View previous topic :: View next topic |
Author |
Message |
Fuzz Grandmaster Cheater Reputation: 0
Joined: 12 Nov 2006 Posts: 531
|
Posted: Wed Jul 23, 2008 4:20 pm Post subject: Super easy crackme |
|
|
this was a challenge on the IRC kinda...
On a 1-10 it should be a 1 or a 2.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Jul 23, 2008 5:27 pm Post subject: |
|
|
Code: | 0040194D |. /75 17 JNZ SHORT Fuzz's_E.00401966 |
Patch the jump or reverse the call above it to obtain the password each time.
Condition is the compare above the jump:
Code: | 0040194A |. 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8] |
EAX = entered password
DWORD PTR SS:[EBP-8] = correct password
_________________
- Retired. |
|
Back to top |
|
|
Fuzz Grandmaster Cheater Reputation: 0
Joined: 12 Nov 2006 Posts: 531
|
Posted: Wed Jul 23, 2008 5:48 pm Post subject: |
|
|
But can you guess the fromula to legitly get the password?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Jul 23, 2008 6:05 pm Post subject: |
|
|
Fuzz wrote: | But can you guess the fromula to legitly get the password? |
Code: | 004018CD |. 50 PUSH EAX ; /pLocaltime
004018CE |. FF15 94B14700 CALL DWORD PTR DS:[<&KERNEL32.GetLocalTi>; \GetLocalTime
004018D4 |. 3BF4 CMP ESI,ESP
004018D6 |. E8 D5700000 CALL Fuzz's_E.004089B0
004018DB |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004018DE |. 81E1 FFFF0000 AND ECX,0FFFF
004018E4 |. 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
004018E7 |. 8B55 F2 MOV EDX,DWORD PTR SS:[EBP-E]
004018EA |. 81E2 FFFF0000 AND EDX,0FFFF
004018F0 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004018F3 |. 03C2 ADD EAX,EDX
004018F5 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004018F8 |. 81E1 FFFF0000 AND ECX,0FFFF
004018FE |. 03C1 ADD EAX,ECX
00401900 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX |
_________________
- Retired. |
|
Back to top |
|
|
|