Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

ghost's Avatar
0 0

HI all

I have managed to patch app 10 :evil:

but the password it shows on the alert box seems to be wrong..

The password for HBH is TmljZSBUcnk=

54 68 61 74 20 69 73 20 6e 6f 74 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 61 62 6f 76 65

I have checked the patched app in olly and it all seems ok..

any ideas..


ghost's Avatar
0 0

the application shows an incorrect password because patching the program alters the original flow of itself… I think you must go through another way… in ollydbg just watch what the program do from 0040111A to 0040131F (I think it's not a spoiler) with a known password and see what is supposed to be in output…


ghost's Avatar
0 0

thatsflash, Did you make any progress?

I cant figure out how to do it … =(


ghost's Avatar
0 0

I'll try and keep the spoilers to a minimum.

Assuming you're using Olly, you'll have a few things on hand. One of which is the hex string you're supposed to match… If you're like me, you used your hex editor and patched that string to make it match whatever garbage you typed into the app and cross-referenced with Olly. While the results weren't the password, they did clue us in on something just as useful. The encryption applied to our input is reversible – it can encrypt AND decrypt.

Now, armed with that knowledge, we can discover what kind of algorithm is being used to encrypt/decrypt our input. Don't overcomplicate this one, as it's really very basic.

Once you've got that last piece of information, it's simply a matter of taking the information we DO know, and using it to find what we don't.

I wrote myself a little C program to do the work for me, as I'm not all that speedy with binary math :)


Uber0n's Avatar
Member
0 0

Just to let you know, you don't have to use anything else than Olly. (I didn't have to anyway :happy: )


ghost's Avatar
0 0

yea i only used olly too


ghost's Avatar
0 0

why did you use base64?