Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Get the password crap.
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Fri Dec 19, 2008 1:00 am    Post subject: Get the password crap. Reply with quote

The drill:
No point in patching, brute forcing is for bitches.

Get the password - it is a little harder than a plain text comparison, but easier than getting the password from an md5 hash.

Enjoy,
~nog_lorp

_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
&Vage
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Jul 2008
Posts: 1053

PostPosted: Fri Dec 19, 2008 10:45 am    Post subject: Reply with quote

Will my penis satisfy your asshole? Very Happy

"aabbbbbb"
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null

PostPosted: Fri Dec 19, 2008 10:51 am    Post subject: Reply with quote

abcdefg


If it begins with a then it's always right.
Back to top
View user's profile Send private message MSN Messenger
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Fri Dec 19, 2008 1:58 pm    Post subject: Reply with quote

No, the "I've had better" message is the fail message.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
armakapo
Newbie cheater
Reputation: 0

Joined: 12 Jul 2007
Posts: 19

PostPosted: Sun Dec 21, 2008 9:49 pm    Post subject: Reply with quote

how can you get the pass? i have no clue D: i didn't find anything with ollydbg, what can i try next?
_________________
KONOHA SENPUU!
Back to top
View user's profile Send private message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Sun Dec 21, 2008 10:52 pm    Post subject: Reply with quote

The plain text password isn't contained in the program. You have to figure out how the algorithm works.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
armakapo
Newbie cheater
Reputation: 0

Joined: 12 Jul 2007
Posts: 19

PostPosted: Sun Dec 21, 2008 11:10 pm    Post subject: Reply with quote

hmm the thing is ... i don't have any idea on what to do xD i know some c++ and that's it xD
do i need to learn some ollydbg or some kind of language to crack those things? i just don't know how to start to crack xD any guide or very simple crackme appreciated ^^

_________________
KONOHA SENPUU!
Back to top
View user's profile Send private message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Mon Dec 22, 2008 12:14 am    Post subject: Reply with quote

Reverse engineering. Trace through with ollydbg and/or IDA pro. I would definitely not recommend this one at all. It is written in C though FYI.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
armakapo
Newbie cheater
Reputation: 0

Joined: 12 Jul 2007
Posts: 19

PostPosted: Mon Dec 22, 2008 12:51 am    Post subject: Reply with quote

well i have just learnt some basics of ollydbg with few vb basic examples.
i give up on this, i got no clue how to do it.

_________________
KONOHA SENPUU!
Back to top
View user's profile Send private message
Reak
I post too much
Reputation: 0

Joined: 15 May 2007
Posts: 3496

PostPosted: Mon Dec 22, 2008 4:56 am    Post subject: Reply with quote

Code:
ASCII "Insert password into passhole (8 characters, a-p only):"
ASCII "That password was soooooo good!"
ASCII "My passhole only accepts pure a-p passwords, not dirty ethnic passwords."
ASCII "Your password is too big/too smal to satisfy my passhole!"
ASCII "That password was ok, but I've had better."
ASCII "WTF That's the wrong hole!"


Ok which of these messages am I supposed to get if the password is correct?
Back to top
View user's profile Send private message
sponge cake recipe
Grandmaster Cheater Supreme
Reputation: 22

Joined: 24 Sep 2007
Posts: 1635

PostPosted: Mon Dec 22, 2008 5:03 am    Post subject: Reply with quote

I'm guessing
Code:
ASCII "That password was soooooo good!"
Back to top
View user's profile Send private message
blackmorpheus
Expert Cheater
Reputation: 0

Joined: 05 Apr 2008
Posts: 159

PostPosted: Mon Dec 22, 2008 6:37 am    Post subject: Reply with quote

nop the JE at 004017CD for stupid plain patching.
otherwise, look at the algorithm at 00401707.

The algorithm is pretty hard Very Happy, it depends only on the first four letters i think.

and SHL EDX,4 means EDX = EDX * 16 right?
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Mon Dec 22, 2008 1:22 pm    Post subject: Reply with quote

blackmorpheus wrote:
otherwise, look at the algorithm at 00401707.
The algorithm is pretty hard Very Happy, it depends only on the first four letters i think.
and SHL EDX,4 means EDX = EDX * 16 right?
Code:
00401707  |> /0FBE144E      /MOVSX EDX,BYTE PTR DS:[ESI+ECX*2]       ;  Which Hole Routine (aaaaaaaa)
0040170B  |. |0FB6444E 01   |MOVZX EAX,BYTE PTR DS:[ESI+ECX*2+1]
00401710  |. |83EA 61       |SUB EDX,61
00401713  |. |C1E2 04       |SHL EDX,4
00401716  |. |2C 61         |SUB AL,61
00401718  |. |08D0          |OR AL,DL
0040171A  |. |8881 70704000 |MOV BYTE PTR DS:[ECX+407070],AL
00401720  |. |41            |INC ECX
00401721  |. |83F9 03       |CMP ECX,3
00401724  |.^\7E E1         \JLE SHORT crackme.00401707
00401726  |.  8B15 70704000 MOV EDX,DWORD PTR DS:[407070]
0040172C  |.  85D2          TEST EDX,EDX
0040172E  |.  0F84 F3000000 JE crackme.00401827                      ;  endr

AKA this part doesn't really matter. Except for the part where it converts the 8 letters into a dword.

examplestring wrote:
abcdefgh -> ghefcdab (ASCII - 61) -> 67452301.


The shl edx, 4 just shifts all the nibbles to the left. Meaning the lowest nibble will be zero after the operation. You shouldn't care about the flag change though. Endian change. =)

Anyways, I haven't gotten much farther than that because of sleep deprivation. I only remember stepping through the strange offset storing loop. (Stored offsets like 7xxh times.) I'll work on it later.

_________________
Back to top
View user's profile Send private message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Mon Dec 22, 2008 2:03 pm    Post subject: Reply with quote

Good work. The wronge hole message is because aaaaaaaa tokenizes to 0 in my algorithm, which causes a division by 0 later.

Just FYI, a rundown of the messages:
ASCII "Insert password into passhole (8 characters, a-p only):"
--Password prompt
ASCII "That password was soooooo good!"
--Correct password
ASCII "My passhole only accepts pure a-p passwords, not dirty ethnic passwords."
--Password contained invalid characters
ASCII "Your password is too big/too smal to satisfy my passhole!"
--Password was not 8 characters.
ASCII "That password was ok, but I've had better."
--Password was incorrect (my bad, this was rather ambiguous).
ASCII "WTF That's the wrong hole!"
--You put in a password of "aaaaaaaa" you hoe.

_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
armakapo
Newbie cheater
Reputation: 0

Joined: 12 Jul 2007
Posts: 19

PostPosted: Mon Dec 22, 2008 5:19 pm    Post subject: Reply with quote

how do u "discover" the algorithms with olly? ^^
also, in this crackme, it's supposed to be in the source somehing like this?:
string correctpwd="something";
if (encryptPwd(correctpwd) == inputtedpwd) {
it was good. blah blah blah;
else {
blah blah blah}

my idea is that, is the pwd is encrypted with some algorithm at the function encryptPwd?
if not, which could be the possible method it was encrypted?
i'm yet a nab Razz

_________________
KONOHA SENPUU!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites