Thread subject: Security Override :: software cracking 2

Posted by cruizrisner on 01/22/2010 11:47:41
#1

well eventually someone had to ask on this one so... I need help

Posted by Teddy on 01/22/2010 12:16:33
#2

You have to use ollydbg or another decompiler to decompile the code into Assembler and then set a Breakpoint so that you can see the password in a Register......

That great video by CrashOverron will help you to learn the Basics ;).
http://infinityexists.com/videos/underground3/

Posted by chronic12 on 03/09/2010 15:20:24
#3

I have looked at the video and I think I have a general understanding I have found the congratulations but cannot identify the "wrong serial" part as the program does not give this kind of message so I am not sure what I am jumping to where if you see what I mean!

Posted by chronic12 on 03/10/2010 09:40:26
#4

Any views on this?

Posted by Teddy on 03/10/2010 09:43:42
#5

You have to set a breakpoint somewhere and then when the program arrives at the breakpoint the pwd is stored in a register.

Posted by chronic12 on 03/10/2010 11:12:57
#6

I think I need to go back and watch the video again

Posted by Teddy on 03/10/2010 11:17:26
#7

Maybe that video help to learn the basic of using olly:
http://www.youtube.com/watch?v=Ve6aSCeKRNQ
Also it would be a good idear to learn the basic of assembler (if u do not know allready)?? Like what a register is, what they store ...................

Edited by Teddy on 03/10/2010 11:17:56

Posted by chronic12 on 03/10/2010 17:30:42
#8

thanks for the help I have completed

Posted by hancoma on 08/19/2010 15:02:14
#9

I have watched both videos numerous times, ran the program with tracer in Ollydbg...attempted to put breakpoints in at what I assumed were the correct locations, ...I know it is right in front of my face...but for the life of me I just can't seem to get it!
I know I need to put a breakpoint somewhere, but I don not think it is above the 'serial' string with the cmp above...that is not working for me...any guidance is appreciated.
BTW...this is an awesome site!

Posted by cruizrisner on 08/20/2010 01:12:06
#10

hancoma wrote:
I have watched both videos numerous times, ran the program with tracer in Ollydbg...attempted to put breakpoints in at what I assumed were the correct locations, ...I know it is right in front of my face...but for the life of me I just can't seem to get it!
I know I need to put a breakpoint somewhere, but I don not think it is above the 'serial' string with the cmp above...that is not working for me...any guidance is appreciated.
BTW...this is an awesome site!


multiple breakpoints are aloud, if you are unsure of which spot it is then set multiple breakpoints. then hit run and when it reaches the first breakpoint check the registers for the password, if its not there, hit run again and it will stop at the next breakpoint, again check registers. etc etc

Posted by auditorsec on 08/20/2010 04:38:19
#11

hancoma wrote:
I have watched both videos numerous times, ran the program with tracer in Ollydbg...attempted to put breakpoints in at what I assumed were the correct locations, ...I know it is right in front of my face...but for the life of me I just can't seem to get it!
I know I need to put a breakpoint somewhere, but I don not think it is above the 'serial' string with the cmp above...that is not working for me...any guidance is appreciated.
BTW...this is an awesome site!


As Cruiz mentioned you can put multiple breakpoints so no harm in doing it. I would say important thing is to learn rather than just completing the challenge by hit and try... (my personal opinion)

I think you know how it works but am writing this for others.....

How does a serial entry work
You put up a serial in the dialog box, then program instructions are executed and the serial you entered is compared to an already stored serial (good serial). there is a conditional statement that if boolean returned is true do this and say something like correct, else say something like try again.
Normally either good serial is hard coded in program, or it is generated at run time using a user input like username or there is a reference to a third file somewhere.

Now key point is to find the location in the program where this conditional statement is
the best options is the ascii text which comes in the program like try again, wrong password ..... etc
and then try to go up in the program flow to see where the condition is happening...... learning assembly would be helpful because then you can understand what conditional jumps do and how they behave....
like je, jz, jne, jnz, jl, etc etc

je /jz– jump if equal,
jne /jnz– jump if not equal,
jl – jump if less than, if second parameter is less than the first
jg – jump if greater than, if second parameter is larger than the first


so somewhere above this, in program your strings are compared or tested. If you can put a breakpoint just above this compare or test, you can see the real password crystal clear in memory locations.........

another approach which helps is modifying the jump condition.... when it says jump if equal, change it with jump if not equal.. this validates your wrong entry to to correct...........

hope this helps...... :)



NOTE For Admins: If you find this post as inappropriate or giving out much please remove this....

Edited by auditorsec on 08/20/2010 04:41:05

Posted by hancoma on 08/25/2010 07:44:32
#12

cruizrisner, auditorsec,
Many thanks to each of you gentlemen for the valuable insight and information. I realized 2 things...
1. I can muddle through these and 'figure' them out, but without a clear understanding, or expertise.
2. In order to progress and achieve true expertise and knowledge, I now need to understand what it is I am muddling through! Like learning to hit a golf ball, I can hit it, but need the skills to achieve control.

Anyway, somebody referenced in another thread a sight that provides exactly what I am looking for Olly...details, instructions, why's, and hows...

Thanks!

Posted by zediwon on 04/02/2013 09:38:18
#13

i really can make the congratulations alert appear, but what Securityoverride is asking for?
cause there is no password on the alert box. Just "Congratulation you passed Crack 2" what to submit??
hints, tips, explanations will be appreciated. ;)

Posted by zip on 04/02/2013 16:09:57
#14

My guess is you did a jump to get the msg box?

Posted by zediwon on 04/02/2013 17:46:02
#15

you guessed correct zip, any ideas? i think i need to do something more specific more than jumping, whats that? ;)

Posted by 132 on 04/03/2013 16:52:12
#16

I jump the msgbox and just recive conlugratulation. :(

Posted by ArkPhaze on 12/01/2013 20:57:00
#17

132 wrote:
I jump the msgbox and just recive conlugratulation. :(


You have to breakpoint before that, at the strcmp() instruction. I found the value quite easily. Solved all 3 in less than an hour lol... I think we need more Reversing, look at the size of all the other categories.

Code
Stack SS:[0028FE8C]=00590FFC, (ASCII "{removed-to-prevent-cheating}")
EDX=00000000



Posted by brunod on 06/21/2014 05:11:34
#18

Hi,
This is my first post here, so first of all i want to thank you for this great learning site.
I 'd like to know if it is possible to solve this one using linux only tools ?
I succeeded for lvl 1 using file approach but if i need to decompile this one using special windows tools, it's useless i keep trying. :)
Thanks,
Brunod
EDIT : Well, i answer myself : all the tools needed are available in Kali.

Edited by brunod on 07/04/2014 11:47:23