Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Enable this

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
GordonBM
Expert Cheater
Reputation: 0

Joined: 06 Jul 2007
Posts: 205

PostPosted: Fri Aug 13, 2010 12:23 pm    Post subject: Enable this Reply with quote

Goal:
Enable the button for free candy.

Protection:
-Obfuscated

http://rapidshare.com/files/412752148/EnableMe1obs.rar.html

Enjoy.

_________________
maxuer wrote:

:p What is a memory scanner and where I found one?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Fri Aug 13, 2010 3:00 pm    Post subject: Reply with quote

Does the button do anything after it's enabled? I enabled it, only thing that changed now is every time the application starts, I get a message box saying:

'DETECTED!!! NO CHEATING!!!'

Some info behind the buttons property:

Code:
IL_0000: 3802000000       br IL_0007
IL_0005: 26               pop
IL_0006: 16               ldc.i4.0
IL_0007: 00               nop                           // <== IL_0000
IL_0008: 02               ldarg.0                       // ARG: This
IL_0009: 734B00000A       newobj Void System.Windows.Forms.Button::.ctor()
IL_000E: 6F33000006       callvirt Void CrackmeButton.Form1::set_Button1(Class  System.Windows.Forms.Button)
IL_0013: 00               nop
IL_0014: 02               ldarg.0                       // ARG: This
IL_0015: 6F4C00000A       callvirt Void System.Windows.Forms.Control::SuspendLayout()
IL_001A: 00               nop
IL_001B: 02               ldarg.0                       // ARG: This
IL_001C: 6F32000006       callvirt Class  System.Windows.Forms.Button CrackmeButton.Form1::get_Button1()
IL_0021: 16               ldc.i4.0 // <-- This is FALSE flag for button.
IL_0022: 6F4D00000A       callvirt Void System.Windows.Forms.Control::set_Enabled(Boolean)


After locating the above, just hex edit the file to patch the lines to force the set_Enabled to pass true instead. (True is 0x17 if you are wondering.)

Two patches to make what I said above happen:
Offset 0x00000F05 -> Change 0x16 to 0x17
Offset 0x000010DF -> Change 0x16 to 0x17

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
GordonBM
Expert Cheater
Reputation: 0

Joined: 06 Jul 2007
Posts: 205

PostPosted: Fri Aug 13, 2010 3:18 pm    Post subject: Reply with quote

Nice job, but you must get rid of that message box so that if you press the free candy button nothing happens. You might also noticed that after that message box pops up, the button is disabled again.
_________________
maxuer wrote:

:p What is a memory scanner and where I found one?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Fri Aug 13, 2010 3:48 pm    Post subject: Reply with quote

GordonBM wrote:
Nice job, but you must get rid of that message box so that if you press the free candy button nothing happens. You might also noticed that after that message box pops up, the button is disabled again.


Figured. Nothing hard to fix though, give me a few minutes need to reinstall my VM since it's being slow.

As for the button being re-disabled, the second offset I mentioned above prevents the button from getting disabled after the message box.

Either way, just need to nop out the message box or alter the 'is-enabled' check.


Edit :: Completed.

Ok since you said the button does nothing after it's enabled and clicked, should be finished now. No real point in posting the patched executable so I'll just post the information behind what needs to be done.

Basic just of what is done at startup, this is pseudo code:

Code:
load_form( )
{
    if( button.enabled == true )
    {
        MsgBox( "DETECTED!!!", "HACKING!!!" )
    }
    button.enabled = false
}


The button is set with button.enabled to false in the resource as well so there are two edits that need to be done for it with how the code is setup. First being the actual property when the button is created, the second being after the check if it's enabled.

On creation we have:
Code:
IL_0013: 00               nop
IL_0014: 02               ldarg.0                       // ARG: This
IL_0015: 6F4C00000A       callvirt Void System.Windows.Forms.Control::SuspendLayout()
IL_001A: 00               nop
IL_001B: 02               ldarg.0                       // ARG: This
IL_001C: 6F32000006       callvirt Class  System.Windows.Forms.Button CrackmeButton.Form1::get_Button1()
IL_0021: 16               ldc.i4.0
IL_0022: 6F4D00000A       callvirt Void System.Windows.Forms.Control::set_Enabled(Boolean)


Which says to set the buttons enabled flag to false when it's created. You can change the param 0x16 from false to true which is 0x17.

Next we find the code that detects the buttons state when the form loads which is:

Code:
IL_0007: 00               nop                           // <== IL_0000
IL_0008: 02               ldarg.0                       // ARG: This
IL_0009: 6F32000006       callvirt Class  System.Windows.Forms.Button CrackmeButton.Form1::get_Button1()
IL_000E: 6F6100000A       callvirt Boolean System.Windows.Forms.Control::get_Enabled()
IL_0013: 0A               stloc.0
IL_0014: 06               ldloc.0
IL_0015: 3911000000       brfalse IL_002B
IL_001A: 720F010070       ldstr "NO CHEATING!!!"
IL_001F: 16               ldc.i4.0
IL_0020: 722D010070       ldstr "DETECTED!!"
IL_0025: 286200000A       call ValueType  Microsoft.VisualBasic.MsgBoxResult Microsoft.VisualBasic.Interaction::MsgBox(System.Object, ValueType  Microsoft.VisualBasic.MsgBoxStyle, System.Object)
IL_002A: 26               pop
IL_002B: 02               ldarg.0                       // ARG: This ; <== IL_0015
IL_002C: 6F32000006       callvirt Class  System.Windows.Forms.Button CrackmeButton.Form1::get_Button1()
IL_0031: 6F6100000A       callvirt Boolean System.Windows.Forms.Control::get_Enabled()
IL_0036: 0A               stloc.0
IL_0037: 06               ldloc.0
IL_0038: 390D000000       brfalse IL_004A
IL_003D: 02               ldarg.0                       // ARG: This
IL_003E: 6F32000006       callvirt Class  System.Windows.Forms.Button CrackmeButton.Form1::get_Button1()
IL_0043: 16               ldc.i4.0
IL_0044: 6F4D00000A       callvirt Void System.Windows.Forms.Control::set_Enabled(Boolean)
IL_0049: 00               nop


Which you can see checks if it's enabled, if true tell us about it, then force the button back to disabled.

So three patches are used to achieve the goal:

Offset 0x00000F05:
0x16 to 0x17 (False to true property patch.)

Offset 0x000010DF:
0x16 to 0x17 (False to true property patch, after message box and check.)

Offset 0x000010B1:
0x39 to 0x3A (Boolean compare to button enable property.)

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
GordonBM
Expert Cheater
Reputation: 0

Joined: 06 Jul 2007
Posts: 205

PostPosted: Fri Aug 13, 2010 4:30 pm    Post subject: Reply with quote

*Claps*

Very very nice indeed!

I will be releasing a new crackme with string encryption, obfuscation and compression and probably anti-debugging too.

_________________
maxuer wrote:

:p What is a memory scanner and where I found one?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Fri Aug 13, 2010 4:37 pm    Post subject: Reply with quote

Only thing I would say is make the button do something in the next one if you plan to use buttons. Just make the end result part of the application since just enabling a button isn't really much of a crackme. And it not doing anything kinda leaves the person cracking clueless if they completed the objective.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
GordonBM
Expert Cheater
Reputation: 0

Joined: 06 Jul 2007
Posts: 205

PostPosted: Fri Aug 13, 2010 4:48 pm    Post subject: Reply with quote

Wiccaan wrote:
Only thing I would say is make the button do something in the next one if you plan to use buttons. Just make the end result part of the application since just enabling a button isn't really much of a crackme. And it not doing anything kinda leaves the person cracking clueless if they completed the objective.



Alright man, no problem.

_________________
maxuer wrote:

:p What is a memory scanner and where I found one?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites