 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
 Posted: Mon Apr 21, 2008 12:57 pm Post subject: CrackMeV2 |
 |
|
Man, this was so fun too make  . Still shitty and I want to see how Wiccaan or someone rips it apart in seconds  .
PS: Tips on making a sweet crackme are appreciated =D.
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Mon Apr 21, 2008 1:37 pm Post subject: |
|
|
Firstly, you make a thread, to make a thread, to check IsDebuggerPresent via inline:
Pulls the debugger present flag from the TEB->PEB block.
| Code: | 004012D8 . 64:A1 1800000>MOV EAX,DWORD PTR FS:[18]
004012DE . 3E:8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
004012E2 . 3E:0FB640 02 MOVZX EAX,BYTE PTR DS:[EAX+2]
004012E7 . 83F8 01 CMP EAX,1 |
To "crack" it you can simply edit:
| Code: | | 00401201 . 83F8 01 CMP EAX,1 |
This is the overall compare to check if the password was correct or not.
Anyway the key:
fr15-fhe1eh1-gdsl31ftd-lkf203fq
Fairly easy:
| Code: | 00401350 |> /8A4C04 10 /MOV CL,BYTE PTR SS:[ESP+EAX+10]
00401354 |. |80F9 25 |CMP CL,25
00401357 |. |75 07 |JNZ SHORT CrackMeV.00401360
00401359 |. |C64404 10 2D |MOV BYTE PTR SS:[ESP+EAX+10],2D
0040135E |. |EB 07 |JMP SHORT CrackMeV.00401367
00401360 |> |80F1 02 |XOR CL,2
00401363 |. |884C04 10 |MOV BYTE PTR SS:[ESP+EAX+10],CL
00401367 |> |8A5C04 10 |MOV BL,BYTE PTR SS:[ESP+EAX+10]
0040136B |. |8D0C06 |LEA ECX,DWORD PTR DS:[ESI+EAX]
0040136E |. |C64404 10 00 |MOV BYTE PTR SS:[ESP+EAX+10],0
00401373 |. |3A5C0C 10 |CMP BL,BYTE PTR SS:[ESP+ECX+10]
00401377 |. |75 06 |JNZ SHORT CrackMeV.0040137F
00401379 |. |40 |INC EAX
0040137A |. |45 |INC EBP
0040137B |. |3BC2 |CMP EAX,EDX
0040137D |.^\7C D1 \JL SHORT CrackMeV.00401350 |
C++ code to generate the key:
| Code: | #include <windows.h>
int main()
{
char szEncKey[] = "dp37%djg3gj3%efqn13dvf%nid021ds";
for( int x=0; x<strlen(szEncKey); x++ )
{
if( szEncKey[x] != '%' )
szEncKey[x] = (char)(szEncKey[x] ^ 2);
else
szEncKey[x] = 0x2D;
}
return 0;
} |
_________________
- Retired. |
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Mon Apr 21, 2008 1:43 pm Post subject: |
|
|
| Code: | | 00401360 |> |80F1 02 |XOR CL,2 |
Yeah, it's pretty simple. But hey, i've got the whole of tomorrow to write a proper encryption routine.
Oh and the thread which makes the other thread also checks for a debugger.
EDIT: Lol, i'm stupid. I spent so long making it all stupid and obfuscated in places that I actually forgot to de-optimize my encryption function.
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Mon Apr 21, 2008 2:35 pm Post subject: |
|
|
| So it baiscly generates a random password using random typed characters ?
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
