App 17!

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: App 17!

Post by firestormxxx on Tue Dec 06, 2011 8:08 pm
([msg=63217]see Re: App 17![/msg])

I think theres a bug with app17

in the program, i got the password and it said congratz.
Next, i try to enter it in on the site, site tells me the password is invalid.

is there something wrong with the site?
firestormxxx
New User
New User
 
Posts: 1
Joined: Tue Dec 06, 2011 8:04 pm
Blog: View Blog (0)


Re: App 17!

Post by NightQuest on Thu Dec 08, 2011 4:35 pm
([msg=63245]see Re: App 17![/msg])

It's a bug with the website, the program works fine (unlike app 18, where there actually is a bug with the app last I checked).
The PHP implementation of the algorithm needs remade, using standard datatypes - PHPs generic datatype allows too much overhead so it never rolls-over (post 32-bit unsigned int, for instance), which the algorithm relies on.

I'm sure if you email an admin they can give you credit if you provide your key - they should have an internal keygen that they can check it against.

PS: Why am I here? O_o
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Re: App 17!

Post by mShred on Fri Dec 09, 2011 1:12 am
([msg=63252]see Re: App 17![/msg])

NightQuest wrote:PS: Why am I here? O_o

Because the forums are where it's at..
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1716
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: App 17!

Post by m0r0 on Wed Dec 28, 2011 9:54 am
([msg=63447]see Re: App 17![/msg])

There's really a bug in a program. On some usernames it is imposible to generate password at all. For example, my nick m0r0. I have a password in a format: HTS-120F-31XX, where XX is a hex-value. When program tries to calculate the last part it tries to substruct 31 (the last part it has been calculated) from the 30 (that is ASCII code of last character in my username). It is done by sub esi, eax instruction. Here we have sign overflow and the result value after some other operations would be FF9FFFFF. It is compared with XX and surely it is always wrong

I tried every possible combinations on the site itself but didn't succeed. It's really a bug, what can I do????
m0r0
New User
New User
 
Posts: 1
Joined: Fri Jun 20, 2008 2:35 am
Blog: View Blog (0)


Re: App 17!

Post by DarkhX0r on Fri Jan 06, 2012 3:51 pm
([msg=63573]see Re: App 17![/msg])

When is the bug on the website gonna be fixed so that it accepts the serials?

-DarkhX0r
DarkhX0r
New User
New User
 
Posts: 2
Joined: Wed Jan 04, 2012 8:54 pm
Blog: View Blog (0)


Re: App 17!

Post by fancy__04 on Thu May 10, 2012 7:04 am
([msg=66252]see Re: App 17![/msg])

I have the same issue - the apps says congratulations but the website doesn't accept the serial/password.
To whom I can address this issue?

Thanks.
fancy__04
New User
New User
 
Posts: 1
Joined: Wed May 02, 2012 6:32 am
Blog: View Blog (0)


Re: App 17!

Post by LoGiCaL__ on Thu May 10, 2012 10:49 am
([msg=66255]see Re: App 17![/msg])

fancy__04 wrote:I have the same issue - the apps says congratulations but the website doesn't accept the serial/password.
To whom I can address this issue?

Thanks.


Hey fancy__04, it's a known reported bug issue. When it is taken off the bug list I will update in this topic. I can't say exactly when this will be fixed as there are other things going on right that take priority over this.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: App 17!

Post by -Ninjex- on Wed Jan 09, 2013 8:12 pm
([msg=72156]see Re: App 17![/msg])

I was wondering if there was a bug in this?
Since my username is -Ninjex- (I guess the -'s are throwing it for a loop)

I manage to be able to put any name without special characters into my keygen and produce the right key.
When testing it with your program, it says congratulation try it on HTS.
Works for all names without special characters, any idea; or is it a a problem with my keygen do you think?

I can also provide proof via sending mods / admins the passwords associated to their names.
Assuming the mods/admins have completed the challenge
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1306
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: App 17!

Post by fashizzlepop on Wed Jan 09, 2013 8:40 pm
([msg=72157]see Re: App 17![/msg])

Looking at previous posts, it appears there is definitely a bug but not necessarily along the lines you're seeing. I can check into this for you though and see what the ETA on fixing it is (probably isn't one meaning it's probably not high on the list but I will check anyways).

IRC is a good place to find up to date information on things like this.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: App 17!

Post by -Ninjex- on Wed Jan 09, 2013 8:46 pm
([msg=72158]see Re: App 17![/msg])

fashizzlepop wrote:Looking at previous posts, it appears there is definitely a bug but not necessarily along the lines you're seeing. I can check into this for you though and see what the ETA on fixing it is (probably isn't one meaning it's probably not high on the list but I will check anyways).

IRC is a good place to find up to date information on things like this.


Thanks, I will be awaiting for your response.
As I said, when I run the keygen for any name without those characters, and use it with the application, it says it works.
Is it weird that IRC's actually frighten me?
I may check into the IRC though, *fingers crossed*
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1306
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


PreviousNext

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests