View previous topic :: View next topic |
Author |
Message |
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sat Jan 05, 2008 8:31 am Post subject: 1 Line CrackMe |
|
|
There's a nice trick, it worked with olly, I dunno about other disassemblers. (Like those that gives the source =\)
Try cracking it with olly/a dissassembler, not decompiler like IDA or whats its name...
-No patching/reversing.
-Take a picture of the disassembly where you found the password.
|
|
Back to top |
|
|
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sat Jan 05, 2008 8:53 am Post subject: |
|
|
Check if 0xFFF84B4C~ (~ = not) is the pass convert to dec.
Edit: 0xFFF84B4C = 4294462284, "NOTed" is -4294462285.
|
|
Back to top |
|
|
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sat Jan 05, 2008 9:08 am Post subject: |
|
|
Still, its not even close to the pass. its tricky.
|
|
Back to top |
|
|
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sat Jan 05, 2008 10:38 am Post subject: |
|
|
O rly? check 4294462284 and -4294462285...
And show me the "Congratulations" message if it is the pass.
|
|
Back to top |
|
|
Cx Master Cheater Reputation: 0
Joined: 27 Jul 2007 Posts: 367
|
Posted: Sat Jan 05, 2008 11:56 am Post subject: |
|
|
Uh, he corrected himself.
x0r wrote: | A typo on my part, the result of StrToInt is NOT'd. |
|
|
Back to top |
|
|
killersamurai Expert Cheater Reputation: 0
Joined: 10 Sep 2007 Posts: 197 Location: Colorado
|
Posted: Sat Jan 05, 2008 12:16 pm Post subject: |
|
|
Your password would be 0x0007b4b3 or 505011. Picture attached if you want proof.
The password is comparing to 4294462284. When the user enters a password, you not it. That would mean it is -4294462285. When you turn that into hex, it would be FFFFFFFF0007B4B3. As you can see, hex doesn't deal with negative numbers in the best way. Since you can have 8 (0xFFFFFFFF), you would take the first eight from the right side (which is 0007b4b3). If you not that number, you would end up with 505011 not = -505012 or FFFFFFFFFFF84B4C. Take the first eight on the right side and you end up the same number that the program is comparing to 0xFFF84B4C.
|
|
Back to top |
|
|
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sat Jan 05, 2008 12:45 pm Post subject: |
|
|
Good job! I wouldn't think about that if it wasn't my CrackMe.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sun Jan 06, 2008 11:59 am Post subject: |
|
|
505011....
this crackme is freakingly easy.
it just strtoint and then not it ... -.-
simply patched and made it sorta self cracking ^^ then i just got the password.
how-to:
1.bp the congratz string.
see the cmp eax,blalblahblah? change it to MOV.
change the next line to "not eax".
let the program run untill it stop in bp, and step over to see how the program notting eax.
after the patched code is done, look at eax, convert to dec.
voila~
|
|
Back to top |
|
|
Simsgy Grandmaster Cheater Reputation: 0
Joined: 07 May 2007 Posts: 581 Location: My new avatar <3
|
Posted: Mon Jan 07, 2008 3:02 pm Post subject: |
|
|
Wait a second, Symbol, are you that one from FXP who always annoys me?
LOL, I didn't recognize you
I'm -Simsgy-
_________________
|
|
Back to top |
|
|
|