Jump to content
Tuts 4 You

[CrackMe]Find the password 5 - Register It


Ownage

Recommended Posts

Ok, yet again, this has been a long time for me, and I have a little question. To not spoil it for others, check the spoiler tag.

Ok, I suppose the application waits for an file to be dropped onto the application, then verifying it's filename and location to see wheither the statusbar should show REGISTERED or UNREGISTERED. THough, it seems to be comparing the file I drop on it with the following file: "Z:\File/.geek", but it is impossible to create such a file on a windows machine. Am I going in the wrong direction or is it meant to be possible to create such a file? (Yes, I have changed my D: into Z: to test this!)

Thanks in advance.

Link to comment

yes you can modify the path of the file at the right moment that

is search's for the file

what I did was patched the file so is always registered

without the file

but still I am not sure about the password cos I

fund 2 strings that are compared one of them is the

pass word but I am not % 100 per cent

I hope somebody cam up with the solution

Edited by delldell
Link to comment

that string is MD5 hash which undertakes from file thus file must have length in 5 bytes

I bruted this hash uses alphabet for brut all of printing characters, and nothing, and write the own bruter for all of characters I don't want

Link to comment

I started doing this, there are a lot of ways to patch it, I did the single jump, their is also fixing the path string, I didn't look to see how the two keys where generated, but you can patch the one strcmp too. The app wasn't interesting enough to dig deep. I replaced all the mov->ptr just to make it interesting for fixing the path problem(not sure what we where suppose to do there). I didn't see how to key it without patching because the path problem. It was too much trouble to try a virtual drive too.

Edited by hiya
Link to comment

Am i the only one who cant seem to find its correct entry point? Cant seem to find the code section (its empty!) <.< Anyone point me in the right direction? starting address is 778E9FDD for me, which isnt right at all.

Link to comment

Am i the only one who cant seem to find its correct entry point? Cant seem to find the code section (its empty!) <.< Anyone point me in the right direction? starting address is 778E9FDD for me, which isnt right at all.

check your Olly options, if Debugging options -> Events -> Make first pause at is System breakpoint that is you problem, change to Entry point of main module

I didn't look to see how the two keys where generated

00401187 |. 68 21334000 PUSH g5.00403321 ; /Arg3 = 403321 <-- output buffer
0040118C |. 6A 05 PUSH 5 ; |Arg2 = 5 <-- length of buffer
0040118E |. 68 71324000 PUSH g5.00403271 ; |Arg1 = 00403271 <-- input buffer
00401193 |. E8 E8020000 CALL 00401480 ; \00401480

and for all, this is modified MD5, I only now see that :)

Link to comment

Hmm that doesnt seem to be it BoRoV, settings there are right, if I change it to System breakpoint, its still wrong :(

Also it crashes on first code execution if I try, doesnt leave me much room to do anything

Edited by Espair
Link to comment

That was it, it didnt like a plugin, thanks BoRoV!

Actually further looking into it, olly doesnt like x64, olly 2 does which is why it worked, olly advanced had a fix for it though so its good :)

Solved! woo (with a little help), finally managed to find where it came up with the MD5(?) code, then compared with the one it should have been. Just edited so it would match, came up REGISTERED.

Edited by Espair
Link to comment

It's too easy to patch it, and even make it load file correctly and pass the key check, but I think this was suppose to be a keygen from what I'm reading. It's intriguing but I'll leave it to the crypto people :P

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...