smagazor Posted December 3, 2010 Report Share Posted December 3, 2010 (edited) M-am gandit sa creez o serie de astfel de programe la care ideea de baza e sa va testati cunostintele de ASM si Reverse Engineering prin gasirea parolelor, creearea de generatoare de chei si nu numai.Iata si primul program dintr-o serie cat mai lunga si cat mai educativa:http://rapidshare.com/files/434746847/Rst-FindMe1.zipDupa ce reuseste cineva sa rezolve, ar fi indicat sa detalieze modul in care a facut acest lucru pentru ca toti sa se poata inspira si sa invete.Cod sursa:#include <stdio.h>#include <stdlib.h>int main (){ FILE *md5hash; char namef[L_tmpnam],*datah; datah = (char *)malloc(26); printf("%s",tmpnam(namef)!=NULL?"Did it!\nEnter some data: ":"Error!\n"); md5hash = fopen(namef,"wt+"); fgets(datah,50,stdin); fputs(datah,md5hash); printf("\nProcessing data ...\n\n"); for (unsigned long int i=0;i<=999999999;i++); fseek(md5hash,0L,SEEK_SET); char p=fgetc(md5hash); fseek(md5hash,3L,SEEK_SET); char a=fgetc(md5hash); fseek(md5hash,6L,SEEK_SET); char s=fgetc(md5hash); fseek(md5hash,9L,SEEK_SET); char s2=fgetc(md5hash); fseek(md5hash,12L,SEEK_SET); char w=fgetc(md5hash); fseek(md5hash,15L,SEEK_SET); char o=fgetc(md5hash); fseek(md5hash,18L,SEEK_SET); char r=fgetc(md5hash); fseek(md5hash,21L,SEEK_SET); char d=fgetc(md5hash); fseek(md5hash,24L,SEEK_SET); fclose(md5hash); remove(namef); if (p==82 && a==83 && s==84 && s2==70 && w==105 && o==110 && r==100 && d==49) printf("Congratulations, now what is the password I have checked for?"); else printf("Could not compute the correct password. Try again!"); getchar(); return 0;}smagazor Edited December 4, 2010 by smagazor Quote Link to comment Share on other sites More sharing options...
Xander Posted December 3, 2010 Report Share Posted December 3, 2010 cred ca ideea ar fi ca toti sa incerce singuri... si sa primeasca doar niste indicii... nu rezolvarea completa ca asa nu invata nimic Quote Link to comment Share on other sites More sharing options...
Usr6 Posted December 4, 2010 Report Share Posted December 4, 2010 "RSTFind1"? obtinut prin decompilare+citire cod(n-am un vm la indemana sa rulez executabilu) Quote Link to comment Share on other sites More sharing options...
Zamolxis666 Posted December 4, 2010 Report Share Posted December 4, 2010 RSTFind1. Puteai sa complici lucrurile si sa creezi vreo 3 functii astfel: prima o apela pe a doua, a doua facea niste calcule inutile, apoi o apela pe a treia, iar a treia verifica inputul. Oricum, GG Quote Link to comment Share on other sites More sharing options...
smagazor Posted December 4, 2010 Author Report Share Posted December 4, 2010 (edited) Felicitari, ar fi indicat sa explicati mai in detaliu cum ati facut.Usr6 sunt convins ca nu ai decompilat codul, atata timp cat e scris in C.smagazor Edited December 4, 2010 by smagazor Quote Link to comment Share on other sites More sharing options...
Zamolxis666 Posted December 4, 2010 Report Share Posted December 4, 2010 L-am bagat in IDA pro, am urmarit pe grafic, am vazut unde era pus mesajul ca a fost inputul corect si am urmarit "nodurile" legate in cascada, unde era verificat fiecare caracter. sintaxa era ceva de genu: cmp [ebp+3], 53hjnz shortloc_4a00e4 Am cautat pe google tabelul ascii si am vazut ca pt 53h corespunde litera S. Am urmat firul si am aflat parola. Quote Link to comment Share on other sites More sharing options...
smagazor Posted December 4, 2010 Author Report Share Posted December 4, 2010 Am adaugat codul sursa in primul post.Diseara o sa apara urmatoarea aplicatie.smagazor Quote Link to comment Share on other sites More sharing options...
Usr6 Posted December 4, 2010 Report Share Posted December 4, 2010 Felicitari, ar fi indicat sa explicati mai in detaliu cum ati facut.Usr6 sunt convins ca nu ai decompilat codul, atata timp cat e scris in C.ms,ba chiar asta am facut:)C:/Documents and Settings/smagazor.RSTCENTER/Desktop/Rst-FindMe1.cppcompilat cu dev-c++ 4.9.9.2nu? Quote Link to comment Share on other sites More sharing options...
Zamolxis666 Posted December 4, 2010 Report Share Posted December 4, 2010 Cu ce l-ai decompilat? Quote Link to comment Share on other sites More sharing options...
phantomas90 Posted December 5, 2010 Report Share Posted December 5, 2010 Reversing Secrets of Reverse Engineering .pdf - 8.4 MbPoate asta va ajuta. Quote Link to comment Share on other sites More sharing options...
Xander Posted December 6, 2010 Report Share Posted December 6, 2010 practic el nu a decompilat in c++ ca nu are cum. a facut dissasembly si a facut reverse translation la functii ( la compilare se face functie->adresa ... si programul a facut adresa->functie) Quote Link to comment Share on other sites More sharing options...
Usr6 Posted December 6, 2010 Report Share Posted December 6, 2010 " la compilare se face functie->adresa ... si programul a facut adresa->functie"si asta ce inseamna?uite un decompiler pt c Decompilation of Binary Programs - dccdisassemble faci pt a obtine codul in asm, decompilatoarele se folosesc in general pt a obtine cat mai multe functii posibile din codul original, acuma sa nu ti imaginezi ca vei putea compila codul obtinut de decompiler asa cum ii el (in cazul autoit am reusit o data:D ).Daca cunosti programare, cu ajutorul unei surse obtinute prin decompilare ai putea sa-ti faci propria sursa*multzam phantomas pt book*Zamolxis Reverse Engineering Resources - Decompilers REC apare in poza postata Quote Link to comment Share on other sites More sharing options...
phantomas90 Posted December 6, 2010 Report Share Posted December 6, 2010 Art of Assembly.pdf - 4.0 MbSi asta deasemenea cred ca va fi ajutatoare. Urmaresc acest thread pt ca mi se pare singurul care solicita materia cenusie, din tot ce este pe aici pe forum. Cum se spunea si mai sus, ar fi bine sa se posteze -daca tot s-a inceput asa ceva- si metode de identificare a unei functii, din codul asm rezultat. Anyway good job until now. Quote Link to comment Share on other sites More sharing options...
