View previous topic :: View next topic |
Author |
Message |
Fafaffy Cheater Reputation: 65
Joined: 12 Dec 2007 Posts: 28
|
Posted: Sun Mar 22, 2009 11:26 pm Post subject: easy crack me |
|
|
ok, this was made in VB 2008 express edition.
the way this validates the code is by going to a url that uses the GET method to check the serial, if it's valid it says that, else my program will make a message box explaining the problem.
this should be easy to NOP the website check and making it think that it's valid.
oh and by the way this adds a couple of registries, to delete them go to HKEY_CURRENT_USER and delete the fafaffy folder
_________________
Brillia wrote: | I FUCKING FUCK SEX |
|
|
Back to top |
|
|
Boon Cheater Reputation: 0
Joined: 13 Jan 2009 Posts: 29 Location: Latvia
|
Posted: Mon Mar 23, 2009 2:29 am Post subject: |
|
|
There seems to be an xss vulnreability. Code: |
http://valid.fafaffy.com/index.php?&sn=%3Cfont%20color=red%3Exss%3C/font%3E%3CSCRIPT%3Ealert(document.cookie);%3C/SCRIPT%3E |
edit:
Cracked!
Any serial is accepted now.
|
|
Back to top |
|
|
ElitestFX Expert Cheater Reputation: 0
Joined: 01 Nov 2007 Posts: 218
|
Posted: Mon Mar 23, 2009 11:35 am Post subject: |
|
|
How did you approach this?
|
|
Back to top |
|
|
Boon Cheater Reputation: 0
Joined: 13 Jan 2009 Posts: 29 Location: Latvia
|
Posted: Mon Mar 23, 2009 12:38 pm Post subject: |
|
|
If the question was addressed to me ,then I tampered with IL ,
It used to be like this(pseudocode):
push result from web
push <the string the web would return if the key is right>
<compare>
If (equal)
<stuff to do when password is right>
else
<stuff to do when password is wrong>
I did a small change
push <the string the web would return if the key is right>
push <the string the web would return if the key is right>
<compare>
If (equal)
<stuff to do when password is right>
else
<stuff to do when password is wrong>'Never happens , since It's comparing identical strings.
I find it really hard to explain , sorry.
|
|
Back to top |
|
|
ElitestFX Expert Cheater Reputation: 0
Joined: 01 Nov 2007 Posts: 218
|
Posted: Mon Mar 23, 2009 1:09 pm Post subject: |
|
|
No need to apologize. I understand your detailed explanation. I appreciate your time in responding.
What is IL? I googled it and found IL Assembly, but I wasn't sure if that was what you were talking about.
http://www.codeproject.com/KB/msil/ilassembly.aspx
How did you located that routine? When I open the crackme in OllyDBG, the disassembler, dump, and stack was empty. I got the code loaded by breaking on MessageBoxW, and I tried to trace back from there. I failed trying to find the check.
Any hints on where to break?
|
|
Back to top |
|
|
Boon Cheater Reputation: 0
Joined: 13 Jan 2009 Posts: 29 Location: Latvia
|
Posted: Mon Mar 23, 2009 1:28 pm Post subject: |
|
|
I didn't use olly for this task , I find cracking anything .NET with the normal tools quite frustrating.
Yes , it's the same IL I was talking about.
I used .NET reflector with Reflexil addon(for modification)
This is how it looks
|
|
Back to top |
|
|
S3NSA :3 Reputation: 1
Joined: 06 Dec 2006 Posts: 1908 Location: England.
|
Posted: Mon Mar 23, 2009 1:30 pm Post subject: |
|
|
IL stands for Intermediate Language and is what programs written in .NET are compiled into. Upon runtime they use the .NET Framework JIT (Just in time) compiler to compile it into native code.
You won't be able to analyse a program written in .NET in OllyDBG, not completely sure but I think it's because the compiler converts the IL as needed when executing. You may analyse .NET executables and dynamic libraries in IDA.
_________________
~ You can find me on irc.ccplz.net x |
|
Back to top |
|
|
Fafaffy Cheater Reputation: 65
Joined: 12 Dec 2007 Posts: 28
|
Posted: Mon Mar 23, 2009 3:00 pm Post subject: |
|
|
still thought this would be easy to anyone, cuz it checks the string that came back from the server, all you had to do was NOP the check or change the string.
_________________
Brillia wrote: | I FUCKING FUCK SEX |
|
|
Back to top |
|
|
ElitestFX Expert Cheater Reputation: 0
Joined: 01 Nov 2007 Posts: 218
|
Posted: Mon Mar 23, 2009 3:06 pm Post subject: |
|
|
Boon, thanks for the information about Reflexil. It's a very useful add-in. I basically used your method. Instead of comparing prompt with 602, I made it compare two constants of 601. =)
S3NSA, I will definitely look into using IDA.
fafaffy, I suppose it is easy for the people who know which tools to use.
|
|
Back to top |
|
|
rockman1190 Grandmaster Cheater Reputation: 0
Joined: 10 Jan 2007 Posts: 730
|
Posted: Fri Apr 03, 2009 8:51 am Post subject: What is IDA? |
|
|
S3nsa, what is IDA? I've got an .exe to be cracked and PE Detective says it's .NET ... you said ollydbg won't be able to "read" it... Thanks.
Edit: I googled. IDA website
http://www.hex-rays.com/idapro/idadownfreeware.htm
|
|
Back to top |
|
|
|