App 17!

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

App 17!

Post by Monica on Sat Feb 28, 2009 5:47 pm
([msg=18918]see App 17![/msg])

That's right - we have a new App mission, thanks to NightQuest!

If you have any questions, ASK HERE!


@ NightQuest: Explain about creating a unique key to our HTS userID. ;)
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 899
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: App 17!

Post by NightQuest on Sat Feb 28, 2009 7:06 pm
([msg=18925]see Re: App 17![/msg])

Alright, basically .. this challenge will HOPEFULLY be an introduction to a series of applications about serial numbers, and keygenning.

The idea is like almost any cryptography algorithm - in a way, for every string of text that can possibly exist, a key for that string also exists (no, they're not stored). they should all unique to each other as-well, though, as with MD5, there may be doubles.

So, say you have a user name of .. oh, 'NightQuest' :)
Well, the key for this name, would be completely different then the key for 'Monica'.

What the program does, is it creates a key for your user name, and compares it to the one you enter - Simple enough, right?
Well your goal is to access that key somehow, which has been made very difficult with this particular application.
So, without going to great lengths to get that key, the next solution to nearly any decent reverser would be: to create a keygen.

For those unaware, a keygen is a program that's .. 'calibrated' towards a certain algorithm that a program uses.
The user inputs their user name (or sometimes it's based on their hardware ID - or something else completely) and the program will output a key for the users input.
The user can then use the key generated to register the piece of software, or in this case complete the mission.

The idea behind this is that you'll begin to understand how to create a keygen for the program - Something that anyone in this scene should be VERY aware of.


Hope that helps, and good luck!
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Re: App 17!

Post by Monica on Sat Feb 28, 2009 7:16 pm
([msg=18926]see Re: App 17![/msg])

Well said. Thank you, NightQuest! <3
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 899
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: App 17!

Post by godofcereal on Sat Feb 28, 2009 7:19 pm
([msg=18927]see Re: App 17![/msg])

From what NightQuest said it sounds like a fun challenge. Looking forward to trying it.
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: App 17!

Post by reddie on Mon Mar 02, 2009 3:05 pm
([msg=19060]see Re: App 17![/msg])

is it possible that there is a small bug in it somehow?
I managed to find out my password, and wrote a keygen for it (not really perfect tho, but will do the job)

When i try to input the password on the site it says invalid password, but the program congratulated me and told to enter the password on the site.

perhaps a bug with short nicknames?
reddie
New User
New User
 
Posts: 4
Joined: Sat Feb 28, 2009 1:06 pm
Blog: View Blog (0)


Re: App 17!

Post by NightQuest on Mon Mar 02, 2009 6:28 pm
([msg=19085]see Re: App 17![/msg])

There is a bug, sorry about that.

The length of the password is NOT static.
This has since then been fixed (Though, it's not live yet), and it'll tell you the pass is wrong if the length isn't correct.

Just take off all the padding (the key never ends with a dash, and by padding, I mean say ... 0's) at the end of the key you've made, and it should work.
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Re: App 17!

Post by TheMindRapist on Mon Mar 02, 2009 7:46 pm
([msg=19099]see Re: App 17![/msg])

This was an excellent mission, thanks NightQuest.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: App 17!

Post by reddie on Tue Mar 03, 2009 10:32 am
([msg=19150]see Re: App 17![/msg])

NightQuest wrote:There is a bug, sorry about that.

The length of the password is NOT static.
This has since then been fixed (Though, it's not live yet), and it'll tell you the pass is wrong if the length isn't correct.

Just take off all the padding (the key never ends with a dash, and by padding, I mean say ... 0's) at the end of the key you've made, and it should work.


just tried it and it worked, thanks.

it is a great mission idd, hope some alike will follow
reddie
New User
New User
 
Posts: 4
Joined: Sat Feb 28, 2009 1:06 pm
Blog: View Blog (0)


Re: App 17!

Post by Devoney on Fri Mar 13, 2009 1:27 pm
([msg=19906]see Re: App 17![/msg])

So my username is 'Devoney' so I will HAVE to put in that username to find the correct password right?

I have come to this piece of code:
Code: Select all
004011A5  |> 56             PUSH ESI                                 ;  Push address of username on stack
004011A6  |. E8 75150000    CALL app17win.00402720
004011AB  |. 8BF8           MOV EDI,EAX                              ;  EAX returns to be 7
004011AD  |. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]
004011B0  |. 50             PUSH EAX                                 ;  PUSH address of processed password on stack
004011B1  |. 03FF           ADD EDI,EDI                              ;  Add length of username to length of username
004011B3  |. E8 68150000    CALL app17win.00402720
004011B8  |. 59             POP ECX
004011B9  |. 59             POP ECX
004011BA  |. 3BF8           CMP EDI,EAX                              ;  Compare length of username to 10
004011BC  |. 0F85 F0000000  JNZ app17win.004012B2                    ;  Jumps out of procedure


Or can the password differ from format? The program gives the example format of "HTS-1234-5678-9012-3456". Do I need to attain this format? Because then my username is too short....

Thanks!
Devoney
New User
New User
 
Posts: 10
Joined: Sun Feb 15, 2009 6:34 pm
Blog: View Blog (0)


Re: App 17!

Post by NightQuest on Fri Mar 13, 2009 2:26 pm
([msg=19910]see Re: App 17![/msg])

Devoney wrote:So my username is 'Devoney' so I will HAVE to put in that username to find the correct password right?
Yup

Devoney wrote:Or can the password differ from format?
The format stays the same, but the length of the password (as I stated above) is not static, meaning the length of the password can change, depending on the length of your username.
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Next

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests