Home › Forum › Programming › Other Programming › Reverse Engineering › EZ Crack Me for reverse engineering practice!
EZ Crack Me for reverse engineering practice!
EZ Crack Me for reverse engineering practice!
Hello everyone.
I'm releasing for you all a really easy crack me so you can practice using debuggers. This is aimed for beginners. This is extremely easy, written in only 19 lines of code. If you guys like this type of thing I can make some harder ones..
If you are going to post a solution please put your solution in a spoiler so others don't accidentally see how to do this without trying themselves first. Also, in your solutions I ask that you explain why you are doing something and how you found your results, teach others - don't just show your final answer.
I'm releasing for you all a really easy crack me so you can practice using debuggers. This is aimed for beginners. This is extremely easy, written in only 19 lines of code. If you guys like this type of thing I can make some harder ones..
If you are going to post a solution please put your solution in a spoiler so others don't accidentally see how to do this without trying themselves first. Also, in your solutions I ask that you explain why you are doing something and how you found your results, teach others - don't just show your final answer.
@Mezmaa
Solution Nr.1 - Correct Password
Solution Nr. 2 - Wrong Password
Solution Nr. 3 - No Password
Solution Nr.1 - Correct Password
Image contains the password
Solution Nr. 2 - Wrong Password
Solution Nr. 3 - No Password
Solution Nr. 1 - Correct Password
Open the file in IDA / x32dbg, go to strings, notice that C++CRACKME is not being displayed on the screen and is, therefore, a potential password.
Solution Nr. 2 - Wrong Password
Open the file in IDA / x32dbg, go to strings, go to the address where the "Great! You now have full access.." string is referenced, scroll up, patch the opcodes 74 3A with EB 3A to jump to the solution regardless of the outcome of the string comparison.
Solution Nr. 3 - No Password
Open the file in IDA / x32dbg, go to strings, go to the address where the "Great! You now have full access.." string is referenced, scroll up, replace the call to get user input via std::cin with a jump directly to the solution without even accepting user input or patch the executable to not even ask for a password and jump straight to the answer.
How to crack for "newcomers" with OllyDbg only:
There are more than 1 way you could do this challenge, I'm just using the easiest "ones".
"If you guys like this type of thing I can make some harder ones.."
Sure, I'd like to do more
.
There are more than 1 way you could do this challenge, I'm just using the easiest "ones".
"If you guys like this type of thing I can make some harder ones.."
Sure, I'd like to do more
.1.Methode
1.Open OllyDbg
2.Attach it to the exe
3.Search for an string that looks like an "password".
And what do we get after a couple of seconds scrolling?
Password = C++CRACKME
2.Attach it to the exe
3.Search for an string that looks like an "password".
And what do we get after a couple of seconds scrolling?
Password = C++CRACKME
2.Methode
1.Attach it on OllyDbg
2.Search for the output string when it's incorrect/correct.
3.Look for the JE with a cmp or test, because something is checking if your input equals password.
4. Patch the "JE" to a "JNE" -> "JNZ" and save the file.
Inverting a jump might not be the smartest way to do it in complicated programs, but well... who cares I'm a noob myself ¯\_(ツ)_/¯
Wrong password = correct password.
2.Search for the output string when it's incorrect/correct.
3.Look for the JE with a cmp or test, because something is checking if your input equals password.
4. Patch the "JE" to a "JNE" -> "JNZ" and save the file.
Inverting a jump might not be the smartest way to do it in complicated programs, but well... who cares I'm a noob myself ¯\_(ツ)_/¯
Wrong password = correct password.
I figured it would be more fun to write a hack for it.
Pass is located at [EBP+030h]
When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.
https://*************.com/open?id=0B8...3M5aUxhbFhwSG8
1.PasscodeLocation
Pass is located at [EBP+030h]
When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.
https://*************.com/open?id=0B8...3M5aUxhbFhwSG8
[QUOTE=__readgsqword;12209466]I figured it would be more fun to write a hack for it.
Pass is located at [EBP+030h]
When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.
you help people,but people to you?
1.PasscodeLocation
Pass is located at [EBP+030h]
When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.
you help people,but people to you?
Similar Threads
- 11Last post
- Looking for someone who is familiar with reverse engineering EACBy xXThunderGunXx in Work & Job Offers2Last post
- 2Last post
- 1Last post