App Extra & App patching 2

I've successfully completed App Extra & App patching 2, submitted my answers yet not gotten points for these yet.

Who checks them and when can I expect a response?

Also, I have a new challenge which could be usable for both app cracking or app patching which should be a little harder than the trivially simple existing ones if anybody wants to give it a try: http://research.midnight-labs.org/~harryr/crackme.exe

doesnt patch 2 accept a md5 checksum thats either right or wrong, not reviewed by admins?

stdio wrote: doesnt patch 2 accept a md5 checksum thats either right or wrong, not reviewed by admins?

Yes, although there are so many different ways to patch it properly, although the way I did it doesn't match 100% with the way Fros_T envisioned (and thus the md5 hash doesn't match).

The Web Patching challenges have the same issues, for each of those challenges I can think of at least 5 different ways it can be broken and/or fixed.

Just read the directions given by Frost_T, again and again. It is pretty clear. You can pm me with what you are trying.

crashbird wrote: Just read the directions given by Frost_T, again and again. It is pretty clear. You can pm me with what you are trying.

I've now got at least 15 completely different ways of cracking it while still abiding by the "rules", none of which are accepted.

Sod it, here are some of the simpler ones….

00401098     B8 47250000    MOV EAX,2547

or…

004010E5     B8 47250000    MOV EAX,2547
004010EA     90             NOP

lemmingmolester wrote: Sod it, here are some of the simpler ones….

00401098     B8 47250000    MOV EAX,2547

or…

004010E5     B8 47250000    MOV EAX,2547
004010EA     90             NOP

Alright I just got done beating this after several attempts at modifying it with the right answer. First problem you are having, is you are directly changing the value of EAX. you need to change the algorithm in which EAX will become 2547. The last bit takes a bit of guessing until you get it right, but theres only a handful of logical choices here, so keep at it until you get it. If you are stuck with the correct return feel free to pm me.

My point is that's how the real world works, the easiest route is taken and any other approach is futile.

markup00401044 BA A1504000 MOV EDX,Patch-2.004050A1 puts the original number into a variable

00401073     A3 BE504000    MOV DWORD PTR DS:[4050BE],EAX
00401078    ^E2 F7          LOOPD SHORT Patch-2.00401071```
looks like the shift right is multipling eax times a certain number, not tough to deduce by looking ahead. Like 0x(eax/2), or something.

So 9543 must be in EAX. I got close once, then quit, I can see that happening again.

sharpskater80 wrote: markup00401044 BA A1504000 MOV EDX,Patch-2.004050A1 ; ASCII "Your initial number is: "

test

??? Yeah Im not going to lie, that post makes absolutely no sense.

I was seeing if the code tags would work, sorry.

sorry to post in an out-dated thread, but I want to put to rest any more comments on my challenge.

1. yes there are many MANY ways of doing it, there's a reason to this.

2. I agree with the "the shortest route is the easiest", but sometimes the shortest route makes you miss all the sights along the way. I designed this challenge to introduce people to practical algorithms (granted very simple) and to code logic itself. There are enough challenges out there where you just NOP and presto its good. I wanted to create something where you actually had to think…like ok the number is now whatever at this point, and the code is doing such and such to it…and then work out what you needed to do to make it the correct number.

3. If anyone still has trouble, I try and get back to them as soon as possible, sometimes that is not very soon, but I will eventually get there.

alright thanks for listening, good luck