sablefoxx Posted October 21, 2007 Share Posted October 21, 2007 Okay, so i wrote this little app in C, all it does it ask for a password. I showed it to my friend and he asked "ok well how do you hack the password" I have had no luck, I did a quick search through the forums and couldn't find anything, I don't even know if this is possible (to go from .exe > src). If it is, if you could point me in the direction of a nice tutorial or just point me in the right direction that would be great, tried OllyDBG din really know how to use it. Also if its not possible to get src code then is there another route to obtain the password? -Download Compiled w/src Here: http://www.mediafire.com/?2tftsnjzerg -Here is the src code (don't cheat): // --------------------------------Version-2.0---------------------------------- #include <stdio.h> #include <conio.h> int main(void) { { int i, j; while(1) { //thx TomB char run[] = "lamepassword"; //set password here char checkit[80]; system("title System Login --By SableFoXx"); system("cls"); printf("Authentication Required!n"); printf(">> "); for(i=0; i<80; i++) { //chr limit 80 checkit[i] = getch(); if(checkit[i] == 'r') { checkit[i] = '0'; break; } else { printf("*"); } } if(!strcmp(run, checkit)) { system("cls"); system("color a"); printf("nnnnnnnnn"); printf("============================================================================ ===n"); printf(" * Access Granted *n"); printf("============================================================================ ===n"); printf("nnnnn"); system("pause"); system("cls"); system("color f"); /* -------------------------CODE-START--------------------------- */ printf("You Win! nPlease wait while a party official comes to collect you for your party. :)n"); printf(">>Regards, SableFoXx<< n"); system("pause"); return 0; /* --------------------------CODE--END--------------------------- */ } else { system("cls"); system("color c"); printf("nnnnnnnnn"); printf("============================================================================ ===n"); printf(" * Access Denied *n"); printf("============================================================================ ===n"); printf("nnnnn"); system("pause"); system("cls"); system("color f"); } }}} thx, SableFoXx Quote Link to comment Share on other sites More sharing options...
Silva Posted October 21, 2007 Share Posted October 21, 2007 Well it's impossible to decompile the program into the original source code. OllyDbg dissembles it into ASM code and then you can "hack" it. I don't really have much experience with asm but if you NOP the jump on line 00401387 it will accept any password. If you look up two lines from that address you can see a call being made to strcmp under that a TEST EAX EAX which I can only assume is comparing the user string with the password string and then the line which you are noping is a JNZ which in the case means jump if they aren't equal(JNZ actually stands for jump if not zero). Hopefully my english was understandable :D. Edit:If you set a breakpoint on line 00401376 you will see the password inside the EDX register. I might comment all the code as far as I understand it soon :). Quote Link to comment Share on other sites More sharing options...
digip Posted October 21, 2007 Share Posted October 21, 2007 Just opening the exe file in notepad reveals the password "lamepassword" Quote Link to comment Share on other sites More sharing options...
K1u Posted October 21, 2007 Share Posted October 21, 2007 Okay, so i wrote this little app in C, all it does it ask for a password. I showed it to my friend and he asked "ok well how do you hack the password" I have had no luck, I did a quick search through the forums and couldn't find anything, I don't even know if this is possible (to go from .exe > src). If it is, if you could point me in the direction of a nice tutorial or just point me in the right direction that would be great, tried OllyDBG din really know how to use it. Also if its not possible to get src code then is there another route to obtain the password? -Download Compiled w/src Here: http://www.mediafire.com/?2tftsnjzerg -Here is the src code (don't cheat): // --------------------------------Version-2.0---------------------------------- #include <stdio.h> #include <conio.h> int main(void) { { int i, j; for(j=0; j<1; j=j+0) { char run[] = "lamepassword"; //set password here char checkit[80]; system("title System Login --By SableFoXx"); system("cls"); printf("Authentication Required!n"); printf(">> "); for(i=0; i<80; i++) { //chr limit 80 checkit[i] = getch(); if(checkit[i] == 'r') { checkit[i] = '0'; break; } else { printf("*"); } } if(!strcmp(run, checkit)) { system("cls"); system("color a"); printf("nnnnnnnnn"); printf("============================================================================ ===n"); printf(" * Access Granted *n"); printf("============================================================================ ===n"); printf("nnnnn"); system("pause"); system("cls"); system("color f"); /* -------------------------CODE-START--------------------------- */ printf("You Win! nPlease wait while a party official comes to collect you for your party. :)n"); printf(">>Regards, SableFoXx<< n"); system("pause"); return 0; /* --------------------------CODE--END--------------------------- */ } else { system("cls"); system("color c"); printf("nnnnnnnnn"); printf("============================================================================ ===n"); printf(" * Access Denied *n"); printf("============================================================================ ===n"); printf("nnnnn"); system("pause"); system("cls"); system("color f"); } }}} thx, SableFoXx Good job! Suggestions: Do not use system calls like that. "for(j=0; j<1; j=j+0)" no need. You can change the window title etc... without using system calls. http://msdn2.microsoft.com/en-us/default.aspx Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted October 21, 2007 Share Posted October 21, 2007 The password is stored in the .data section of the executable, and if it is a simple string it will be plain text in the executable. If you want an infinate loop you should use while (1) for C, and while (true) for C++. Quote Link to comment Share on other sites More sharing options...
Hook5 Posted October 21, 2007 Share Posted October 21, 2007 Lol.. are we doing crackmes now? Got a few crackmes for ya if you are interested :-D Quote Link to comment Share on other sites More sharing options...
The Brain Posted October 22, 2007 Share Posted October 22, 2007 Simply do a "Search for" -> "All referenced text strings" -> " * Access Denied *" in OllyDbg and you'll land at the right place. Scroll a bit up and you'll see the interesting code. Silva said that before: Correct password can be found in register EDX but you could also patch the JNZ. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted October 23, 2007 Author Share Posted October 23, 2007 This is cool, thanks for the help. Got the password and learned a lot! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.