|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
zeroc0de Cheater Reputation: 0
Joined: 31 Aug 2008 Posts: 32
|
Posted: Mon Sep 08, 2008 3:18 pm Post subject: zeroc0de's Crackme v4.0 |
|
|
zeroc0de's Crackme v4.0
Difficulty : I must say kinda hard.
Figure the pass.
We already got a great winner which is, of course, Sunbeam.
But, can you do it?
Have Fun.
-- Before posting any passes, try them. You will see the good boy message.
|
|
Back to top |
|
|
pkedpker Master Cheater Reputation: 1
Joined: 11 Oct 2006 Posts: 412
|
Posted: Mon Sep 08, 2008 8:00 pm Post subject: |
|
|
notepad?? oO
lol im not a good cracker but i do believe replacing notepad in sys32 with custom app would be fun way 2 crack it
i think password injected into notepad from dll
i think i found it has all letters in abc usually used 4 hash decoding
Code: | 003B9C18 /$ 55 PUSH EBP
003B9C19 |. 8BEC MOV EBP,ESP
003B9C1B |. 83C4 E8 ADD ESP,-18
003B9C1E |. 53 PUSH EBX
003B9C1F |. 56 PUSH ESI
003B9C20 |. 57 PUSH EDI
003B9C21 |. 33C9 XOR ECX,ECX
003B9C23 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
003B9C26 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
003B9C29 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
003B9C2C |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
003B9C2F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
003B9C32 |. E8 8DAFFAFF CALL crackme.00364BC4
003B9C37 |. 33C0 XOR EAX,EAX
003B9C39 |. 55 PUSH EBP
003B9C3A |. 68 1A9D3B00 PUSH crackme.003B9D1A
003B9C3F |. 64:FF30 PUSH DWORD PTR FS:[EAX]
003B9C42 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
003B9C45 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
003B9C48 |. E8 C3AAFAFF CALL crackme.00364710
003B9C4D |. 33FF XOR EDI,EDI
003B9C4F |. 33C0 XOR EAX,EAX
003B9C51 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
003B9C54 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
003B9C57 |. 85C0 TEST EAX,EAX
003B9C59 |. 74 05 JE SHORT crackme.003B9C60
003B9C5B |. 83E8 04 SUB EAX,4
003B9C5E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
003B9C60 |> 8BF0 MOV ESI,EAX
003B9C62 |. 85F6 TEST ESI,ESI
003B9C64 |. 0F8E 8D000000 JLE crackme.003B9CF7
003B9C6A |. C745 F4 010000>MOV DWORD PTR SS:[EBP-C],1
003B9C71 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
003B9C74 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
003B9C77 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
003B9C7A |. 0FB6540A FF |MOVZX EDX,BYTE PTR DS:[EDX+ECX-1]
003B9C7F |. E8 74ACFAFF |CALL crackme.003648F8
003B9C84 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
003B9C87 |. BA 309D3B00 |MOV EDX,crackme.003B9D30 ; ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
003B9C8C |. E8 87B0FAFF |CALL crackme.00364D18
003B9C91 |. 8BD8 |MOV EBX,EAX
003B9C93 |. 4B |DEC EBX
003B9C94 |. 85DB |TEST EBX,EBX
003B9C96 |. 7C 5F |JL SHORT crackme.003B9CF7
003B9C98 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
003B9C9B |. C1E0 06 |SHL EAX,6
003B9C9E |. 03D8 |ADD EBX,EAX
003B9CA0 |. 895D F0 |MOV DWORD PTR SS:[EBP-10],EBX
003B9CA3 |. 83C7 06 |ADD EDI,6
003B9CA6 |. 83FF 08 |CMP EDI,8
003B9CA9 |. 7C 42 |JL SHORT crackme.003B9CED
003B9CAB |. 83EF 08 |SUB EDI,8
003B9CAE |. 8BCF |MOV ECX,EDI
003B9CB0 |. 8B5D F0 |MOV EBX,DWORD PTR SS:[EBP-10]
003B9CB3 |. D3EB |SHR EBX,CL
003B9CB5 |. 8BCF |MOV ECX,EDI
003B9CB7 |. B8 01000000 |MOV EAX,1
003B9CBC |. D3E0 |SHL EAX,CL
003B9CBE |. 8BC8 |MOV ECX,EAX
003B9CC0 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
003B9CC3 |. 99 |CDQ
003B9CC4 |. F7F9 |IDIV ECX
003B9CC6 |. 8955 F0 |MOV DWORD PTR SS:[EBP-10],EDX
003B9CC9 |. B9 00010000 |MOV ECX,100
003B9CCE |. 8BC3 |MOV EAX,EBX
003B9CD0 |. 99 |CDQ
003B9CD1 |. F7F9 |IDIV ECX
003B9CD3 |. 89D3 |MOV EBX,EDX
003B9CD5 |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
003B9CD8 |. 8BD3 |MOV EDX,EBX
003B9CDA |. E8 19ACFAFF |CALL crackme.003648F8
003B9CDF |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
003B9CE2 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CE5 |. E8 F2ACFAFF |CALL crackme.003649DC
003B9CEA |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CED |> FF45 F4 |INC DWORD PTR SS:[EBP-C]
003B9CF0 |. 4E |DEC ESI
003B9CF1 |.^0F85 7AFFFFFF \JNZ crackme.003B9C71
003B9CF7 |> 33C0 XOR EAX,EAX
003B9CF9 |. 5A POP EDX
003B9CFA |. 59 POP ECX
003B9CFB |. 59 POP ECX
003B9CFC |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
003B9CFF |. 68 219D3B00 PUSH crackme.003B9D21
003B9D04 |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
003B9D07 |. BA 02000000 MOV EDX,2
003B9D0C |. E8 23AAFAFF CALL crackme.00364734
003B9D11 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
003B9D14 |. E8 F7A9FAFF CALL crackme.00364710
003B9D19 \. C3 RETN
|
hash 2 decode by function
003B9DC2 |. B8 4C9E3B00 MOV EAX,crackme.003B9E4C ; ASCII "RczqPN1XP2vbU6K"
hash decodes 2 notepad.exe lol
more hashes
003B9968 |. BA 3C9A3B00 MOV EDX,crackme.003B9A3C ; ASCII "UcLiP64"
decoded 2 zelda
003B99CA |. BA 589A3B00 MOV EDX,crackme.003B9A58 ; ASCII "QMvaPNW"
decoded 2 index
003B99E7 |. BA 689A3B00 MOV EDX,crackme.003B9A68 ; ASCII "PszlP21gRs8"
decodes 2 good job
_________________
|
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
Posted: Tue Sep 09, 2008 6:48 am Post subject: |
|
|
Good work You know the pass now
|
|
Back to top |
|
|
pkedpker Master Cheater Reputation: 1
Joined: 11 Oct 2006 Posts: 412
|
Posted: Tue Sep 09, 2008 3:40 pm Post subject: |
|
|
not really lol..
_________________
|
|
Back to top |
|
|
zeroc0de Cheater Reputation: 0
Joined: 31 Aug 2008 Posts: 32
|
Posted: Tue Sep 09, 2008 8:29 pm Post subject: |
|
|
pkedpker wrote: | not really lol.. |
index
|
|
Back to top |
|
|
pkedpker Master Cheater Reputation: 1
Joined: 11 Oct 2006 Posts: 412
|
Posted: Tue Sep 09, 2008 8:32 pm Post subject: |
|
|
Lol no way... wow it worked
I just thought that was rubbish I just found of a bunch of hashes in find all strings in the exe and the injected dll in notepad.
and i guess that one slipped my mind.. lol i must of tried zeldaindex and just said screw this and gave up.
_________________
|
|
Back to top |
|
|
jackyyll Expert Cheater Reputation: 0
Joined: 28 Jan 2008 Posts: 143 Location: here
|
Posted: Thu Sep 11, 2008 10:37 am Post subject: |
|
|
Not that hard.. All i did was set a breakpoint in Crackme_v4.exe on ShellExecuteA, let it execute notepad.exe, attached a second olly to that then just breakpointed the hashed strings and input a password.
|
|
Back to top |
|
|
G0DFATHER How do I cheat? Reputation: 0
Joined: 14 May 2008 Posts: 0 Location: C:/Nexon/Maplestory
|
Posted: Mon Sep 15, 2008 5:49 pm Post subject: |
|
|
pkedpker wrote: | notepad?? oO
lol im not a good cracker but i do believe replacing notepad in sys32 with custom app would be fun way 2 crack it
i think password injected into notepad from dll
i think i found it has all letters in abc usually used 4 hash decoding
Code: | 003B9C18 /$ 55 PUSH EBP
003B9C19 |. 8BEC MOV EBP,ESP
003B9C1B |. 83C4 E8 ADD ESP,-18
003B9C1E |. 53 PUSH EBX
003B9C1F |. 56 PUSH ESI
003B9C20 |. 57 PUSH EDI
003B9C21 |. 33C9 XOR ECX,ECX
003B9C23 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
003B9C26 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
003B9C29 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
003B9C2C |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
003B9C2F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
003B9C32 |. E8 8DAFFAFF CALL crackme.00364BC4
003B9C37 |. 33C0 XOR EAX,EAX
003B9C39 |. 55 PUSH EBP
003B9C3A |. 68 1A9D3B00 PUSH crackme.003B9D1A
003B9C3F |. 64:FF30 PUSH DWORD PTR FS:[EAX]
003B9C42 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
003B9C45 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
003B9C48 |. E8 C3AAFAFF CALL crackme.00364710
003B9C4D |. 33FF XOR EDI,EDI
003B9C4F |. 33C0 XOR EAX,EAX
003B9C51 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
003B9C54 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
003B9C57 |. 85C0 TEST EAX,EAX
003B9C59 |. 74 05 JE SHORT crackme.003B9C60
003B9C5B |. 83E8 04 SUB EAX,4
003B9C5E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
003B9C60 |> 8BF0 MOV ESI,EAX
003B9C62 |. 85F6 TEST ESI,ESI
003B9C64 |. 0F8E 8D000000 JLE crackme.003B9CF7
003B9C6A |. C745 F4 010000>MOV DWORD PTR SS:[EBP-C],1
003B9C71 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
003B9C74 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
003B9C77 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
003B9C7A |. 0FB6540A FF |MOVZX EDX,BYTE PTR DS:[EDX+ECX-1]
003B9C7F |. E8 74ACFAFF |CALL crackme.003648F8
003B9C84 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
003B9C87 |. BA 309D3B00 |MOV EDX,crackme.003B9D30 ; ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
003B9C8C |. E8 87B0FAFF |CALL crackme.00364D18
003B9C91 |. 8BD8 |MOV EBX,EAX
003B9C93 |. 4B |DEC EBX
003B9C94 |. 85DB |TEST EBX,EBX
003B9C96 |. 7C 5F |JL SHORT crackme.003B9CF7
003B9C98 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
003B9C9B |. C1E0 06 |SHL EAX,6
003B9C9E |. 03D8 |ADD EBX,EAX
003B9CA0 |. 895D F0 |MOV DWORD PTR SS:[EBP-10],EBX
003B9CA3 |. 83C7 06 |ADD EDI,6
003B9CA6 |. 83FF 08 |CMP EDI,8
003B9CA9 |. 7C 42 |JL SHORT crackme.003B9CED
003B9CAB |. 83EF 08 |SUB EDI,8
003B9CAE |. 8BCF |MOV ECX,EDI
003B9CB0 |. 8B5D F0 |MOV EBX,DWORD PTR SS:[EBP-10]
003B9CB3 |. D3EB |SHR EBX,CL
003B9CB5 |. 8BCF |MOV ECX,EDI
003B9CB7 |. B8 01000000 |MOV EAX,1
003B9CBC |. D3E0 |SHL EAX,CL
003B9CBE |. 8BC8 |MOV ECX,EAX
003B9CC0 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
003B9CC3 |. 99 |CDQ
003B9CC4 |. F7F9 |IDIV ECX
003B9CC6 |. 8955 F0 |MOV DWORD PTR SS:[EBP-10],EDX
003B9CC9 |. B9 00010000 |MOV ECX,100
003B9CCE |. 8BC3 |MOV EAX,EBX
003B9CD0 |. 99 |CDQ
003B9CD1 |. F7F9 |IDIV ECX
003B9CD3 |. 89D3 |MOV EBX,EDX
003B9CD5 |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
003B9CD8 |. 8BD3 |MOV EDX,EBX
003B9CDA |. E8 19ACFAFF |CALL crackme.003648F8
003B9CDF |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
003B9CE2 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CE5 |. E8 F2ACFAFF |CALL crackme.003649DC
003B9CEA |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CED |> FF45 F4 |INC DWORD PTR SS:[EBP-C]
003B9CF0 |. 4E |DEC ESI
003B9CF1 |.^0F85 7AFFFFFF \JNZ crackme.003B9C71
003B9CF7 |> 33C0 XOR EAX,EAX
003B9CF9 |. 5A POP EDX
003B9CFA |. 59 POP ECX
003B9CFB |. 59 POP ECX
003B9CFC |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
003B9CFF |. 68 219D3B00 PUSH crackme.003B9D21
003B9D04 |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
003B9D07 |. BA 02000000 MOV EDX,2
003B9D0C |. E8 23AAFAFF CALL crackme.00364734
003B9D11 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
003B9D14 |. E8 F7A9FAFF CALL crackme.00364710
003B9D19 \. C3 RETN
|
hash 2 decode by function
003B9DC2 |. B8 4C9E3B00 MOV EAX,crackme.003B9E4C ; ASCII "RczqPN1XP2vbU6K"
hash decodes 2 notepad.exe lol
more hashes
003B9968 |. BA 3C9A3B00 MOV EDX,crackme.003B9A3C ; ASCII "UcLiP64"
decoded 2 zelda
003B99CA |. BA 589A3B00 MOV EDX,crackme.003B9A58 ; ASCII "QMvaPNW"
decoded 2 index
003B99E7 |. BA 689A3B00 MOV EDX,crackme.003B9A68 ; ASCII "PszlP21gRs8"
decodes 2 good job |
ur good nice
_________________
GROOT FTW!!! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
|
|