Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 17
Members Online: 6

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Challenges | Application Cracking

Author

app10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-01-06 19:47
Ok, I did this mission with ollydbg, got the password, entered it, it said the password fer hbh is "im not gonna post it"... but when i go to enter it, in hbh, it says invalid password...whatd i do wrong?
Author

RE: app10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-01-06 23:47
if you had to patch the program flow without looking at the actual algo then it will show an incorrect password Smile

Author

RE: app10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-06 02:51
alrite, i dunno wat the crap yer talkin about, bcoz im dumb...but i didnt patch anything, and wat u said made me super confused...plz explain...and if it helps, is the pw supposto b the same as the pw yer supposto enter? SORRY IF SPOILER, BUT I DONT THINK IT IS COZ U NEED THE PASS ANYWAYS!

Edited by on 21-01-06 02:52
Author

RE: app10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-06 03:06
wut he means is did u patch the application to show u "the password is....."


Author

RE: app10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-01-06 10:38
A-BombeD wrote:
alrite, i dunno wat the crap yer talkin about, bcoz im dumb...but i didnt patch anything, and wat u said made me super confused...plz explain...and if it helps, is the pw supposto b the same as the pw yer supposto enter? SORRY IF SPOILER, BUT I DONT THINK IT IS COZ U NEED THE PASS ANYWAYS!


this is the line where the compare is done :-

MOV ESI,crackme2.0040307E ; ASCII "6032F9CE9BA8D6E1"
MOV EDI,crackme2.0040314A

The password you entered goes through the algorithm to become encoded. The encoded password is saved at address 0040314A.

The fixed password is saved at address 0040307E

The two are then compared (value wise) to see if they match, if they do then you have entered the correct password, and the text you entered is displayed back to you as the HBH password.

Therefore patching program flow is not an option as you will only get the text you entered displayed back. if you enter the correct password, then the compare above ^ should match.


* Hints *

(1) The password is all lowecase
(2) The password does NOT end in p
(3) The start of the encryption algorithm is at 0040111A where the text you enter is loaded into the ESI register

hope that helps some?

ps, how many characters is the password you got?


********
*Admins*
********
This should not be too much of a spoiler as the challenge is to analyse the algorithm, reverse it, and find a password that matches.
Byte patches will not work!


Edited by on 21-01-06 10:48