Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 26
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Challenges | Application Cracking

Author

App 10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-08-06 13:27
HI all

I have managed to patch app 10 :evil:

but the password it shows on the alert box seems to be wrong..

The password for HBH is TmljZSBUcnk=

54 68 61 74 20 69 73 20 6e 6f 74 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 61 62 6f 76 65



I have checked the patched app in olly and it all seems ok..

any ideas..



Edited by on 19-08-06 13:31
Author

RE: App 10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-08-06 15:56
the application shows an incorrect password because patching the program alters the original flow of itself... I think you must go through another way... in ollydbg just watch what the program do from 0040111A to 0040131F (I think it's not a spoiler) with a known password and see what is supposed to be in output...
Author

RE: App 10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-06 06:58
thatsflash, Did you make any progress?

I cant figure out how to do it ... =(


Author

RE: I loved this one...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 10:24
I'll try and keep the spoilers to a minimum.

Assuming you're using Olly, you'll have a few things on hand. One of which is the hex string you're supposed to match... If you're like me, you used your hex editor and patched that string to make it match whatever garbage you typed into the app and cross-referenced with Olly. While the results weren't the password, they did clue us in on something just as useful. The encryption applied to our input is reversible -- it can encrypt AND decrypt.

Now, armed with that knowledge, we can discover what kind of algorithm is being used to encrypt/decrypt our input. Don't overcomplicate this one, as it's really very basic.

Once you've got that last piece of information, it's simply a matter of taking the information we DO know, and using it to find what we don't.

I wrote myself a little C program to do the work for me, as I'm not all that speedy with binary math Smile
Author

RE: App 10

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 10-10-06 17:46
Just to let you know, you don't have to use anything else than Olly. (I didn't have to anyway :happy: )


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .

Edited by Uber0n on 10-10-06 17:48
Nope http://uber0n.webs.com/
Author

RE: App 10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 17:59
yea i only used olly too


Author

RE: App 10


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 18:19
why did you use base64?