Jump to content
sulea

crackme pe nivele

By sulea, in Challenges (CTF)

Recommended Posts

Flubber Newbie

Flubber

Posted
Posted
0040A188=crackme.0040A188 (ASCII "Fiti recomand o bucata dintr-o arie dintr-o piesa: /watch?v=WahcTznCRm4")

Dar de parole tot nu am dat...

O sa mai incerc...

Poate asta este mai interesant? O rutina pentru prima parola?


00402B50   /$  83EC 04           SUB ESP,4
00402B53   |.  891C24            MOV DWORD PTR SS:[ESP],EBX                        ;  EBX = 0040B894 | ESP = 0141FF90
00402B56   |.  0FB618            MOVZX EBX,BYTE PTR DS:[EAX]    ; EAX = FFFFFFFD
00402B59   |.  0FB60A            MOVZX ECX,BYTE PTR DS:[EDX]    ; EDX = 0040A0F0
00402B5C   |.  29CB              SUB EBX,ECX
00402B5E   |.  75 0C             JNZ SHORT crackme.00402B6C
00402B60   |.  0FB608            MOVZX ECX,BYTE PTR DS:[EAX]
00402B63   |.  42                INC EDX                                           ;  crackme.0040A0F0
00402B64   |.  40                INC EAX
00402B65   |.  E8 06FCFFFF       CALL crackme.00402770
00402B6A   |.  89C3              MOV EBX,EAX
00402B6C   |>  89D8              MOV EAX,EBX                                       ;  crackme.0040B894
00402B6E   |.  8B1C24            MOV EBX,DWORD PTR SS:[ESP]
00402B71   |.  83C4 04           ADD ESP,4

Poate sulea o sa confirme?

Link to comment
Share on other sites
sulea Newbie

sulea

Posted
  • Author
Posted (edited)

fluber, acea functie compara 2 stringuri. deci vezi de unde se apeleaza si ce se afla in eax si edx inainte sa se apeleze.

cred ca ar fi mai bine sa dau codul sursa pt parolele 2 si 3, sa vad daca va descurcati dupa codul sursa. e mai lesne de invatat ceva in felul asta. deci parola 1 o descoperiti singuri, iar sursa pt parolele 2 si 3 este mai jos. MARE atentie la o mica chichita ;)

	writeln('parola:');
	readln(parola2);
	cat:=length(parola2);
	if cat<2 then goto label1;
	ok:=ord(parola2[cat-1])*2 div 5;
	contor:=0;
	i:=1;
	if (cat<>0) and (cat=ok) then
		while i<=cat do begin
		    if (parola2[i]='â') then inc(contor);
		    i:=i+2;
		end;
	if contor<>3 then goto gresit;
	writeln('curvar completed, mergem mai departe');

	writeln('rank: violator ',chr(3),chr(6));
	write('parola:');
	readln(parola3);
	cat2:=length(parola3);
	if cat2<8 then goto gresit;
	suma:=0;
	for i:=1 to cat2 div 2 do
		suma:=suma+ord(parola3[i]);
	for j:=cat2 downto i+1 do
		suma:=suma+ord(parola3[j])*j;

	while suma<>0 do begin
		back:=suma mod 10;
		if integer(parola2[back])-48<>back then goto gresit;
		suma:=suma div 10;
	end;

	writeln('felicitari!');
	writeln('iti recomand o bucata dintr-o arie dintr-o piesa: /watch?v=WahcTznCRm4');
	goto sfarsit;

	gresit:
	writeln('mai trage un loz! (sau o loaza)');
	sfarsit:
	readln;
end.

e cod in pascal, daca nu stiti gasiti pe cineva sa vi-l traduca in c++ sau alt limbaj de-l stiti.

va astept cu parolele 2 si 3 :)

Edited by sulea
  • Upvote 1
Link to comment
Share on other sites
staticwater Newbie

staticwater

Posted
Posted (edited)

I'm back. :)

Sint n solutii si pentru p2 si pentru p3(n e un numar f. mare). p3 depinde de p2.

1. p2: ?x?x?xxxxxxxxxxxxxxxxxxxxxxxxxxTx

unde:

a. ? ---> Console mode:Alt + 226 sau Win7 Character map:U+0393(0xE2)

b. x ---> ce vreti voi

c. T ---> se poate schimba cu S

2. p3:

daca p2 = ?2?4?00090000000000000000000000T0 atunci p3 =
bbbbbbca

3. Bonus: Sissel - Prince Igor

Edited by staticwater
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...