Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


zeroc0de's Crackme v4.0

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
zeroc0de
Cheater
Reputation: 0

Joined: 31 Aug 2008
Posts: 32

PostPosted: Mon Sep 08, 2008 3:18 pm    Post subject: zeroc0de's Crackme v4.0 Reply with quote

zeroc0de's Crackme v4.0

Difficulty : I must say kinda hard.

Figure the pass.

We already got a great winner which is, of course, Sunbeam.
But, can you do it? Smile

Have Fun.

-- Before posting any passes, try them. You will see the good boy message.
Back to top
View user's profile Send private message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Mon Sep 08, 2008 8:00 pm    Post subject: Reply with quote

notepad?? oO

lol im not a good cracker but i do believe replacing notepad in sys32 with custom app would be fun way 2 crack it

i think password injected into notepad from dll

i think i found it has all letters in abc usually used 4 hash decoding


Code:
003B9C18  /$ 55             PUSH EBP
003B9C19  |. 8BEC           MOV EBP,ESP
003B9C1B  |. 83C4 E8        ADD ESP,-18
003B9C1E  |. 53             PUSH EBX
003B9C1F  |. 56             PUSH ESI
003B9C20  |. 57             PUSH EDI
003B9C21  |. 33C9           XOR ECX,ECX
003B9C23  |. 894D E8        MOV DWORD PTR SS:[EBP-18],ECX
003B9C26  |. 894D EC        MOV DWORD PTR SS:[EBP-14],ECX
003B9C29  |. 8955 F8        MOV DWORD PTR SS:[EBP-8],EDX
003B9C2C  |. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
003B9C2F  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
003B9C32  |. E8 8DAFFAFF    CALL crackme.00364BC4
003B9C37  |. 33C0           XOR EAX,EAX
003B9C39  |. 55             PUSH EBP
003B9C3A  |. 68 1A9D3B00    PUSH crackme.003B9D1A
003B9C3F  |. 64:FF30        PUSH DWORD PTR FS:[EAX]
003B9C42  |. 64:8920        MOV DWORD PTR FS:[EAX],ESP
003B9C45  |. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
003B9C48  |. E8 C3AAFAFF    CALL crackme.00364710
003B9C4D  |. 33FF           XOR EDI,EDI
003B9C4F  |. 33C0           XOR EAX,EAX
003B9C51  |. 8945 F0        MOV DWORD PTR SS:[EBP-10],EAX
003B9C54  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
003B9C57  |. 85C0           TEST EAX,EAX
003B9C59  |. 74 05          JE SHORT crackme.003B9C60
003B9C5B  |. 83E8 04        SUB EAX,4
003B9C5E  |. 8B00           MOV EAX,DWORD PTR DS:[EAX]
003B9C60  |> 8BF0           MOV ESI,EAX
003B9C62  |. 85F6           TEST ESI,ESI
003B9C64  |. 0F8E 8D000000  JLE crackme.003B9CF7
003B9C6A  |. C745 F4 010000>MOV DWORD PTR SS:[EBP-C],1
003B9C71  |> 8D45 EC        /LEA EAX,DWORD PTR SS:[EBP-14]
003B9C74  |. 8B55 FC        |MOV EDX,DWORD PTR SS:[EBP-4]
003B9C77  |. 8B4D F4        |MOV ECX,DWORD PTR SS:[EBP-C]
003B9C7A  |. 0FB6540A FF    |MOVZX EDX,BYTE PTR DS:[EDX+ECX-1]
003B9C7F  |. E8 74ACFAFF    |CALL crackme.003648F8
003B9C84  |. 8B45 EC        |MOV EAX,DWORD PTR SS:[EBP-14]
003B9C87  |. BA 309D3B00    |MOV EDX,crackme.003B9D30                ;  ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
003B9C8C  |. E8 87B0FAFF    |CALL crackme.00364D18
003B9C91  |. 8BD8           |MOV EBX,EAX
003B9C93  |. 4B             |DEC EBX
003B9C94  |. 85DB           |TEST EBX,EBX
003B9C96  |. 7C 5F          |JL SHORT crackme.003B9CF7
003B9C98  |. 8B45 F0        |MOV EAX,DWORD PTR SS:[EBP-10]
003B9C9B  |. C1E0 06        |SHL EAX,6
003B9C9E  |. 03D8           |ADD EBX,EAX
003B9CA0  |. 895D F0        |MOV DWORD PTR SS:[EBP-10],EBX
003B9CA3  |. 83C7 06        |ADD EDI,6
003B9CA6  |. 83FF 08        |CMP EDI,8
003B9CA9  |. 7C 42          |JL SHORT crackme.003B9CED
003B9CAB  |. 83EF 08        |SUB EDI,8
003B9CAE  |. 8BCF           |MOV ECX,EDI
003B9CB0  |. 8B5D F0        |MOV EBX,DWORD PTR SS:[EBP-10]
003B9CB3  |. D3EB           |SHR EBX,CL
003B9CB5  |. 8BCF           |MOV ECX,EDI
003B9CB7  |. B8 01000000    |MOV EAX,1
003B9CBC  |. D3E0           |SHL EAX,CL
003B9CBE  |. 8BC8           |MOV ECX,EAX
003B9CC0  |. 8B45 F0        |MOV EAX,DWORD PTR SS:[EBP-10]
003B9CC3  |. 99             |CDQ
003B9CC4  |. F7F9           |IDIV ECX
003B9CC6  |. 8955 F0        |MOV DWORD PTR SS:[EBP-10],EDX
003B9CC9  |. B9 00010000    |MOV ECX,100
003B9CCE  |. 8BC3           |MOV EAX,EBX
003B9CD0  |. 99             |CDQ
003B9CD1  |. F7F9           |IDIV ECX
003B9CD3  |. 89D3           |MOV EBX,EDX
003B9CD5  |. 8D45 E8        |LEA EAX,DWORD PTR SS:[EBP-18]
003B9CD8  |. 8BD3           |MOV EDX,EBX
003B9CDA  |. E8 19ACFAFF    |CALL crackme.003648F8
003B9CDF  |. 8B55 E8        |MOV EDX,DWORD PTR SS:[EBP-18]
003B9CE2  |. 8B45 F8        |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CE5  |. E8 F2ACFAFF    |CALL crackme.003649DC
003B9CEA  |. 8B45 F8        |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CED  |> FF45 F4        |INC DWORD PTR SS:[EBP-C]
003B9CF0  |. 4E             |DEC ESI
003B9CF1  |.^0F85 7AFFFFFF  \JNZ crackme.003B9C71
003B9CF7  |> 33C0           XOR EAX,EAX
003B9CF9  |. 5A             POP EDX
003B9CFA  |. 59             POP ECX
003B9CFB  |. 59             POP ECX
003B9CFC  |. 64:8910        MOV DWORD PTR FS:[EAX],EDX
003B9CFF  |. 68 219D3B00    PUSH crackme.003B9D21
003B9D04  |> 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
003B9D07  |. BA 02000000    MOV EDX,2
003B9D0C  |. E8 23AAFAFF    CALL crackme.00364734
003B9D11  |. 8D45 FC        LEA EAX,DWORD PTR SS:[EBP-4]
003B9D14  |. E8 F7A9FAFF    CALL crackme.00364710
003B9D19  \. C3             RETN




hash 2 decode by function

003B9DC2 |. B8 4C9E3B00 MOV EAX,crackme.003B9E4C ; ASCII "RczqPN1XP2vbU6K"

hash decodes 2 notepad.exe lol

more hashes
003B9968 |. BA 3C9A3B00 MOV EDX,crackme.003B9A3C ; ASCII "UcLiP64"

decoded 2 zelda

003B99CA |. BA 589A3B00 MOV EDX,crackme.003B9A58 ; ASCII "QMvaPNW"

decoded 2 index

003B99E7 |. BA 689A3B00 MOV EDX,crackme.003B9A68 ; ASCII "PszlP21gRs8"

decodes 2 good job

_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4021
Location: Romania

PostPosted: Tue Sep 09, 2008 6:48 am    Post subject: Reply with quote

Good work Wink You know the pass now Smile
Back to top
View user's profile Send private message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Tue Sep 09, 2008 3:40 pm    Post subject: Reply with quote

not really lol..
_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
zeroc0de
Cheater
Reputation: 0

Joined: 31 Aug 2008
Posts: 32

PostPosted: Tue Sep 09, 2008 8:29 pm    Post subject: Reply with quote

pkedpker wrote:
not really lol..


index Rolling Eyes
Back to top
View user's profile Send private message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Tue Sep 09, 2008 8:32 pm    Post subject: Reply with quote

Lol no way... wow it worked

I just thought that was rubbish I just found of a bunch of hashes in find all strings in the exe and the injected dll in notepad.

and i guess that one slipped my mind.. lol i must of tried zeldaindex and just said screw this and gave up.

_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
jackyyll
Expert Cheater
Reputation: 0

Joined: 28 Jan 2008
Posts: 143
Location: here

PostPosted: Thu Sep 11, 2008 10:37 am    Post subject: Reply with quote

Not that hard.. All i did was set a breakpoint in Crackme_v4.exe on ShellExecuteA, let it execute notepad.exe, attached a second olly to that then just breakpointed the hashed strings and input a password.
Back to top
View user's profile Send private message AIM Address MSN Messenger
G0DFATHER
How do I cheat?
Reputation: 0

Joined: 14 May 2008
Posts: 0
Location: C:/Nexon/Maplestory

PostPosted: Mon Sep 15, 2008 5:49 pm    Post subject: Reply with quote

pkedpker wrote:
notepad?? oO

lol im not a good cracker but i do believe replacing notepad in sys32 with custom app would be fun way 2 crack it

i think password injected into notepad from dll

i think i found it has all letters in abc usually used 4 hash decoding


Code:
003B9C18  /$ 55             PUSH EBP
003B9C19  |. 8BEC           MOV EBP,ESP
003B9C1B  |. 83C4 E8        ADD ESP,-18
003B9C1E  |. 53             PUSH EBX
003B9C1F  |. 56             PUSH ESI
003B9C20  |. 57             PUSH EDI
003B9C21  |. 33C9           XOR ECX,ECX
003B9C23  |. 894D E8        MOV DWORD PTR SS:[EBP-18],ECX
003B9C26  |. 894D EC        MOV DWORD PTR SS:[EBP-14],ECX
003B9C29  |. 8955 F8        MOV DWORD PTR SS:[EBP-8],EDX
003B9C2C  |. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
003B9C2F  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
003B9C32  |. E8 8DAFFAFF    CALL crackme.00364BC4
003B9C37  |. 33C0           XOR EAX,EAX
003B9C39  |. 55             PUSH EBP
003B9C3A  |. 68 1A9D3B00    PUSH crackme.003B9D1A
003B9C3F  |. 64:FF30        PUSH DWORD PTR FS:[EAX]
003B9C42  |. 64:8920        MOV DWORD PTR FS:[EAX],ESP
003B9C45  |. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
003B9C48  |. E8 C3AAFAFF    CALL crackme.00364710
003B9C4D  |. 33FF           XOR EDI,EDI
003B9C4F  |. 33C0           XOR EAX,EAX
003B9C51  |. 8945 F0        MOV DWORD PTR SS:[EBP-10],EAX
003B9C54  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
003B9C57  |. 85C0           TEST EAX,EAX
003B9C59  |. 74 05          JE SHORT crackme.003B9C60
003B9C5B  |. 83E8 04        SUB EAX,4
003B9C5E  |. 8B00           MOV EAX,DWORD PTR DS:[EAX]
003B9C60  |> 8BF0           MOV ESI,EAX
003B9C62  |. 85F6           TEST ESI,ESI
003B9C64  |. 0F8E 8D000000  JLE crackme.003B9CF7
003B9C6A  |. C745 F4 010000>MOV DWORD PTR SS:[EBP-C],1
003B9C71  |> 8D45 EC        /LEA EAX,DWORD PTR SS:[EBP-14]
003B9C74  |. 8B55 FC        |MOV EDX,DWORD PTR SS:[EBP-4]
003B9C77  |. 8B4D F4        |MOV ECX,DWORD PTR SS:[EBP-C]
003B9C7A  |. 0FB6540A FF    |MOVZX EDX,BYTE PTR DS:[EDX+ECX-1]
003B9C7F  |. E8 74ACFAFF    |CALL crackme.003648F8
003B9C84  |. 8B45 EC        |MOV EAX,DWORD PTR SS:[EBP-14]
003B9C87  |. BA 309D3B00    |MOV EDX,crackme.003B9D30                ;  ASCII "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
003B9C8C  |. E8 87B0FAFF    |CALL crackme.00364D18
003B9C91  |. 8BD8           |MOV EBX,EAX
003B9C93  |. 4B             |DEC EBX
003B9C94  |. 85DB           |TEST EBX,EBX
003B9C96  |. 7C 5F          |JL SHORT crackme.003B9CF7
003B9C98  |. 8B45 F0        |MOV EAX,DWORD PTR SS:[EBP-10]
003B9C9B  |. C1E0 06        |SHL EAX,6
003B9C9E  |. 03D8           |ADD EBX,EAX
003B9CA0  |. 895D F0        |MOV DWORD PTR SS:[EBP-10],EBX
003B9CA3  |. 83C7 06        |ADD EDI,6
003B9CA6  |. 83FF 08        |CMP EDI,8
003B9CA9  |. 7C 42          |JL SHORT crackme.003B9CED
003B9CAB  |. 83EF 08        |SUB EDI,8
003B9CAE  |. 8BCF           |MOV ECX,EDI
003B9CB0  |. 8B5D F0        |MOV EBX,DWORD PTR SS:[EBP-10]
003B9CB3  |. D3EB           |SHR EBX,CL
003B9CB5  |. 8BCF           |MOV ECX,EDI
003B9CB7  |. B8 01000000    |MOV EAX,1
003B9CBC  |. D3E0           |SHL EAX,CL
003B9CBE  |. 8BC8           |MOV ECX,EAX
003B9CC0  |. 8B45 F0        |MOV EAX,DWORD PTR SS:[EBP-10]
003B9CC3  |. 99             |CDQ
003B9CC4  |. F7F9           |IDIV ECX
003B9CC6  |. 8955 F0        |MOV DWORD PTR SS:[EBP-10],EDX
003B9CC9  |. B9 00010000    |MOV ECX,100
003B9CCE  |. 8BC3           |MOV EAX,EBX
003B9CD0  |. 99             |CDQ
003B9CD1  |. F7F9           |IDIV ECX
003B9CD3  |. 89D3           |MOV EBX,EDX
003B9CD5  |. 8D45 E8        |LEA EAX,DWORD PTR SS:[EBP-18]
003B9CD8  |. 8BD3           |MOV EDX,EBX
003B9CDA  |. E8 19ACFAFF    |CALL crackme.003648F8
003B9CDF  |. 8B55 E8        |MOV EDX,DWORD PTR SS:[EBP-18]
003B9CE2  |. 8B45 F8        |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CE5  |. E8 F2ACFAFF    |CALL crackme.003649DC
003B9CEA  |. 8B45 F8        |MOV EAX,DWORD PTR SS:[EBP-8]
003B9CED  |> FF45 F4        |INC DWORD PTR SS:[EBP-C]
003B9CF0  |. 4E             |DEC ESI
003B9CF1  |.^0F85 7AFFFFFF  \JNZ crackme.003B9C71
003B9CF7  |> 33C0           XOR EAX,EAX
003B9CF9  |. 5A             POP EDX
003B9CFA  |. 59             POP ECX
003B9CFB  |. 59             POP ECX
003B9CFC  |. 64:8910        MOV DWORD PTR FS:[EAX],EDX
003B9CFF  |. 68 219D3B00    PUSH crackme.003B9D21
003B9D04  |> 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
003B9D07  |. BA 02000000    MOV EDX,2
003B9D0C  |. E8 23AAFAFF    CALL crackme.00364734
003B9D11  |. 8D45 FC        LEA EAX,DWORD PTR SS:[EBP-4]
003B9D14  |. E8 F7A9FAFF    CALL crackme.00364710
003B9D19  \. C3             RETN




hash 2 decode by function

003B9DC2 |. B8 4C9E3B00 MOV EAX,crackme.003B9E4C ; ASCII "RczqPN1XP2vbU6K"

hash decodes 2 notepad.exe lol

more hashes
003B9968 |. BA 3C9A3B00 MOV EDX,crackme.003B9A3C ; ASCII "UcLiP64"

decoded 2 zelda

003B99CA |. BA 589A3B00 MOV EDX,crackme.003B9A58 ; ASCII "QMvaPNW"

decoded 2 index

003B99E7 |. BA 689A3B00 MOV EDX,crackme.003B9A68 ; ASCII "PszlP21gRs8"

decodes 2 good job

ur good nice

_________________

GROOT FTW!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites