Cheat Engine

nog_lorp · Posted: Fri Dec 19, 2008 1:00 am Post subject: Get the password crap.

The drill:
No point in patching, brute forcing is for bitches.

Get the password - it is a little harder than a plain text comparison, but easier than getting the password from an md5 hash.

Enjoy,
~nog_lorp

&Vage · Posted: Fri Dec 19, 2008 10:45 am Post subject:

Will my penis satisfy your asshole? Very Happy

"aabbbbbb"

Noz3001 · Posted: Fri Dec 19, 2008 10:51 am Post subject:

abcdefg

If it begins with a then it's always right.

nog_lorp · Posted: Fri Dec 19, 2008 1:58 pm Post subject:

No, the "I've had better" message is the fail message.

armakapo · Newbie cheater Reputation: 0 Joined: 12 Jul 2007 Posts: 19

how can you get the pass? i have no clue D: i didn't find anything with ollydbg, what can i try next?

nog_lorp · Posted: Sun Dec 21, 2008 10:52 pm Post subject:

The plain text password isn't contained in the program. You have to figure out how the algorithm works.

armakapo · Newbie cheater Reputation: 0 Joined: 12 Jul 2007 Posts: 19

hmm the thing is ... i don't have any idea on what to do xD i know some c++ and that's it xD
do i need to learn some ollydbg or some kind of language to crack those things? i just don't know how to start to crack xD any guide or very simple crackme appreciated ^^

nog_lorp · Posted: Mon Dec 22, 2008 12:14 am Post subject:

Reverse engineering. Trace through with ollydbg and/or IDA pro. I would definitely not recommend this one at all. It is written in C though FYI.

armakapo · Newbie cheater Reputation: 0 Joined: 12 Jul 2007 Posts: 19

well i have just learnt some basics of ollydbg with few vb basic examples.
i give up on this, i got no clue how to do it.

Reak · Posted: Mon Dec 22, 2008 4:56 am Post subject:

sponge cake recipe · Posted: Mon Dec 22, 2008 5:03 am Post subject:

I'm guessing

blackmorpheus · Posted: Mon Dec 22, 2008 6:37 am Post subject:

nop the JE at 004017CD for stupid plain patching.
otherwise, look at the algorithm at 00401707.

The algorithm is pretty hard Very Happy

, it depends only on the first four letters i think.

and SHL EDX,4 means EDX = EDX * 16 right?

sponge · Posted: Mon Dec 22, 2008 1:22 pm Post subject:

nog_lorp · Posted: Mon Dec 22, 2008 2:03 pm Post subject:

Good work. The wronge hole message is because aaaaaaaa tokenizes to 0 in my algorithm, which causes a division by 0 later.

Just FYI, a rundown of the messages:
ASCII "Insert password into passhole (8 characters, a-p only):"
--Password prompt
ASCII "That password was soooooo good!"
--Correct password
ASCII "My passhole only accepts pure a-p passwords, not dirty ethnic passwords."
--Password contained invalid characters
ASCII "Your password is too big/too smal to satisfy my passhole!"
--Password was not 8 characters.
ASCII "That password was ok, but I've had better."
--Password was incorrect (my bad, this was rather ambiguous).
ASCII "WTF That's the wrong hole!"
--You put in a password of "aaaaaaaa" you hoe.

armakapo · Newbie cheater Reputation: 0 Joined: 12 Jul 2007 Posts: 19

how do u "discover" the algorithms with olly? ^^
also, in this crackme, it's supposed to be in the source somehing like this?:
string correctpwd="something";
if (encryptPwd(correctpwd) == inputtedpwd) {
it was good. blah blah blah;
else {
blah blah blah}

my idea is that, is the pwd is encrypted with some algorithm at the function encryptPwd?
if not, which could be the possible method it was encrypted?
i'm yet a nab Razz