Wav3 Posted August 29, 2011 Report Posted August 29, 2011 (edited) Oke, incep si eu o serie de challange-uri. La toate va apare "Correct" in caz ca este corect si "Wrong" daca este gresit. Good luck !Challange-urile vor fi postate in ordine crescatoare, dupa gradul de dificultate.#1- Lungime : 7- Format : "String ciudat" (L case)Download : Dark FileHost - FindMe_1.exe#2- Lungime : 7- Format : Cuvant romanesc (L case)Download : Dark FileHost - FindMe_2.exe#3- Lungime : 7- Format : Random (doar litere, U & L case)Download : Dark FileHost - FindMe_3.exeAm rearanjat challange-urile. Vechiul #1, acum este #3. Edited August 30, 2011 by Wav3 Quote
em Posted August 30, 2011 Report Posted August 30, 2011 Of. Nu merge niciun download. Le po?i pune pe rapidshare? Sau pe altceva, dar m?car s? fie tld. Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 (edited) Gata, acum merg. Nu ramaneau pe host din cauza acelui "#" din nume.Merci ca m-ai atentionat ! Edited August 30, 2011 by Wav3 Quote
pelican Posted August 30, 2011 Report Posted August 30, 2011 samsung scris invers e cuv romanesc? Asta e pt primu', revin si pt celelalte.. Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 Eh, a ramas formatul de la #2 ca am dat copy..leneaBravo ! Quote
Jimmy Posted August 30, 2011 Report Posted August 30, 2011 samsung scris invers e cuv romanesc? Asta e pt primu', revin si pt celelalte..Trebuia sa-i dai pm sau sa pui o poza... Quote
pelican Posted August 30, 2011 Report Posted August 30, 2011 nu cred ca e nevoie.. mai ales ca prmiu' era banal..oricine poate dar la 2 si 3.. e cam complicat in assembly code, deja ma doare capu'.. Quote
em Posted August 30, 2011 Report Posted August 30, 2011 La primu gasisem ?i eu stringul ?la ciudat, dar nu mi s-a p?rut în român? ?i l-am ignorat. Quote
pelican Posted August 30, 2011 Report Posted August 30, 2011 Ai asta loc_00401BD8: mov var_18, edi loc_00401BDB: mov var_1C, edi loc_00401BDE: mov var_2C, edi loc_00401BE1: mov var_3C, edi loc_00401BE4: mov var_4C, edi loc_00401BE7: mov var_5C, edi loc_00401BEA: mov var_6C, edi loc_00401BED: mov var_7C, edi loc_00401BF0: mov var_8C, edi loc_00401BF6: mov var_9C, edi loc_00401BFC: mov var_AC, edi loc_00401C02: mov var_BC, edi loc_00401C08: mov var_CC, edi loc_00401C0E: mov var_DC, edi loc_00401C14: mov var_EC, edi loc_00401C1A: mov var_FC, edi loc_00401C20: mov var_10C, edi loc_00401C26: mov var_11C, edi loc_00401C2C: mov var_12C, edisi asta loc_00401C54: fclex loc_00401C56: jnl 401C6Ah loc_00401C58: push 000000A0h loc_00401C5D: push 004019ECh loc_00401C62: push esi loc_00401C63: push eax loc_00401C64: call [00401014h] ; loc_00401C6A: mov eax, var_18 loc_00401C6D: mov esi, [00401058h] ; arg_1 = arg_3 & Chr(arg_2) loc_00401C73: mov var_F4, eax loc_00401C79: lea eax, var_2C loc_00401C7C: push 00000061h loc_00401C7E: push eax loc_00401C7F: mov var_18, edi loc_00401C82: mov var_FC, 00008008h loc_00401C8C: call arg_1 = arg_3 & Chr(arg_2) loc_00401C8E: lea ecx, var_3C loc_00401C91: push 0000006Dh loc_00401C93: push ecx loc_00401C94: call arg_1 = arg_3 & Chr(arg_2) loc_00401C96: lea edx, var_5C loc_00401C99: push 00000062h loc_00401C9B: push edx loc_00401C9C: call arg_1 = arg_3 & Chr(arg_2) loc_00401C9E: lea eax, var_7C loc_00401CA1: push 00000061h loc_00401CA3: push eax loc_00401CA4: call arg_1 = arg_3 & Chr(arg_2) loc_00401CA6: lea ecx, var_9C loc_00401CAC: push 0000006Ch loc_00401CAE: push ecx loc_00401CAF: call arg_1 = arg_3 & Chr(arg_2) loc_00401CB1: lea edx, var_BC loc_00401CB7: push 00000061h loc_00401CB9: push edx loc_00401CBA: call arg_1 = arg_3 & Chr(arg_2) loc_00401CBC: lea eax, var_DC loc_00401CC2: push 0000006Ah loc_00401CC4: push eax loc_00401CC5: call arg_1 = arg_3 & Chr(arg_2) loc_00401CC7: mov esi, [00401060h] ; loc_00401CCD: lea ecx, var_FC loc_00401CD3: lea edx, var_2C loc_00401CD6: push ecx loc_00401CD7: lea eax, var_3C loc_00401CDA: push edx loc_00401CDB: lea ecx, var_4C loc_00401CDE: push eax loc_00401CDF: push ecx loc_00401CE0: call loc_00401CE2: push eax loc_00401CE3: lea edx, var_5C loc_00401CE6: lea eax, var_6C loc_00401CE9: push edx loc_00401CEA: push eax loc_00401CEB: call loc_00401CED: lea ecx, var_7C loc_00401CF0: push eax loc_00401CF1: lea edx, var_8C loc_00401CF7: push ecx loc_00401CF8: push edx loc_00401CF9: call loc_00401CFB: push eax loc_00401CFC: lea eax, var_9C loc_00401D02: lea ecx, var_AC loc_00401D08: push eax loc_00401D09: push ecx loc_00401D0A: call loc_00401D0C: push eax loc_00401D0D: lea edx, var_BC loc_00401D13: lea eax, var_CC loc_00401D19: push edx loc_00401D1A: push eax loc_00401D1B: call loc_00401D1D: lea ecx, var_DC loc_00401D23: push eax loc_00401D24: lea edx, var_EC loc_00401D2A: push ecx loc_00401D2B: push edx loc_00401D2C: call loc_00401D2E: push eax loc_00401D2F: call [00401038h] ; loc_00401D35: lea ecx, var_1C loc_00401D38: mov ebx, eax loc_00401D3A: call [00401090h] ; loc_00401D40: lea eax, var_EC loc_00401D46: lea ecx, var_FC loc_00401D4C: push eax loc_00401D4D: lea edx, var_DC loc_00401D53: push ecx loc_00401D54: lea eax, var_CC loc_00401D5A: push edx loc_00401D5B: lea ecx, var_BC loc_00401D61: push eax loc_00401D62: lea edx, var_AC loc_00401D68: push ecx loc_00401D69: lea eax, var_9C loc_00401D6F: push edx loc_00401D70: lea ecx, var_8C loc_00401D76: push eax loc_00401D77: lea edx, var_7C loc_00401D7A: mov esi, [00401008h] ; loc_00401D80: push ecx loc_00401D81: lea eax, var_6C loc_00401D84: push edx loc_00401D85: lea ecx, var_5C loc_00401D88: push eax loc_00401D89: lea edx, var_4C loc_00401D8C: push ecx loc_00401D8D: lea eax, var_3C loc_00401D90: push edx loc_00401D91: lea ecx, var_2C loc_00401D94: push eax loc_00401D95: push ecx loc_00401D96: push 0000000Eh loc_00401D98: call loc_00401D9A: add esp, 0000003Ch loc_00401D9D: mov ecx, 80020004h loc_00401DA2: mov eax, 0000000Ah loc_00401DA7: cmp bx, di loc_00401DAA: mov var_54, ecx loc_00401DAD: mov var_5C, eax loc_00401DB0: mov var_44, ecx loc_00401DB3: mov var_4C, eax loc_00401DB6: jz 401E26h loc_00401DB8: mov ebx, [0040107Ch] ; loc_00401DBE: lea edx, var_12C loc_00401DC4: lea ecx, var_3Cceea ce e destul de complicat dar nu imposibil..asta fara bruteforce.. fiind din 7 caractere se rezolva repede prin bruteforce.. da' n-are farmec. Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 Incearca cum vrei, desi nu stiu cat te va mai ajuta brute force la urmatoarele FindMe-uri. Quote
em Posted August 30, 2011 Report Posted August 30, 2011 Pentru #3 se accept? ?i patch? Sau scopul principal e s? g?sim parola? Quote
pelican Posted August 30, 2011 Report Posted August 30, 2011 1 nu a fost facut prin bruteforce.. desi merg usor a fost rezolvat astfel: loc_00401C35: call [00401014h] ; loc_00401C3B: mov eax, var_18 loc_00401C3E: push eax loc_00401C3F: push 00401A00h ; "samsung" loc_00401C44: call [00401050h] ; StrReverse loc_00401C4A: mov edx, eax loc_00401C4C: lea ecx, var_1C loc_00401C4F: call [00401084h] ; Si inca ceva.. din ce am vazut eu.. cred ca la 3 e generat un random pentru fiecare rulare separata? sau e un seed fix? Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 (edited) Nu e nici un random. Acel random care l-ai gasit e degeaba acolo Nu se accepta path-uri. Trebuie aflata parola.EDIT : @em #2 l-ai facut ? Edited August 30, 2011 by Wav3 Quote
em Posted August 30, 2011 Report Posted August 30, 2011 Patched1) https://rapidshare.com/files/440833874/FindMe1_patch.exe Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 Patched1) https://rapidshare.com/files/440833874/FindMe1_patch.exeAaa, pff, nu se accepta asa ceva. Ideea e sa gasesti parola nu sa ajungi la mesajul "Correct". Scuze, nu intelesesem bine. Quote
em Posted August 30, 2011 Report Posted August 30, 2011 La 2 este ambalaj, dar nu în?eleg exact ce se întâmpl? in spate. (Adic? ce cod ai scris s? formeze cuvântul, cert e c? nu e declarat, ci format de ni?te loopuri). Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 A zis pelican mai susloc_00401C8C: call arg_1 = arg_3 & Chr(arg_2) loc_00401C8E: lea ecx, var_3C loc_00401C91: push 0000006Dh loc_00401C93: push ecx loc_00401C94: call arg_1 = arg_3 & Chr(arg_2) loc_00401C96: lea edx, var_5C loc_00401C99: push 00000062h loc_00401C9B: push edx loc_00401C9C: call arg_1 = arg_3 & Chr(arg_2) loc_00401C9E: lea eax, var_7C loc_00401CA1: push 00000061h loc_00401CA3: push eax loc_00401CA4: call arg_1 = arg_3 & Chr(arg_2) loc_00401CA6: lea ecx, var_9C loc_00401CAC: push 0000006Ch loc_00401CAE: push ecx loc_00401CAF: call arg_1 = arg_3 & Chr(arg_2) loc_00401CB1: lea edx, var_BC loc_00401CB7: push 00000061h loc_00401CB9: push edx loc_00401CBA: call arg_1 = arg_3 & Chr(arg_2) loc_00401CBC: lea eax, var_DC loc_00401CC2: push 0000006Ah loc_00401CC4: push eax loc_00401CC5: call arg_1 = arg_3 & Chr(arg_2)E Chr() din ascii-ul fiecarei litere. Nimic mai mult..Rezolvati si #3 sau pun alt #3 si mutam #3-ul curent mai departe ? E putin mai greu.. Quote
Wav3 Posted August 30, 2011 Author Report Posted August 30, 2011 Da. La #2 este ambalaj.Este format din caracterul ascii-ului fiecarui caracter .. Quote
Wav3 Posted August 31, 2011 Author Report Posted August 31, 2011 Perfect.#1 pelican#2 em#3 3348399Urmeaza sa pun urmatoarele 3 FindMe-uri, dar asta vineri seara sau sambata ziua mai probabil. Au inceput restantele... Quote
pelican Posted August 31, 2011 Report Posted August 31, 2011 la #3 sunt adunate codurile ascii astfel iesind alte caractere?ca in program apar codurile pentru : 36h 6c0h ÀECh ìA8h ¨D4h ÔC0h ÀD0h ÐC8h ÈECh ì64h d74h t24h $68h hC8h ÈE4h äF6h ö36h 648h H61h a68h h2Ch ,7Ch |A8h ¨64h d31h 140h @4Ch L24h $4Ch L38h 8F5h õC9h ÉECh ìECh ìsi sunt mai multe caractere puse unul langa altul.. nu prea am inteles..@3348399 - ai putea sa ne spui si noua cum ai facut @Wav3 - cum se putea rezolva #3? Quote
flux Posted August 31, 2011 Report Posted August 31, 2011 eu doar rezolv.tot ce aveti nevoie e in olly Quote
