Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


VB Key Fish Me o.o There I changed The Title
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Mon Jan 07, 2008 12:52 pm    Post subject: Reply with quote

Decompiled it to check out the code (not the actual code but easier to tell whats what) and noticed your class module. Not sure if you are using everything from this module (I see a hex string when you break on the checks and such so I would assume you are using at least 3 of the things in that module.)

I assume you are using these ones:
- HexToDec (or HeToBinary)
- DecryptToText
- RemoveAllSpaces

Along with that you have a string that gets passed:
asdkjlfhbdsjkfalbdskajfdbsakfjdbsal

I assume this is being used with the EncryptKey function to set the encryption key that is used to decrypt the pass. (If it is encrypted.)

I didn't spend too much time with this, just looked for the basics, then for a few more advanced methods. As for what I can guess the password is:

29 16 1D 4B 27 0D 08 48 35 0C 12 1E 18 46 34 1C 5D 44 3A 1F 12 4A 2B 1D 42 41 0F 0F 46 29 16 03 10 0

Again, in hex, not positive it's just what shows up in the push stack for the compare. I'm not really in the mood to sit and figure out the encryption method to find out what that line means.

To anyone that wants to figure it out by phishing:

Open in Olly, push play to start. Ctrl+A to analyze. Right click in the code, goto Search -> All String References. Locate:

Code:
Text strings referenced in CrackMe:.text, item 208
 Address=00402BA0
 Disassembly=MOV DWORD PTR SS:[EBP-64],CrackMe.00402050
 Text string=UNICODE "29 16 1D 4B 27 0D 08 48 35 0C 12 1E 18 46 34 1C 5D 44 3A 1F 12 4A 2B 1D 42 41 0F 0F 46 29 16 03 10 0"


Follow in disassembler. Look a few lines down for:

Code:
00402BAE   .  FF15 70104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>;  MSVBVM60.__vbaVarTstEq



Set a breakpoint there. Type in something random, hit Check, it will break. Lower right corner is the push stack, scroll down a little till you see the above hex string. A little further down will be your inputted password in hex. So just sit there and keep testing random letters to get what you want.

To start you off:

29 = H

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Mon Jan 07, 2008 12:56 pm    Post subject: Reply with quote

Shyt >.< I forgot to encrypt the key... Please Dont solve it Wiccaan >.< I gota encrypt the key...
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Mon Jan 07, 2008 4:01 pm    Post subject: Reply with quote

dnsi0 wrote:
Your Attempt PHAILZ. Wrong Crackme password...


I didnt fail, You fail to understand what i did.
By correcting that jump i can use any password i wanted except the real one.
Just because i said password = blah blah blah... thats just showing you it can be anything but the real password and it is a win.
In reality any software that had this code would have been cracked to use any password i wish.
Now if you would have put rules on how it was to be performed then i would not have been following the rules of the crack me.
-----------------------------------------------------------------------------------------
Yeah Wicc your right on track about the conversion, if you look in the call you can see it. Also it is converting to binary.

_________________

Back to top
View user's profile Send private message
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Mon Jan 07, 2008 4:46 pm    Post subject: Reply with quote

Sorry Labrynth. I didn't get what you ment. I thought you posted a password =(
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Mon Jan 07, 2008 5:54 pm    Post subject: Reply with quote

Yeah my own lol.
_________________

Back to top
View user's profile Send private message
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Mon Jan 07, 2008 5:57 pm    Post subject: Reply with quote

And Labrynth, Hoiw did you crack this. Can you pm me the steps? I just wanna start Cracking CrackMes too.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Mon Jan 07, 2008 6:30 pm    Post subject: Reply with quote

Ok after about 5-10min of phishing I got bored. Anyone that wants the start:

Hey Man Whats Up? Its My 2nd Crack

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Tue Jan 08, 2008 8:18 pm    Post subject: Reply with quote

Wiccaan... How can you get board? Ill give you the crypt Class if you want. o.o Decode it faster?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Wed Jan 09, 2008 3:28 am    Post subject: Reply with quote

dnsi0 wrote:
Wiccaan... How can you get board? Ill give you the crypt Class if you want. o.o Decode it faster?


I got bored cause trial and error to phish a wtf long password is just not worth my time. If you give me the class I can just reverse the hex string instantly, making it pointless. Let someone else waste like an hour of their time figuring it out lol.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Wed Jan 09, 2008 9:19 pm    Post subject: Reply with quote

1 hour??? This is less all you need to do is revers the Xor Operation on the CRYPT string. Easy. 10 mins tops.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Wed Jan 09, 2008 10:08 pm    Post subject: Reply with quote

dnsi0 wrote:
1 hour??? This is less all you need to do is revers the Xor Operation on the CRYPT string. Easy. 10 mins tops.


I wasn't phishing it like that. I was using my own method. Trial and error based on the stacks compare. I'm too lazy to pull the function and reverse it.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites