Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Application Cracking

Author

App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 08:37
I've successfully completed App Extra & App patching 2, submitted my answers yet not gotten points for these yet.

Who checks them and when can I expect a response?

Also, I have a new challenge which could be usable for both app cracking or app patching which should be a little harder than the trivially simple existing ones if anybody wants to give it a try: http://research.midnight-labs.org/~harryr/crackme.exe


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 09:38
doesnt patch 2 accept a md5 checksum thats either right or wrong, not reviewed by admins?


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 14:07
stdio wrote:
doesnt patch 2 accept a md5 checksum thats either right or wrong, not reviewed by admins?


Yes, although there are so many different ways to patch it properly, although the way I did it doesn't match 100% with the way Fros_T envisioned (and thus the md5 hash doesn't match).

The Web Patching challenges have the same issues, for each of those challenges I can think of at least 5 different ways it can be broken and/or fixed.


Author

RE: App Extra & App patching 2

crashbird
Member



Posts: 83
Location: India
Joined: 15.06.07
Rank:
Newbie
Posted on 07-08-08 15:52
Just read the directions given by Frost_T, again and again.
It is pretty clear. You can pm me with what you are trying.


www.hellboundhackers.org/sig/r/20526.png
elijah981 elijah981
Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 17:56
crashbird wrote:
Just read the directions given by Frost_T, again and again.
It is pretty clear. You can pm me with what you are trying.


I've now got at least 15 completely different ways of cracking it while still abiding by the "rules", none of which are accepted.


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 18:16
Sod it, here are some of the simpler ones....
Code

00401098     B8 47250000    MOV EAX,2547




or...
Code

004010E5     B8 47250000    MOV EAX,2547
004010EA     90             NOP






Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-08-08 09:19
lemmingmolester wrote:
Sod it, here are some of the simpler ones....
Code

00401098     B8 47250000    MOV EAX,2547




or...
Code

004010E5     B8 47250000    MOV EAX,2547
004010EA     90             NOP





Alright I just got done beating this after several attempts at modifying it with the right answer. First problem you are having, is you are directly changing the value of EAX. you need to change the algorithm in which EAX will become 2547. The last bit takes a bit of guessing until you get it right, but theres only a handful of logical choices here, so keep at it until you get it. If you are stuck with the correct return feel free to pm me.


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-08-08 15:59
My point is that's how the real world works, the easiest route is taken and any other approach is futile.


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-08-08 03:23
Code
00401044     BA A1504000    MOV EDX,Patch-2.004050A1



puts the original number into a variable

Code
00401071     D1E8           SHR EAX,1
00401073     A3 BE504000    MOV DWORD PTR DS:[4050BE],EAX
00401078    ^E2 F7          LOOPD SHORT Patch-2.00401071



looks like the shift right is multipling eax times a certain number, not tough to deduce by looking ahead. Like 0x(eax/2), or something.

So 9543 must be in EAX. I got close once, then quit, I can see that happening again.




Edited by on 10-08-08 03:36
Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-08-08 03:28
sharpskater80 wrote:
Code
00401044     BA A1504000    MOV EDX,Patch-2.004050A1                 ;  ASCII "Your initial number is: "






test


???
Yeah Im not going to lie, that post makes absolutely no sense.


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-08-08 03:37
I was seeing if the code tags would work, sorry.


Author

RE: App Extra & App patching 2


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-10-08 17:20
sorry to post in an out-dated thread, but I want to put to rest any more comments on my challenge.

1. yes there are many MANY ways of doing it, there's a reason to this.

2. I agree with the "the shortest route is the easiest", but sometimes the shortest route makes you miss all the sights along the way. I designed this challenge to introduce people to practical algorithms (granted very simple) and to code logic itself. There are enough challenges out there where you just NOP and presto its good. I wanted to create something where you actually had to think...like ok the number is now whatever at this point, and the code is doing such and such to it...and then work out what you needed to do to make it the correct number.

3. If anyone still has trouble, I try and get back to them as soon as possible, sometimes that is not very soon, but I will eventually get there.

alright thanks for listening, good luck