yulyul2004

Cate litere fara spatii sunt? Sunt cuvinte cu sens? Au sens impreuna? Tu ai un algoritm de reverse? Sau ai folosit functii de hashing?

notepad si Ascii Table - ASCII character codes and html, octal, hex and decimal chart conversion

Simplu. Cuvantul este: FELICITARI

Spatiu e 32 decimal, 20 hexa(0x20, 20h, etc.). Null char,n-avem cum sa-l scriem in textbox, este 0 decimal, 0 hexa(0x00, 00h, etc). Mai mult compilatorul de delphi foloseste "null terminated string", deci daca am pune null la jumatatea parolei, parola ar avea doar 3 caracetre si nu ar trece de validarea de 8 caractere. PS: CrackMe-ul original se gaseste aici: http://www.mibs-challenges.de/challenge.php?type=5 sub numele "MiB's Challenges - CrackMe #VII"

User: Xdo Pass: omr?tcst unde "?" este caraterul 0x00 pe care n-am cum sa-l scriu in textbox. sau gresesc eu ceva???

"parola" este: 000D87A86615. Trebuie pusa "parola" ca adresa de MAC. Placa de retea care are MAC-ul asta e facuta de Elitegroup Computer System Co. (ECS)

eu zic ca e nevoie si de ala, altfel da IndexOutOfRangeException la str3[0x17]

Primul crack-me de tipul asta pe care l-am facut. Mi-a luat 15 minute sa-l rezolv. serial1:1234567890qwerty + 0xC3 + 0x10 + 0x74 (adresa 0x007410C3) serial2:1234567890qwerty + 0x59 + 0x11 + 0x74 (adresa 0x00741159) LE: CarckMe output: ???????????????????????????????????????????????? ???? RSTCenter Crackit #04 :: Enjoy ???????????????????????????????????????????????? ???? 1??? Serial :1234567890qwerty?^Pt ???????????????????????????????????????????????? ???? RSTCenter Crackit #04 :: Enjoy ???????????????????????????????????????????????? ???? 1??? Serial :1234567890qwertyY^Qt ???? ???? 3??? You did it! Congrats;) ???? Concatenate the words in the serials ???? to get the pass! ???? ????????????????????????????????????????????????

Codul: cool13377331å=ssaåP

Mi-a luat ceva timp ca am facut keygen-ul in C#. Parola finala este: geronimo

User: Gregor Pass: 1502754 Mai jos am comentat putin codul asm pentru cine vrea sa faca keygen: .text:00401000 _main proc near .text:00401000 .text:00401000 var_B0 = dword ptr -0B0h .text:00401000 Dest = byte ptr -0ACh .text:00401000 Serial = dword ptr -78h .text:00401000 UserSerial = dword ptr -40h .text:00401000 UserNameLength = dword ptr -3Ch .text:00401000 Source = byte ptr -38h .text:00401000 var_37 = byte ptr -37h .text:00401000 var_4 = dword ptr -4 .text:00401000 argc = dword ptr 8 .text:00401000 argv = dword ptr 0Ch .text:00401000 envp = dword ptr 10h .text:00401000 .text:00401000 push ebp .text:00401001 mov ebp, esp .text:00401003 sub esp, 0B0h .text:00401009 push offset aKeyme1ByHertz@ ; "************************\n* Keyme 1 by H"... .text:0040100E call _printf .text:00401013 add esp, 4 .text:00401016 push offset aPleaseEnterYou ; "\nPlease enter your username: " .text:0040101B call _printf .text:00401020 add esp, 4 .text:00401023 lea eax, [ebp+Source] .text:00401026 push eax .text:00401027 push offset Format ; "%s" .text:0040102C call _scanf .text:00401031 add esp, 8 .text:00401034 lea ecx, [ebp+Source] .text:00401037 push ecx ; Source .text:00401038 lea edx, [ebp+Dest] .text:0040103E push edx ; Dest .text:0040103F call _strcpy .text:00401044 add esp, 8 .text:00401047 push offset unk_4070EC .text:0040104C lea eax, [ebp+Dest] ; Copy the username address in eax .text:00401052 push eax ; Str .text:00401053 call _strstr ; Search for 'e' in the username .text:00401058 add esp, 8 .text:0040105B mov [ebp+var_4], eax .text:0040105E cmp [ebp+var_4], 0 .text:00401062 jnz loc_401161 ; Go to wrong username message if Username contains 'e' .text:00401068 lea ecx, [ebp+Dest] ; Copy the username address in ecx .text:0040106E push ecx ; Str .text:0040106F call _strlen ; Get username length .text:00401074 add esp, 4 .text:00401077 mov [ebp+UserNameLength], eax .text:0040107A cmp [ebp+UserNameLength], 5 .text:0040107E jle loc_40114D ; Jump to wrong username if username.length < 5 .text:00401084 cmp [ebp+UserNameLength], 0Fh .text:00401088 jge loc_40114D ; Jump to wrong username if username.length > 0x0F .text:0040108E mov [ebp+Serial], 1 .text:00401095 movsx edx, [ebp+Source] ; edx = first char .text:00401099 movsx eax, [ebp+var_37] ; eax = second char .text:0040109D add edx, eax ; edx = first char + second char .text:0040109F mov ecx, [ebp+UserNameLength] ; Ecx = username length .text:004010A2 movsx eax, byte ptr [ebp+ecx+UserNameLength+2] ; eax = Second last char .text:004010A7 mov ecx, [ebp+UserNameLength] ; useless .text:004010AA movsx ecx, byte ptr [ebp+ecx+UserNameLength+3] ; ecx = last username char .text:004010AF add eax, ecx ; eax = eax + ecx (last two chars) .text:004010B1 imul edx, eax ; edx = edx * eax .text:004010B4 mov eax, [ebp+Serial] ; eax = 1 .text:004010B7 imul eax, edx ; eax = eax * edx = edx .text:004010BA mov [ebp+Serial], eax .text:004010BD mov [ebp+var_B0], 2 .text:004010C7 jmp short loc_4010D8 .text:004010C9 ; --------------------------------------------------------------------------- .text:004010C9 .text:004010C9 loc_4010C9: ; CODE XREF: _main+FDj .text:004010C9 mov ecx, [ebp+var_B0] .text:004010CF add ecx, 1 .text:004010D2 mov [ebp+var_B0], ecx .text:004010D8 .text:004010D8 loc_4010D8: ; CODE XREF: _main+C7j .text:004010D8 mov edx, [ebp+UserNameLength] .text:004010DB sub edx, 2 ; without last 2 chars .text:004010DE cmp [ebp+var_B0], edx .text:004010E4 jge short loc_4010FF ; check if we reached the end .text:004010E6 mov eax, [ebp+var_B0] .text:004010EC movsx ecx, [ebp+eax+Source] ; ecx = current char .text:004010F1 mov edx, [ebp+Serial] ; edx = serial .text:004010F4 add edx, ecx ; edx = serial + current char .text:004010F6 imul edx, [ebp+UserNameLength] ; edx = edx * UserNameLength .text:004010FA mov [ebp+Serial], edx ; save the serial .text:004010FD jmp short loc_4010C9 .text:004010FF ; --------------------------------------------------------------------------- .text:004010FF .text:004010FF loc_4010FF: ; CODE XREF: _main+E4j .text:004010FF push offset aPleaseEnterY_0 ; "\nPlease enter your key to verify: " .text:00401104 call _printf .text:00401109 add esp, 4 .text:0040110C lea eax, [ebp+UserSerial] .text:0040110F push eax .text:00401110 push offset aD ; ; "%d" - read a decimal .text:00401115 call _scanf .text:0040111A add esp, 8 .text:0040111D mov ecx, [ebp+UserSerial] ; User serial .text:00401120 cmp ecx, [ebp+Serial] ; compare with generated serial .text:00401123 jnz short loc_401139 .text:00401125 push offset aKeyIsCorrect__ ; "\nKey is correct...\n" .text:0040112A call _printf .text:0040112F add esp, 4 .text:00401132 call __getch .text:00401137 jmp short loc_40114B .text:00401139 ; --------------------------------------------------------------------------- .text:00401139 .text:00401139 loc_401139: ; CODE XREF: _main+123j .text:00401139 push offset aSorryYourKeyIs ; "\nSorry, your key is wrong...\n" .text:0040113E call _printf .text:00401143 add esp, 4 .text:00401146 call __getch .text:0040114B .text:0040114B loc_40114B: ; CODE XREF: _main+137j .text:0040114B jmp short loc_40115F .text:0040114D ; --------------------------------------------------------------------------- .text:0040114D .text:0040114D loc_40114D: ; CODE XREF: _main+7Ej .text:0040114D ; _main+88j .text:0040114D push offset aOnlyUsernamesW ; "\nOnly usernames with length between 5 a"... .text:00401152 call _printf .text:00401157 add esp, 4 .text:0040115A call __getch .text:0040115F .text:0040115F loc_40115F: ; CODE XREF: _main:loc_40114Bj .text:0040115F jmp short loc_401173 .text:00401161 ; --------------------------------------------------------------------------- .text:00401161 .text:00401161 loc_401161: ; CODE XREF: _main+62j .text:00401161 push offset aSorryThisUsern ; "\nSorry, this username is not supported."... .text:00401166 call _printf .text:0040116B add esp, 4 .text:0040116E call __getch .text:00401173 .text:00401173 loc_401173: ; CODE XREF: _main:loc_40115Fj .text:00401173 mov esp, ebp .text:00401175 pop ebp .text:00401176 retn .text:00401176 _main endp

CrackMe output: Master Yoda: To the Academy I welcome you, young Padwan ! Hmmmm..... Doubt in your ways your spirit reveals. Your name, do you know ? Padwan: skywalker. luke skywalker. Master Yoda: Your name The Force has heard. It's worthy of a bright future! ....still... Do know your place in The Universe ? Padwan: i must follow the path of the force. Master Yoda: Congratulations! You are wise and your spirit strong ! ____________________________________________________________________________ "crackme" created by xact Functia de decodare e facuta in C# using System; namespace HttpClient.RST { public class CrackMe08 : IMissoin { public void Execute() { Console.WriteLine(Decode("-sdlkbvzjt fjvk!-sdlkbvzjt")); Console.WriteLine(Decode("-fbsng fgu gn!gu`q fgu xnmkpe!sttn j")); } /// <summary> /// Decodes the string. /// </summary> /// <param name="source">Encoded string.</param> /// <returns>Decoded string.</returns> private static string Decode(string source) { string result = string.Empty; for (int i = source.Length - 1; i > -1; i--) result += source[i] != ' ' ? ((char) (source[i] + ((source.Length - i)%2 == 0 ? 1 : -1))) : ' '; return result; } } } Din pacate nu cred ca o sa am timp sa fac un CrackMe prea curand, deci... daca pune altcineva nu ma supar.

parola e 19880502 probabil e vreo data de nastere !?!?!?.... 02/05/1988

Am gasit parola. Ti-am trimis mail.

a fost destul de simplu. in prima instanta am incercat sa deschid form-ul 2 indiferent daca parola era buna sau nu, dar evident nu se decripta corect poza. apoi am gasit functia care decripta string-ul din resurse si asa am aflat parola.

Numarul de caractere l-am pus la nimereala. Nu am scris parola ca ma gandeam ca se mai chinue cineva si nu vroiam sa-i stric surpriza Parola este: a6!SOUND!128!FreshMeat (are 22 de caractere). Am folosit IDA Pro v5.2 si P32Dasm 2.3.

Iata poza: si parola este:*************