Application 1

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 1

Post by mShred on Thu Mar 17, 2011 7:23 pm
([msg=55198]see Re: Application 1[/msg])

GustavoVC wrote:in notepad ++ its much easier :)

What ever would give you that idea? :o
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1613
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Application 1

Post by gsingh2011 on Wed Mar 30, 2011 3:26 pm
([msg=55758]see Re: Application 1[/msg])

I got it with Notepad++ but why doesn't it work with OllyDBG? None of the important strings came up in olly.

Also, when would a string come up in notepad like that? In other words, how would one have to write the code (or what language to use) in order to have the string come up in notepad and how can one avoid that?
gsingh2011
New User
New User
 
Posts: 11
Joined: Sun Mar 27, 2011 2:14 pm
Blog: View Blog (0)


can't extract .sit

Post by gersty2 on Sat Apr 23, 2011 4:38 pm
([msg=56639]see can't extract .sit[/msg])

stuffit tells me The archive may be damaged.
unarchiver tells me The contents of file "app1mac.sit" can not be extracted with this program.

Im using snow leopard. does it work for anyone else? thanks
gersty2
New User
New User
 
Posts: 1
Joined: Sat Apr 23, 2011 4:30 pm
Blog: View Blog (0)


Re: Application 1

Post by iistapp on Mon May 02, 2011 2:19 pm
([msg=56900]see Re: Application 1[/msg])

Nvm, I figured it out
User avatar
iistapp
Poster
Poster
 
Posts: 133
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: Application 1

Post by Gatito on Mon May 02, 2011 2:40 pm
([msg=56901]see Re: Application 1[/msg])

iistapp wrote:Uhm.. I'm pretty sure I just opened the file in notepad, searched for the phrase "password" and voila, mission complete!<br><br>This is, I don't know maybe a year ago or so, and today I saw a movie about it on youtube, and well I didn't understand why he just opened it in notepad like I did, so I downloaded the application again, and hey, it doesn't work!<br><br>So, what I'm trying to say here, when I completed the mission, simply opening the app with notepad, was that the wrong way to do it and/or a bug?<br><br>If this is too much of a spoiler, please just delete my post and send me a PM :)

Well Application 1 is supposed to be easy, the serial is saved as a constant string. When you enter the serial it compares it with the string, if it matches it does its thing. Because it is saved as a constant string by opening a text editor you can see the string directly. Now in real-life applications the string would be encrypted, hidden etc etc and to find it you would have to use programs which shows how the software works behind the scenes and try reverse engineering the validation.
User avatar
Gatito
Poster
Poster
 
Posts: 113
Joined: Tue Mar 08, 2011 12:55 pm
Blog: View Blog (0)


Re: Application 1

Post by iistapp on Mon May 02, 2011 3:48 pm
([msg=56902]see Re: Application 1[/msg])

Gatito wrote:Well Application 1 is supposed to be easy, the serial is saved as a constant string. When you enter the serial it compares it with the string, if it matches it does its thing. Because it is saved as a constant string by opening a text editor you can see the string directly. Now in real-life applications the string would be encrypted, hidden etc etc and to find it you would have to use programs which shows how the software works behind the scenes and try reverse engineering the validation.


Yea, I did it right the first time :) I just tried it again a few hours ago before posting, but it didn't work, and it was simply because I forgot to unpack the file first, so my bad ^^
User avatar
iistapp
Poster
Poster
 
Posts: 133
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: Application 1

Post by jadsur on Fri May 27, 2011 12:43 pm
([msg=57777]see Re: Application 1[/msg])

Monica wrote:It is highly suggested that you complete Basic missions before attempting Application missions.

If you need help with this mission, make sure you have a legitimate question. Questions like, "How can I find the password?" or "Where do I find the string?" is UNacceptable. Why? Because a.) You're stupid. b.) You obviously want to be spoonfed BECAUSE you're stupid or c.) You want to complete the mission for points because you think you can redeem them for a cheeseburger at McDonalds. I'll tell you what - below is a list of what you may need to know to complete many Application missions. Please note, not all are necessary to complete this particular mission.

In the end, we hope you do learn. That is the point of being here on HTS.

Knowledge May Be Required:
- Code Analysis/Hex-Editing
- ASM Knowledge
- Compiled Languages (i.e. C/C++, VB)
- Interpreted Languages (i.e. PHP, Perl)

Useful Tools:
- Ollydbg
- Decompiler

** P.S. Posting answers and/or spoilers (i.e. mission links, mission file names/gages, scripts/code) will DEFINITELY result in multiple warnings/bans.

The End.

Ok I get what hex editing, compiled languages and interpreted languages all are but what does ASM stand for? I search google and all I found were the American society of microbiology and Advantage sale and marketing which doesn't sound relevant to these challenges.
jadsur
New User
New User
 
Posts: 1
Joined: Fri May 27, 2011 11:58 am
Blog: View Blog (0)


Re: Application 1

Post by Gatito on Fri May 27, 2011 1:40 pm
([msg=57780]see Re: Application 1[/msg])

iistapp wrote:Ok I get what hex editing, compiled languages and interpreted languages all are but what does ASM stand for? I search google and all I found were the American society of microbiology and Advantage sale and marketing which doesn't sound relevant to these challenges.

Assembly.
User avatar
Gatito
Poster
Poster
 
Posts: 113
Joined: Tue Mar 08, 2011 12:55 pm
Blog: View Blog (0)


Re: Application 1

Post by 1234anima on Fri Jun 17, 2011 1:57 pm
([msg=58656]see Re: Application 1[/msg])

Notepad whenever you make your text or basic program is 100% needed. :!: (read monica)

-- Fri Jun 17, 2011 11:01 am --

Notepad advantage and disadvantages:My own point of view!
advantages :(obvious for web developers)
- lightweight
- you can learn coding by typing it one by one - and remember it, so all snippets will be in your head,
- it's not too hard to find any software web coding replacement

disadvantages:(obvious for web developers)
- no auto complete, you will like it when you're doing fast-time limited works
- no syntax hilighting
- and of course no live preview - you must open your browser to view your works frequently

for educational purposes only (read monica)!

-- Fri Jun 17, 2011 3:03 pm --

ASM means "voltron" :shock:
1234anima
New User
New User
 
Posts: 8
Joined: Sun May 10, 2009 8:25 pm
Blog: View Blog (0)


Re: Application 1

Post by fpwns on Fri Jul 08, 2011 10:01 am
([msg=59570]see Re: Application 1[/msg])

I used a hex editor and did a find...what to search for is up to you...

free open source hex editor for windows: http://frhed.sourceforge.net/en/
fpwns
New User
New User
 
Posts: 4
Joined: Wed Jul 06, 2011 2:58 pm
Blog: View Blog (0)


PreviousNext

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests