=MOV DWORD PTR SS:[EBP-64],CrackMe.00402050
Text string=UNICODE "29 16 1D 4B 27 0D 08 48 35 0C 12 1E 18 46 34 1C 5D 44 3A 1F 12 4A 2B 1D 42 41 0F 0F 46 29 16 03 10 0"
|
Follow in disassembler. Look a few lines down for:
Code: | 00402BAE . FF15 70104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq
|
Set a breakpoint there. Type in something random, hit Check, it will break. Lower right corner is the push stack, scroll down a little till you see the above hex string. A little further down will be your inputted password in hex. So just sit there and keep testing random letters to get what you want.
To start you off:
29 = H
_________________
- Retired. |
|
Back to top |
|
|
dnsi0 I post too much Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Mon Jan 07, 2008 12:56 pm Post subject: |
|
|
Shyt >.< I forgot to encrypt the key... Please Dont solve it Wiccaan >.< I gota encrypt the key...
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Mon Jan 07, 2008 4:01 pm Post subject: |
|
|
dnsi0 wrote: | Your Attempt PHAILZ. Wrong Crackme password...
|
I didnt fail, You fail to understand what i did.
By correcting that jump i can use any password i wanted except the real one.
Just because i said password = blah blah blah... thats just showing you it can be anything but the real password and it is a win.
In reality any software that had this code would have been cracked to use any password i wish.
Now if you would have put rules on how it was to be performed then i would not have been following the rules of the crack me.
-----------------------------------------------------------------------------------------
Yeah Wicc your right on track about the conversion, if you look in the call you can see it. Also it is converting to binary.
_________________
|
|
Back to top |
|
|
dnsi0 I post too much Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Mon Jan 07, 2008 4:46 pm Post subject: |
|
|
Sorry Labrynth. I didn't get what you ment. I thought you posted a password =(
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Mon Jan 07, 2008 5:54 pm Post subject: |
|
|
Yeah my own lol.
_________________
|
|
Back to top |
|
|
dnsi0 I post too much Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Mon Jan 07, 2008 5:57 pm Post subject: |
|
|
And Labrynth, Hoiw did you crack this. Can you pm me the steps? I just wanna start Cracking CrackMes too.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Jan 07, 2008 6:30 pm Post subject: |
|
|
Ok after about 5-10min of phishing I got bored. Anyone that wants the start:
Hey Man Whats Up? Its My 2nd Crack
_________________
- Retired. |
|
Back to top |
|
|
dnsi0 I post too much Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Tue Jan 08, 2008 8:18 pm Post subject: |
|
|
Wiccaan... How can you get board? Ill give you the crypt Class if you want. o.o Decode it faster?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Jan 09, 2008 3:28 am Post subject: |
|
|
dnsi0 wrote: | Wiccaan... How can you get board? Ill give you the crypt Class if you want. o.o Decode it faster? |
I got bored cause trial and error to phish a wtf long password is just not worth my time. If you give me the class I can just reverse the hex string instantly, making it pointless. Let someone else waste like an hour of their time figuring it out lol.
_________________
- Retired. |
|
Back to top |
|
|
dnsi0 I post too much Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Wed Jan 09, 2008 9:19 pm Post subject: |
|
|
1 hour??? This is less all you need to do is revers the Xor Operation on the CRYPT string. Easy. 10 mins tops.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Jan 09, 2008 10:08 pm Post subject: |
|
|
dnsi0 wrote: | 1 hour??? This is less all you need to do is revers the Xor Operation on the CRYPT string. Easy. 10 mins tops. |
I wasn't phishing it like that. I was using my own method. Trial and error based on the stacks compare. I'm too lazy to pull the function and reverse it.
_________________
- Retired. |
|
Back to top |
|
|
|