App 7

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

App 7

Post by sd668 on Fri Apr 25, 2008 6:06 am
([msg=1264]see App 7[/msg])

I am able to get a congratulations string dumped by using ollydbg but it does not work. Looks like it is still encrypted possibly ? any tips ?
sd668
New User
New User
 
Posts: 2
Joined: Fri Apr 25, 2008 12:49 am
Blog: View Blog (0)


Re: App 7

Post by sharpskater69 on Fri Apr 25, 2008 7:15 pm
([msg=1351]see Re: App 7[/msg])

That's because the buffer the password is in is based off your input. Try to follow the variables from where you give input. There is a certain sum you have to make, and you can see that value easily. The real question is what operations are done on your input and how is the sum generated to be checked against that number.
sharpskater69
New User
New User
 
Posts: 34
Joined: Tue Apr 22, 2008 4:10 pm
Blog: View Blog (0)


Re: App 7

Post by sd668 on Mon Apr 28, 2008 1:22 am
([msg=1587]see Re: App 7[/msg])

Thankyou. You have pointed me in the right direction.

Cheers
S.
sd668
New User
New User
 
Posts: 2
Joined: Fri Apr 25, 2008 12:49 am
Blog: View Blog (0)


Re: App 7

Post by int3grate on Wed May 28, 2008 11:07 pm
([msg=3461]see Re: App 7[/msg])

That's because the buffer the password is in is based off your input. Try to follow the variables from where you give input. There is a certain sum you have to make, and you can see that value easily. The real question is what operations are done on your input and how is the sum generated to be checked against that number.


Yeah, this mission was a pain in the ass. Your basically going to have to find a valid key to put in that will make said sum, that will give you your password. Good luck!

Int3grate
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)


Re: App 7

Post by hacksys1337 on Fri Aug 15, 2008 5:19 pm
([msg=9825]see Re: App 7[/msg])

Can anyone help im lost i kind of know where to start but im not familiar with ollydbg but i was able to find the message that states "the password is '%s'" and i try searching the code for %s and im not finding anything. Please help

thanks
hacksys1337
New User
New User
 
Posts: 3
Joined: Thu Jul 24, 2008 11:26 am
Blog: View Blog (0)


Re: App 7

Post by SMK on Sun Aug 17, 2008 7:25 am
([msg=9902]see Re: App 7[/msg])

Can somebody give my a hint on this?
I tried bruteforcing the pass, and currently it's at
the sum of chars=8197104
and still no result. This is insanely big. Should the actual pass be like this?
SMK
New User
New User
 
Posts: 9
Joined: Sat Jul 05, 2008 6:17 am
Blog: View Blog (0)


Re: App 7

Post by muller2008 on Sun Aug 17, 2008 8:25 am
([msg=9908]see Re: App 7[/msg])

Hi, you should have got something like this when you found the "Congratulations, The password is% s"

0040118C |. 817D E8 CA0D0> CMP DWORD PTR SS: [EBP-18], 0DCA
00401193 |. 75 13 JNZ SHORT app7win.004011A8
00401195 |. 8D4D EC LEA ECX, DWORD PTR SS: [EBP-14]
00401198 |. 51 PUSH ECX
00401199 |. 68 94804000 PUSH app7win.00408094; ASCII

"Congratulations, The password is'% s'"

0040119E |. E8 18000000 CALL app7win.004011BB
004011A3 |. 83C4 08 ADD ESP, 8

004011A6 |. EB 0D JMP SHORT app7win.004011B5
004011A8 |> 68 BC804000 PUSH app7win.004080BC; ASCII

What you are looking for to get is something like: 0x2F1
You need to find out its sum and work out the hex of the sum changing into ascii to give you something else.
When you find out this bit you will have the correct password to insert into the question: "Please Enter the Password:" and so on,,,,,,,,,,
muller2008
New User
New User
 
Posts: 37
Joined: Thu Jun 26, 2008 6:45 pm
Blog: View Blog (0)


Re: App 7

Post by SMK on Mon Aug 18, 2008 1:04 am
([msg=9950]see Re: App 7[/msg])

lol, my bruteforcer had some problems, and I didn't clear the 0s :shock:
no wonder it never ended
The mission ended up being really easy :)
What you are looking for to get is something like: 0x2F1

I thought it was a hint, it's true :o
that might make the mission too easy :p
SMK
New User
New User
 
Posts: 9
Joined: Sat Jul 05, 2008 6:17 am
Blog: View Blog (0)


Re: App 7

Post by vivekn on Mon Apr 20, 2009 9:10 pm
([msg=22178]see Re: App 7[/msg])

but the sum is not an ascii total,there is a different algorithm ,each character seems to have a code diff from its ascii one
Most things are easier done than said!
vivekn
New User
New User
 
Posts: 18
Joined: Wed Apr 16, 2008 5:02 am
Blog: View Blog (0)


Re: App 7

Post by struz on Wed Jun 17, 2009 11:33 am
([msg=25481]see Re: App 7[/msg])

Wow. This one was pretty hard. The 0x2F1 hint is really *really* obvious but only after you finish. I ended up writing something that would brute-force the value once I knew how it was calculated and went from there.

I'm going to add a hint for other people who have trouble on this:
You don't need the real password to get the real password.
struz
New User
New User
 
Posts: 2
Joined: Sun Jun 14, 2009 7:01 am
Blog: View Blog (0)


Next

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests

cron