Cheat Engine

Fafaffy · Cheater Reputation: 65 Joined: 12 Dec 2007 Posts: 28

ok, this was made in VB 2008 express edition.
the way this validates the code is by going to a url that uses the GET method to check the serial, if it's valid it says that, else my program will make a message box explaining the problem.
this should be easy to NOP the website check and making it think that it's valid.
oh and by the way this adds a couple of registries, to delete them go to HKEY_CURRENT_USER and delete the fafaffy folder

Boon · Posted: Mon Mar 23, 2009 2:29 am Post subject:

There seems to be an xss vulnreability.

ElitestFX · Posted: Mon Mar 23, 2009 11:35 am Post subject:

How did you approach this?

Boon · Posted: Mon Mar 23, 2009 12:38 pm Post subject:

If the question was addressed to me ,then I tampered with IL ,
It used to be like this(pseudocode):
push result from web
push <the string the web would return if the key is right>
<compare>
If (equal)
<stuff to do when password is right>
else
<stuff to do when password is wrong>

I did a small change

push <the string the web would return if the key is right>
push <the string the web would return if the key is right>
<compare>
If (equal)
<stuff to do when password is right>
else
<stuff to do when password is wrong>'Never happens , since It's comparing identical strings.

I find it really hard to explain , sorry.

ElitestFX · Posted: Mon Mar 23, 2009 1:09 pm Post subject:

No need to apologize. I understand your detailed explanation. I appreciate your time in responding.

What is IL? I googled it and found IL Assembly, but I wasn't sure if that was what you were talking about.
http://www.codeproject.com/KB/msil/ilassembly.aspx

How did you located that routine? When I open the crackme in OllyDBG, the disassembler, dump, and stack was empty. I got the code loaded by breaking on MessageBoxW, and I tried to trace back from there. I failed trying to find the check.

Any hints on where to break?

Boon · Posted: Mon Mar 23, 2009 1:28 pm Post subject:

I didn't use olly for this task , I find cracking anything .NET with the normal tools quite frustrating.

Yes , it's the same IL I was talking about.

I used .NET reflector with Reflexil addon(for modification)

This is how it looks

S3NSA · Posted: Mon Mar 23, 2009 1:30 pm Post subject:

IL stands for Intermediate Language and is what programs written in .NET are compiled into. Upon runtime they use the .NET Framework JIT (Just in time) compiler to compile it into native code.

You won't be able to analyse a program written in .NET in OllyDBG, not completely sure but I think it's because the compiler converts the IL as needed when executing. You may analyse .NET executables and dynamic libraries in IDA.

Fafaffy · Cheater Reputation: 65 Joined: 12 Dec 2007 Posts: 28

still thought this would be easy to anyone, cuz it checks the string that came back from the server, all you had to do was NOP the check or change the string.

ElitestFX · Posted: Mon Mar 23, 2009 3:06 pm Post subject:

Boon, thanks for the information about Reflexil. It's a very useful add-in. I basically used your method. Instead of comparing prompt with 602, I made it compare two constants of 601. =)

S3NSA, I will definitely look into using IDA.

fafaffy, I suppose it is easy for the people who know which tools to use. Wink

rockman1190 · Posted: Fri Apr 03, 2009 8:51 am Post subject: What is IDA?

S3nsa, what is IDA? I've got an .exe to be cracked and PE Detective says it's .NET ... you said ollydbg won't be able to "read" it... Thanks.

Edit: I googled. IDA website
http://www.hex-rays.com/idapro/idadownfreeware.htm