tag:blogger.com,1999:blog-17495409647787563152024-03-04T22:21:21.168-08:00obnoxious-coderThis blog is intended for discussing my tut's written for crackmes.de. I donot intend to teach anyone how to reverse real applications nor do i endorse such actions. If you are offended by such articles you are asked to exit this page. These articles are for educational purposes only; I cannot be held responsible if visitors misuse this information in anyway.Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-1749540964778756315.post-88038050412962003612009-09-11T04:22:00.000-07:002009-09-11T04:58:04.618-07:00MoveIT...The New JavaScript Crackme :P<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5HEgtrqoQ7QctK23OfX8SecdNp0__e2_8mPPEfPr27Oyz3Z6UvX5U1WM0wcsD8SV9_HUzMdqVeQeNTCPV4hcjFNK7CBcWCuUHm_vHzJ2IeMtyxVhrUt8yF1-vVvVRR73E-_3pyfm-E0I/s1600-h/sshot-7.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 243px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5HEgtrqoQ7QctK23OfX8SecdNp0__e2_8mPPEfPr27Oyz3Z6UvX5U1WM0wcsD8SV9_HUzMdqVeQeNTCPV4hcjFNK7CBcWCuUHm_vHzJ2IeMtyxVhrUt8yF1-vVvVRR73E-_3pyfm-E0I/s400/sshot-7.png" alt="" id="BLOGGER_PHOTO_ID_5380170359993808146" border="0" /></a><br />Yes i am finally putting up a new crackme after a long break. Also i have not put any recent tutorials :'(. I hope some people miss my stuff @ crackmes.de. But the good thing is heres a quick preview of my latest crackme. I hope you guys will love it when i submit it by monday :P cheers<br />Dont forget to get greasemonkey plugin for FireFox to try this crackme :DObnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com2tag:blogger.com,1999:blog-1749540964778756315.post-88505557076063898312009-08-18T06:21:00.000-07:002009-09-11T04:22:11.269-07:00Scripting...I love weakly typed languages :P<p><span style=";font-family:monotype corsiva;font-size:10px;" >H</span>i fellas I was a bit busy these few days. I was trying to get the basics of Scripting and i have been pretty successful. So here's my first <span id="SPELLING_ERROR_0" class="blsp-spelling-error">UserScript</span> for <span id="SPELLING_ERROR_1" class="blsp-spelling-error">mozilla</span> for the site <span id="SPELLING_ERROR_2" class="blsp-spelling-error">travian</span>.com. This little script lets you select all the <span id="SPELLING_ERROR_3" class="blsp-spelling-error">checkboxes</span> on the report page for quick deletion. Have fun :)</p><p><i><span style="color: rgb(0, 102, 0);">// Use this tiny little script to select/unselect all reports on the reports page</span><br /><span style="color: rgb(0, 102, 0);">// of travian so that you could delete them quickly. </span><br /><span style="color: rgb(0, 102, 0);">// ==UserScript==</span><br /><span style="color: rgb(0, 102, 0);">// @name SlectAll</span><br /><span style="color: rgb(0, 102, 0);">// @namespace obnoxiouscoder.blogspot.com</span><br /><span style="color: rgb(0, 102, 0);">// @decription "Select All" reports on the page with a click for deletion.</span><br /><span style="color: rgb(0, 102, 0);">// @include http//*.travian.*/berichte.php*</span><br /><span style="color: rgb(0, 102, 0);">// @include *.travian.*/berichte.php*</span><br /><span style="color: rgb(0, 102, 0);">// @email obnoxiouscoder@gmail.com</span><br /><span style="color: rgb(0, 102, 0);">// ==/UserScript==</span><br /><span style="color: rgb(0, 102, 0);">// *********************************************************</span></i><br /><br /><i><span style="color: rgb(153, 0, 0);">var nbsp = document.createTextNode( "\u00A0" );</span><br /><span style="color: rgb(153, 0, 0);">var newChkBox = document.createElement("input");</span><br /><span style="color: rgb(153, 0, 0);">newChkBox.type = "checkbox";</span><br /><span style="color: rgb(153, 0, 0);">newChkBox.id = "chk_box";</span><br /><span style="color: rgb(153, 0, 0);">newChkBox.addEventListener("click",function()</span><br /><span style="color: rgb(153, 0, 0);">{</span><br /><span style="color: rgb(153, 0, 0);">var chkBox = document.getElementsByTagName("input");</span><br /><span style="color: rgb(153, 0, 0);">for(i=0; i<chkbox.length;><br /><span style="color: rgb(153, 0, 0);">{</span><br /><span style="color: rgb(153, 0, 0);"> if(chkBox[i].getAttribute('type') == "checkbox")</span><br /><span style="color: rgb(153, 0, 0);"> {</span><br /><span style="color: rgb(153, 0, 0);"> if(chkBox[i].getAttribute("id") != "chk_box")</span><br /><span style="color: rgb(153, 0, 0);"> {</span><br /><span style="color: rgb(153, 0, 0);"> if(chkBox[i].checked == true)</span><br /><span style="color: rgb(153, 0, 0);"> {</span><br /><span style="color: rgb(153, 0, 0);"> chkBox[i].checked =false; </span><br /><span style="color: rgb(153, 0, 0);"> }</span><br /><span style="color: rgb(153, 0, 0);"> else</span><br /><span style="color: rgb(153, 0, 0);"> {</span><br /><span style="color: rgb(153, 0, 0);"> chkBox[i].checked = true;</span><br /><span style="color: rgb(153, 0, 0);"> }</span><br /><span style="color: rgb(153, 0, 0);"> }</span><br /><span style="color: rgb(153, 0, 0);"> }</span><br /><span style="color: rgb(153, 0, 0);">}</span><br /><span style="color: rgb(153, 0, 0);">},false);</span><br /><br /><span style="color: rgb(0, 102, 0);">//CheckBox Text</span><br /><span style="color: rgb(153, 0, 0);">var newTxt = document.createElement("b");</span><br /><span style="color: rgb(153, 0, 0);">newTxt.setAttribute("style","color: #00CC33;");</span><br /><span style="color: rgb(153, 0, 0);">var chkboxTxt = document.createTextNode("SelectAll");</span><br /><span style="color: rgb(153, 0, 0);">newTxt.appendChild(chkboxTxt);</span><br /><br /><span style="color: rgb(0, 102, 0);">//target Button</span><br /><span style="color: rgb(153, 0, 0);">var trgtButton = document.getElementById("btn_delete");</span><br /><br /><span style="color: rgb(0, 102, 0);">//insertAfter Function.</span><br /><span style="color: rgb(153, 0, 0);">function insertAfter(newElement,targetElement)</span><br /><span style="color: rgb(153, 0, 0);">{</span><br /><span style="color: rgb(153, 0, 0);">var parent = targetElement.parentNode;</span><br /><span style="color: rgb(153, 0, 0);">if (parent.lastChild == targetElement) </span><br /><span style="color: rgb(153, 0, 0);">{</span><br /><span style="color: rgb(153, 0, 0);"> parent.appendChild(newElement);</span><br /><span style="color: rgb(153, 0, 0);">} </span><br /><span style="color: rgb(153, 0, 0);">else </span><br /><span style="color: rgb(153, 0, 0);">{</span><br /><span style="color: rgb(153, 0, 0);"> parent.insertBefore(newElement,targetElement.nextSibling);</span><br /><span style="color: rgb(153, 0, 0);">}</span><br /><span style="color: rgb(153, 0, 0);">}</span><br /><br /><span style="color: rgb(0, 102, 0);">//Lets Roll Baby</span><br /><span style="color: rgb(153, 0, 0);">insertAfter(newChkBox,trgtButton);</span><br /><span style="color: rgb(153, 0, 0);">newChkBox.parentNode.insertBefore(nbsp,newChkBox);</span><br /><span style="color: rgb(153, 0, 0);">insertAfter(newTxt,newChkBox);</span></chkbox.length;></span></i><br /></p>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-25125877233246610462009-08-02T22:06:00.000-07:002009-08-03T08:42:35.321-07:00Obnoxious Schemeing :P(Brute Forcer in Scheme)Aah the woes of <span style="font-weight: bold;">BruteForcing</span>!!! I was racking my brain for some time to code a very nice bruteforcing algo. I had some ideas but they were all messy so had to stop. Finally i found one googling. It was awesome simply awesome. It was written in c# and i thought I too should get an implementation of the same in some other language that has not yet been implemented. So here's my shot at Fame :P.<br /><br />I am in love with scheme. To me its the best language where you can understand looping(The thing we take for granted thanks to the For Loop). Its also the best language for understanding recursion. Recursion in scheme is simply superb!!!! So here's a little implementation of that awesome bruteforcing algo in scheme translated by me.<br /><br /><span style="font-style: italic; color: rgb(153, 0, 0);">(define sb "")</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);">(define charlst '(#\a #\b #\c #\d #\e #\f #\g #\h #\i #\j #\k #\l #\m #\n #\o #\p #\q #\r #\s #\t #\u #\v #\w #\x #\y #\z))</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);">(define (Start length)</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (let loop([i 0] [max length])</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (cond</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [(= i max) (IterateChars 0 sb length)]</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [else (set! sb (string-append sb "a"))</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (loop (+ i 1) max)])))</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);">(define (IterateChars pos sb length)</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (let loop([i 0] [max 26])</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (cond</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [(= i max) (display "")]</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [else (string-set! sb pos (list-ref charlst i))</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (cond</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [(= pos (- length 1)) (display "\n") (display sb)]</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> [else (IterateChars (+ pos 1) sb length)])</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);"> (loop (+ i 1) max)])))</span><br /><span style="font-style: italic; color: rgb(153, 0, 0);">(Start 4)</span><br /><br />In order to change the the length of the string just change (Start length) => length to desired choice. I must simply say that anyone who wants to understand Looping and Recursion better should give scheme a shot.<br /><br /><span style="font-weight: bold; font-style: italic;">[More Details On Scheme]</span><cite><span style="font-style: italic;"><br /></span></cite><cite>en.wikipedia.org/wiki/<b>Scheme</b>_(programming_language)<br /><br /><span style="font-weight: bold;">[Get Compiler Here]</span><br /></cite><cite>download.plt-<b>scheme</b>.org/<b>drscheme</b>/</cite><br /><cite><span style="font-style: italic;"><br /></span><br /><br /></cite>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com1tag:blogger.com,1999:blog-1749540964778756315.post-41098026702456146612009-08-02T20:15:00.000-07:002009-08-03T08:41:15.507-07:00skNiNe9's SKCrackMe #1<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2DD_i2Dqz0FEmvVIjuCDvoAe93YNMRSKw3Ud05bLRkfTygd6tZTofbeF3LB1QP38JHkM9cC57XuX08lY92ND8dBaTMdm84w3YGBxXkTQC6qL2iil99rF_njBp5ToKRdXTu2JS-6BVtRI/s1600-h/sshot-24.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 295px; height: 155px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2DD_i2Dqz0FEmvVIjuCDvoAe93YNMRSKw3Ud05bLRkfTygd6tZTofbeF3LB1QP38JHkM9cC57XuX08lY92ND8dBaTMdm84w3YGBxXkTQC6qL2iil99rF_njBp5ToKRdXTu2JS-6BVtRI/s320/sshot-24.png" alt="" id="BLOGGER_PHOTO_ID_5365574568485534146" border="0" /></a><br />Its a Java crackme. I am trying to learn java so i gave it a shot. It uses DES encryption in ECB mode or rather DES decryption to verify the serial. This as how DES can be implemented in java.<br /><br /><span style="color: rgb(153, 0, 0); font-style: italic;">import javax.crypto.Cipher;</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;">import javax.crypto.spec.SecretKeySpec;</span><br /><br /><span style="color: rgb(153, 0, 0); font-style: italic;">public class DES</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;">{</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> public byte[] getDES(byte[] inputbytes, byte[] keybytes) throws Exception</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> {</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> SecretKeySpec key = new SecretKeySpec(keybytes,"DES");</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> Cipher cipher = Cipher.getInstance("DES");</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> cipher.init(Cipher.ENCRYPT_MODE, key);</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> byte[] cryptedTxt = cipher.doFinal(inputbytes);</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> return cryptedTxt;</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> }</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> public byte[] decryptDES(byte[] inputbytes, byte[] keybytes) throws Exception</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> {</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> SecretKeySpec key = new SecretKeySpec(keybytes,"DES");</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> Cipher cipher = Cipher.getInstance("DES");</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> cipher.init(Cipher.DECRYPT_MODE, key);</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> byte[] decryptedtxt = cipher.doFinal(inputbytes);</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> return decryptedtxt;</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;"> }</span><br /><span style="color: rgb(153, 0, 0); font-style: italic;">}</span><br /><br />Have fun implementing DES :PObnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-8940470596162083562009-07-05T07:16:00.000-07:002009-07-05T07:43:15.451-07:00br0ken's What is my password?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigP75__orYUrWdyXbCv6DCRL04IqOSy5-KqC_uQEzKLMzHTq_dqjXbK2dgh_09HF5Z-M_R3WWWIubFKnNDyiBXRoWkYFz06t6I5BL6hx1ewWj81O9vtBZdEwz2n1AizDMlNSG1pFkNjTk/s1600-h/sshot-20.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 162px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigP75__orYUrWdyXbCv6DCRL04IqOSy5-KqC_uQEzKLMzHTq_dqjXbK2dgh_09HF5Z-M_R3WWWIubFKnNDyiBXRoWkYFz06t6I5BL6hx1ewWj81O9vtBZdEwz2n1AizDMlNSG1pFkNjTk/s320/sshot-20.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5354984639538972898" /></a><br />Aah its been sometime since br0ken put a crackme. I missed his last one my net connection was out then :P. br0ken's college has been keeping him too busy these days :P. It was a fun crackme. Made me do some math in a long time, also i had to dig in a bit to remind myself the Gauss-elimination, Newton Raphson , Gauss-sidel iteration methods that i learnt for solving liner equations. You guys can have a look at br0ken's password once the solution gets approved. Cheers and happy cracking.Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-77257473328739281332009-06-18T07:52:00.000-07:002009-06-18T08:02:45.144-07:00FlipFlop<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQlpPKs9Y8ica6VktqYBp-wWN8x8XyAPrvb_MiN3yuc89LSVX0EhF4Gn_id8wTPyxPJ1XsdxgZvbDeou5iJWt7LgQH45ICCDfdoYmyPNr_z12uP1Hr3_SwQJwA5lPVK1Rw_kDsHuTQT5U/s1600-h/sshot-18.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 216px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQlpPKs9Y8ica6VktqYBp-wWN8x8XyAPrvb_MiN3yuc89LSVX0EhF4Gn_id8wTPyxPJ1XsdxgZvbDeou5iJWt7LgQH45ICCDfdoYmyPNr_z12uP1Hr3_SwQJwA5lPVK1Rw_kDsHuTQT5U/s320/sshot-18.png" alt="" id="BLOGGER_PHOTO_ID_5348682943391653378" border="0" /></a><br /><br />Aah! finally a lvl 4 crackme. Special features: a no good dll has been added :P. Gold Medal to anyone who does it before Indomit :) A step by step visual keygen will be most appreciated. Multiple keys for each name mayb possible but not a neccesity.<br /><br />Have Fun Cracking It.Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com1tag:blogger.com,1999:blog-1749540964778756315.post-26029316792112558142009-06-16T18:15:00.000-07:002009-06-18T08:15:07.579-07:00JustAFewNumbers<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMKFTMcab0TUsIPQpnIg0o6Dz7tySDOhIMrmUlJ2KrIdEQrdLURRf-RdKx_namXAn2cUWKC6QdqmeGKqkX7MvPN4LasN3w2P-0tjNg40D7lf24MMkUAbU4W2ZKP11A8hEFEa-aQPg04kE/s1600-h/sshot-16.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 162px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMKFTMcab0TUsIPQpnIg0o6Dz7tySDOhIMrmUlJ2KrIdEQrdLURRf-RdKx_namXAn2cUWKC6QdqmeGKqkX7MvPN4LasN3w2P-0tjNg40D7lf24MMkUAbU4W2ZKP11A8hEFEa-aQPg04kE/s320/sshot-16.png" alt="" id="BLOGGER_PHOTO_ID_5348099928384907362" border="0" /></a><br />The latest addition to my crackmes. This one is simpler than my last two crackmes. The objective is to get the success message. Have fun Cracking it.Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com1tag:blogger.com,1999:blog-1749540964778756315.post-40008128267214572962009-05-19T17:17:00.000-07:002009-05-19T17:24:49.041-07:00Obnoxious SerialMe :P<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLqmMQEO4whukeoHFFKKo40oOMdkDK6Z8HA1fkF0e7mbmjqlSgqRCpl31aXzTrDkk25cAnVhfUZk5nNkwT-Fb8arYYxqAhcO3D2SsADu6keEFxDf_27AbJnlco3UoJiiPaHebuTRqU3eE/s1600-h/sshot-9.png"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 271px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLqmMQEO4whukeoHFFKKo40oOMdkDK6Z8HA1fkF0e7mbmjqlSgqRCpl31aXzTrDkk25cAnVhfUZk5nNkwT-Fb8arYYxqAhcO3D2SsADu6keEFxDf_27AbJnlco3UoJiiPaHebuTRqU3eE/s320/sshot-9.png" alt="" id="BLOGGER_PHOTO_ID_5337695326429883426" border="0" /></a><br /><div style="text-align: justify;">My first SerialMe has been released. Its almost the same as my last keygenme Get2ThatNumber only a bit more twisted and difficult. The code is small and clean have fun solving it. :)<br /></div>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com2tag:blogger.com,1999:blog-1749540964778756315.post-67510869813215918322009-04-11T17:45:00.001-07:002009-05-20T19:20:07.716-07:00Get2ThatNumberGet2ThatNumber was the last crackme that I had last updated. The Algo is pretty simple and straight forward. I hope you guys like it. BTW Get2ThatNumber v1.1 is in the making it will be a bit more difficult than the original. :)Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-62498486325348008672008-08-21T07:02:00.000-07:002008-08-22T07:13:58.738-07:00Time to make some friends....If you are a member of crackmes.de and you have solved ne of my crackmes/i have solved any of your crackmes or you like my tuts then maybe we can become friends. Just leave your yahoo messenger id. I m trying to get n MSN id but....:( n maybe we can chat some time......<br /><p>Ok an update i juz got my hotmail id so you guys can add me @ obnoxious_coder@hotmail.com</p>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com3tag:blogger.com,1999:blog-1749540964778756315.post-82310208005468324612008-08-21T05:51:00.001-07:002008-08-21T07:00:51.711-07:00V!ctor's OneXor Dissected...:PThe trick behind solving this crackme lies in thinking in the same lines as the author. The code seems such that there is no way one get to the GoodBoy without patching<br /><p><br />00401106 /$ 33C0 XOR EAX,EAX<br />00401108 . 6A 00 PUSH 0<br />0040110A . 83F8 01 CMP EAX,1<br />0040110D 74 0C JE SHORT OneXor.0040111B<br />0040110F . 68 6E304000 PUSH OneXor.0040306E ; ASCII "OneXor by V!ctor "<br />00401114 . 68 B7304000 PUSH OneXor.004030B7 ; ASCII "Sorry, wrong password." //BadBoy!!!!<br />00401119 . EB 0A JMP SHORT OneXor.00401125<br />0040111B 68 6E304000 PUSH OneXor.0040306E ; ASCII "OneXor by V!ctor "<br />00401120 . 68 9B304000 PUSH OneXor.0040309B ; ASCII "This is right password!!!!!" //GoodBoy!!!!<br />00401125 > FF35 00314000 PUSH DWORD PTR DS:[403100] ; hOwner = 00070154 ('OneXor by V!ctor ',class='#32770')<br />0040112B . E8 3A000000 CALL <jmp.&user32.messageboxa>; \MessageBoxA<br />00401130 \. C3 RETN</p><p>As you can see the only way to get to the good boy wd be to somehow reach the code at VA 40111b but wait still theres some thing missing ahh! yes the PUSH 0 of msg box style. Now the thing to think is that the author does not want a patched solution that means that he must have put that push 0 and jmp 40111b some where. But where!!!!!! Only one easy way to find it.... Binary search of the memory. Press Alt+M right click in the MEMORY Map window hit search n place 6A 00 E9 to search n no sooner you find what you are looking for @ VA 4000B0.</p><p>So its clear that one Gud way of solving crackmes is to think in the same line as the author.....:P</p>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-73350879383444850602008-08-21T05:09:00.000-07:002008-08-21T05:45:38.488-07:00Jim~ SpaghettiMe Dissected...:P<p align="justify">Ah! finally the wait is over my tut for Jim~'s SpaghettiMe is finally published; one of the trickiest crackmes i ever faced. A brief over view of the recursion that is used to calculate the serial and how to reverse it.</p><p align="justify">private int[] overloaded(int[] chr)<br />{<br />if (<a title="int[] chr; // Parameter">chr</a>.Length <= 1) { return <a title="int[] chr; // Parameter">chr</a>;<br />}<br />int num = <a title="int[] chr; // Parameter">chr</a>[<a title="int[] chr; // Parameter">chr</a>.Length - 1];<br />int[] numArray = new int[<a title="int[] chr; // Parameter">chr</a>.Length - 1];<br />for (int i = 0; <a title="int i // Local Variable">i</a> < (<a title="int[] chr; // Parameter">chr</a>.Length - 1); <a title="int i // Local Variable">i</a>++)<br />{<br /><a title="int[] numArray // Local Variable">numArray</a>[<a title="int i // Local Variable">i</a>] = (<a title="int num // Local Variable">num</a> + <a title="int[] chr; // Parameter">chr</a>[<a title="int i // Local Variable">i</a>]) % 0xff;<br />}<br />return this.overloaded(<a title="int[] numArray // Local Variable">numArray</a>);<br />}<br /></p><p align="justify">Ok what this function does is that it compresses the int array that it recieves by one element and finally returns a value when the array length becomes == 1. This can be better explained with an example:<br />suppose that an array of 4 elements is passed onto the function then<br />array[4]{103,8,6,8} //array[4] refers to an array of 4 elements similarly array[3] an array with 3 elements<br />array[3] after recursion will be<br />array[3]{(103+8),(8+8),(6+8)) ==== {111,16,14}<br />array[2]{(111+14),(16+14)} ==== {125,30}<br />and finally<br />array[1]{125+30} ==== {155}<br />Thus this value that is returned sd be equal to that generated from name. </p><p align="justify">To reverse it we can simply create an array of 2 elements and keep on expanding it till it becomes 30 elements long. Now one might ask why 30 elements :P this is simply bcoz the seiral is 40 chars long and a base 64 string 40 chars long has a byte array of 30 elements. Now the first element of the array is the one that is calculated from the name and the other is 255. why 255 bcoz the compression is carried out this way suppose if 155 is calculated from name then our initialised array will be array[2]{155,255} which when compressed according to the code <a title="int[] numArray // Local Variable">numArray</a>[<a title="int i // Local Variable">i</a>] = (<a title="int num // Local Variable">num</a> + <a title="int[] chr; // Parameter">chr</a>[<a title="int i // Local Variable">i</a>]) % 0xff; will be (155+255)%255 = 155 simple aint it. So the code that serves our purpose is</p><p align="justify">private int[] overload(int[] chr)<br />{<br />int num;<br />Random random = new Random();<br />if (<a title="int[] chr; // Parameter">chr</a>.Length >= 30)<br />{<br />return <a title="int[] chr; // Parameter">chr</a>;<br />}<br />int maxValue = <a title="int[] chr; // Parameter">chr</a>[<a title="int[] chr; // Parameter">chr</a>.Length - 1];<br /><a title="int maxValue // Local Variable">maxValue</a> = <a title="Random random // Local Variable">random</a>.Next(1, <a title="int maxValue // Local Variable">maxValue</a>);<br />int[] numArray = new int[<a title="int[] chr; // Parameter">chr</a>.Length + 1];<br /><a title="int[] numArray // Local Variable">numArray</a>[<a title="int[] chr; // Parameter">chr</a>.Length] = <a title="int maxValue // Local Variable">maxValue</a>;<br />for (<a title="int num // Local Variable">num</a> = 0; <a title="int num // Local Variable">num</a> < <a title="int[] chr; // Parameter">chr</a>.Length; <a title="int num // Local Variable">num</a>++)<br />{<br /><a title="int[] numArray // Local Variable">numArray</a>[<a title="int num // Local Variable">num</a>] = ((0xff + <a title="int[] chr; // Parameter">chr</a>[<a title="int num // Local Variable">num</a>]) - <a title="int maxValue // Local Variable">maxValue</a>) % 0xff;<br />}<br />return this.overload(<a title="int[] numArray // Local Variable">numArray</a>);<br />}<br />the random number is used to subtarct it from the existing elements of the array and to include it as the incremented element of the new array. 0xff is added so as to avoid -ve numbers.</p><p align="justify">Now to look at the recursion that is used to calculate the necessary number from name</p><p align="justify"><br />private int overloaded(int num)<br />{<br />if (<a title="int num; // Parameter">num</a> > 0)<br />{<br />if ((<a title="int num; // Parameter">num</a> % 2) == 0)<br />{<br />return (3 + this.overloaded((int) (<a title="int num; // Parameter">num</a> - 1)));<br />}<br />return (this.overloaded((int) (<a title="int num; // Parameter">num</a> - 1)) - 2);<br />}<br />if (<a title="int num; // Parameter">num</a> >= 0)<br />{<br />return 0x539;<br />}<br />if ((<a title="int num; // Parameter">num</a> % 2) == 0)<br />{<br />return (3 + this.overloaded((int) (<a title="int num; // Parameter">num</a> + 1)));<br />}<br />return (this.overloaded((int) (<a title="int num; // Parameter">num</a> + 1)) - 2);<br />}<br />Of course its not easy to understand what goes on inside this recursion. An easy way to understand it wd be to rip this code and try to see the result by passing different numbers to it. </p><p align="justify">A table to show what happens when i passed some numbers to it:</p><p align="justify">0 == 1337</p><p align="justify">1 == 1335</p><p align="justify">2 == 1338</p><p align="justify">3 == 1336</p><p align="justify">4 == 1339</p><p align="justify">5 == 1337</p><p align="justify">this much was enough for me to understand what was happening. For even numbers it was returning (num/2)+1337 and for odd numbers it was returning ((num-1)/2)+1335. The same was also true for -ve numbers. So this can easily be done with the following code:</p><p align="justify"><br />private int overloadedint(int num)<br />{<br />if (<a title="int num; // Parameter">num</a> > 0)<br />{<br />if (<a title="int num; // Parameter">num</a> == 0)<br />{<br />return 0x539;<br />}<br />if ((<a title="int num; // Parameter">num</a> % 2) == 0)<br />{<br />return ((<a title="int num; // Parameter">num</a> / 2) + 0x539);<br />}<br />return (((<a title="int num; // Parameter">num</a> - 1) / 2) + 0x537);<br />}<br /><a title="int num; // Parameter">num</a> *= -1;<br />if (<a title="int num; // Parameter">num</a> == 0)<br />{<br />return 0x539;<br />}<br />if ((<a title="int num; // Parameter">num</a> % 2) == 0)<br />{<br />return ((<a title="int num; // Parameter">num</a> / 2) + 0x539);<br />}<br />return (((<a title="int num; // Parameter">num</a> - 1) / 2) + 0x537);<br />}<br />Hu? So i guess over all it was a very interesrting crackme. I look forward to seeing some more such crackmes from Jim~ n also that i will be writing some crackmes in the same line.....</p>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-87588472131321474032008-08-20T08:04:00.000-07:002008-08-20T08:07:26.488-07:00br0ken's crackme3Finished coding the keygen for br0ken's crackme3. The tutorial is uploaded and approved but i m still waiting for the Gold Medal that br0ken promised :P. If there's any confusion bout some thing just leave a comment n i'll be glad to clear the doubts.Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-61752675868300299672008-08-20T07:33:00.000-07:002008-08-21T05:48:01.062-07:00Some FreeWares<p><span class="blsp-spelling-error" id="SPELLING_ERROR_0">Ok</span> my second post. </p><p>Let me just tell you bout some gr8 freewares that i use:</p><p><strong>I<span class="blsp-spelling-error" id="SPELLING_ERROR_1">DAFicator</span></strong> a gr8 <span class="blsp-spelling-error" id="SPELLING_ERROR_2">plugin</span> for our beloved <span class="blsp-spelling-error" id="SPELLING_ERROR_3">OllyDbg</span>. Adds Some <span class="blsp-spelling-error" id="SPELLING_ERROR_4">xtra</span> Buttons for quick access to many functions of <span class="blsp-spelling-error" id="SPELLING_ERROR_5">olly</span>. You can get it from: <a href="http://www.woodmann.com/collaborative/tools/index.php/IDAFicator">http://www.woodmann.com/collaborative/tools/index.php/IDAFicator</a></p><p><strong>CFF Explorer</strong> <a href="http://www.ntcore.com/exsuite.php">http://www.ntcore.com/exsuite.php</a></p><br /><p></p>Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0tag:blogger.com,1999:blog-1749540964778756315.post-8764222357075954442008-08-17T18:27:00.000-07:002008-08-17T18:31:45.882-07:00Hi Friends Welcome to my blog. This is my first post so wont be writing much. Will keep updating my blog with crackmes.de solutions that i write and also with some other stuff that i code or some literary stuff. See ya.....Obnoxioushttp://www.blogger.com/profile/01715396496199091501noreply@blogger.com0