Cheat Engine

ups2000ups

No patch needed only serial (hope it will be harder lol)

+ Rep to the first who get the real password (sorry sunbeam cant +rep you =D )

tell me if it was harder this time ....

zart · Posted: Fri Aug 24, 2007 11:20 am Post subject:

pass is: 156516

set a bp at;
0045385B |. E8 8C0DFBFF CALL Project1.004045EC

you can peak the values pretty quickly, eax holds your pass, edx holds correct one

didn't take longer than a minute if that... so it was better - but thats not saying much... nice work though, keep it up and make them harder!

ups2000ups · Posted: Fri Aug 24, 2007 11:28 am Post subject:

zart · Posted: Fri Aug 24, 2007 11:51 am Post subject:

How are you comparing it?

Are you combining the password from different places - then comparing it to my value?

It doesn't matter how much you encrypt the password if you do that;

example (i know you used delphi, but i hate it and refuse to code in it so this is c code)

i enter the password
you 'decode' your password
then perform a check something like if (string1==string2) then win

if your not comparing an 'encrypted' string1 to an 'encrypted' string2, then both values are peekable.

i KNOW what my string is, so if i find it in text being compared to something, that means the other string must not be encrypted... see what i mean?

edit:
now that i think of it, it may help everyone too, post your code for this crackme. I'll analyze it and show you where the weakness is.

merkark12 · Posted: Fri Aug 24, 2007 1:07 pm Post subject:

its kinda like to same thing as the last one, set a bp on the call before the jnz, f7 in the call, and the pass is in plain text ... seemed the same as the first one Smile

SunBeam · Posted: Fri Aug 24, 2007 1:30 pm Post subject:

Sorry for not being able to make it in time. House chores, cleaning up, painting, shit like that. Anyway, if it's a VB app, stop using god damn __vbaStrCmp. If it's C++ or Delphi, hash your real_pass (XOR it or something, or have it statically implemented and decoded during run-time) and compare hashes, not passwords Very Happy

@ups: Yeah, no rep for me =] No biggie...

Symbol · Posted: Fri Aug 24, 2007 1:38 pm Post subject:

after zart told me that eax holds the pass, of course i didnt want to see it but i saw that he said "eax holds your pass" didnt actually see what it is, u can see it at: 45386A
see picture:

i see u used 3 variables and then did edit1.text = var1+var2+var3 Wink

i couldnt find that eax and edx holds the pass, im still kinda new to olly but i saw other usful (maybe better programs like olly in lena's tuts, but didnt downloaded :O

zart · Posted: Fri Aug 24, 2007 1:47 pm Post subject:

Symbol · Posted: Fri Aug 24, 2007 1:50 pm Post subject:

oh yea, only now it makes sence... i never thought about it, i thought about the registers as random values or something... but they must hold the pass yea i get it... how stupid of me ^_^
well every day im being better at cracking Very Happy

ups2000ups · Posted: Fri Aug 24, 2007 10:00 pm Post subject:

haha01haha01 · Posted: Sat Aug 25, 2007 8:40 am Post subject: