suid
Hello, I am suid. I am 21 years old and getting my CS degree. I have been throwing my skills at the challenges for a while now, but after reading a couple other members' intros I decided I guess I should post my own. I normally remain a floater on sites, sampling the challenges every once and a while but rarely posting much. I hardly ever create my own threads with questions. I feel finding answers on my own is a much better and more creative way of learning.
1) What languages do you speak? Regarding spoken languages, English is the only one I consider myself able to speak. As for programming, I have written several complex programs in C and some lesser complex programs in PHP and Javascript. Every now and then I get a kick out of messing around with ASM and shellcoding. I just recently starting playing with Brainfuck for fun.
2) How did you find the site? I believe it was a long time ago maybe I had a friend, epoch_qwert, mention this site [or it may have been someone else (it was a long time ago)] to me.
3) What made you want to learn how to hack? Originally I wanted to learn how to program and eventually I found out you could do things to the code that made it blow up. It was love at first segfault.
4) What do you want to learn? I am getting more and more interested in secure web development and I hope to learn better ways of looking at PHP code as it goes from my head to my fingers.
5) How long have you been interested in computers? What keeps you interested in them? It's been 5 or 6 years now I've been programming. About 2 or 3 years I've been into computer security. It's like food for my brain, so I stay interested.
I've been using Linux for a couple years now as well and I plan on continuing to do so.
suid wrote: I normally remain a floater on sites, sampling the challenges every once and a while but rarely posting much.
I was like this too until a few months ago.
That's a nice selection of languages you know there, but why learn Brainfuck when you spend your time learning Python? :D
Anyway, welcome to HBH!
starofale wrote:
That's a nice selection of languages you know there, but why learn Brainfuck when you spend your time learning Python? :D
Anyway, welcome to HBH!
I had looked into Python for a little while at one time. It's nice with all the modules that can help do a lot of the work. It never really stuck with me though.
dragon647 wrote: Welcome =]
Python is not boring, and it can do a lot of things. I like this language! But to understand computer, C is a key language…
I love how everyone on this forum talks about ASM/C/C++ and I bet most of them don't even understand an easy AutoIt (considered as one of the most simple languages) script I made.
Heres one of mine, and I would love to hear what it does and what it is supposed to achieve. It is even commented so you shouldn't have to think too hard. Durrrrrrrr. If you can answer that, without Googling for hours, you can talk about low-level languages such as C or ASM. Otherwise please learn how to program yourself first before recommending things.
Dim $sTitle = ''
Dim $iPID = WinGetProcess($sTitle)
Dim $sPath = _ProcessGetLocation($iPID)
#cs
Waarschijnlijke Base 8B0D(.{8})898D40F1FFFF6A01
Registers EAX,EBX,ECX,EDX,ESI,EDI,EBP,ESP,EIP
ESI Register bevat pointers
89 86 - mov [esi+00000000],eax
89 9E - mov [esi+00000000],ebx
89 8E - mov [esi+00000000],ecx
89 96 - mov [esi+00000000],edx
89 B6 - mov [esi+00000000],esi
89 BE - mov [esi+00000000],edi
89 AE - mov [esi+00000000],ebp
89 A6 - mov [esi+00000000],esp
#ce
; 00455811 - 89 8E C0040000 - mov [esi+000004C0],ecx
; 00455817 - 8B 57 10 - mov edx,[edi+10]
MsgBox(0, '', _FindPattern($sPath, '898E(.{8})8B5710'))
; 0045581A - 89 96 C4040000 - mov [esi+000004C4],edx
; 00455820 - 8B 47 20 - mov eax,[edi+20]
MsgBox(0, '', _FindPattern($sPath, '8996(.{8})8B4720'))
; 004557F6 - 89 8E 80040000 - mov [esi+00000480],ecx
; 004557FC - 8B 57 0C - mov edx,[edi+0C]
MsgBox(0, '', _FindPattern($sPath, '898E(.{8})8B570C'))
; 004557FF - 89 96 84040000 - mov [esi+00000484],edx
; 00455805 - 8B 47 1C - mov eax,[edi+1C]
MsgBox(0, '', _FindPattern($sPath, '8996(.{8})8B471C'))
; 00455823 - 89 86 40050000 - mov [esi+00000540],eax
; 00455829 - 8A 47 02 - mov al,[edi+02]
MsgBox(0, '', _FindPattern($sPath, '8986(.{8})8A4702'))
; 0041E56F - 89 86 3C050000 - mov [esi+0000053C],eax
; 0041E575 - 8B 4F 08 - mov ecx,[edi+08]
MsgBox(0, '', _FindPattern($sPath, '8986(.{8})8B4F08'))
; 004557D2 - 89 86 78040000 - mov [esi+00000478],eax
; 004557D8 - 8A 4F 03 - mov cl,[edi+03]
MsgBox(0, '', _FindPattern($sPath, '8986(.{8})8A4F03'))
; 004557E4 - 89 96 88040000 - mov [esi+00000488],edx
; 004557EA - 8B 47 18 - mov eax,[edi+18]
MsgBox(0, '', _FindPattern($sPath, '8996(.{8})8B4718'))
; 004557ED - 89 86 8C040000 - mov [esi+0000048C],eax
; 004557F3 - 8B 4F 04 - mov ecx,[edi+04]
MsgBox(0, '', _FindPattern($sPath, '8986(.{8})8B4F04'))
Func _Ci($ID)
Local $ALLOCMEM, $OPCODE, $buffer, $BYTES, $THREAD, $RET
Local $RBASE_ADDRESS = 0x00AE44C4, $FCALL_ADDRESS = 0x006460F0
#cs
00464EAD - A1 C444AE00 - mov eax,[00AE44C4] : [00AE4B68]
00464EB2 - 57 - push edi
00464EB3 - 8B 48 20 - mov ecx,[eax+20]
00464EB6 - 81 C1 EC000000 - add ecx,000000EC
00464EBC - E8 2F121E00 - call 006460F0
#ce
; Geheugen toewijzen
$ALLOCMEM = DllCall($KERNEL32, 'int', 'VirtualAllocEx', 'int', $MEM_HANDLE[1], 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
$OPCODE &= '60' ; PUSHAD
$OPCODE &= 'A1' & _DecToBytes($RBASE_ADDRESS) ; mov eax, [00AE44C4]
$OPCODE &= '68' & _DecToBytes($ID) ; push id
$OPCODE &= '8B4820' ; mov ecx, [eax+0x20]
$OPCODE &= '81C1' & _DecToBytes(0xEC) ; add ecx,000000EC
$OPCODE &= 'E8' & _DecToBytes(0x00646360) ; call 00646360
$OPCODE &= '61C3' ; POPAD, RET
; Zet ASM code in een DLL struct, DLL struct is nodig voor WriteProcessMemory
$buffer = DllStructCreate('byte[' & (StringLen($OPCODE) / 2) & ']')
For $BYTES = 1 To DllStructGetSize($buffer)
DllStructSetData($buffer, 1, Dec(StringMid($OPCODE, ($BYTES - 1) * 2 + 1, 2)), $BYTES)
Next
; Schrijf het DLL struct in het toegewezen geheugen
DllCall($KERNEL32, 'int', 'WriteProcessMemory', 'int', $MEM_HANDLE[1], 'int', $ALLOCMEM[0], 'int', _
DllStructGetPtr($buffer), 'int', DllStructGetSize($buffer), 'int', 0)
; Ten uitvoer leggen van onze ASM code
$THREAD = DllCall($KERNEL32, 'int', 'CreateRemoteThread', 'int', $MEM_HANDLE[1], 'int', 0, 'int', 0, _
'int', $ALLOCMEM[0], 'ptr', 0, 'int', 0, 'int', 0)
; Wacht tot code klaar is met uitvoeren en sluit thread
Do
$RET = DllCall($KERNEL32, 'int', 'WaitForSingleObject', 'int', $THREAD[0], 'int', 50)
Sleep(250) ; We willen niet dat dit fout gaat, zie onderstaande
Until $RET[0] <> 258
; Vrij toegewezen geheugen, we willen geen geheugen lekken, toch?
DllCall($KERNEL32, 'int', 'CloseHandle', 'int', $THREAD[0])
DllCall($KERNEL32, 'ptr', 'VirtualFreeEx', 'hwnd', $MEM_HANDLE[1], 'int', $ALLOCMEM[0], 'int', 0, 'int', 0x8000)
EndFunc ;==>_Target
Func _FindPattern($sPath, $dBytes)
Local $aBytes, $dRet
$aBytes = StringRegExp(_GetBinary($sPath), '(' & $dBytes & ')', 1)
$dRet = '0x' & _ReverseBytes($aBytes[1])
Return $dRet
EndFunc ;==>_FindPattern
Func _ReverseBytes($dBytes)
Local $dOut, $i
For $i = (StringLen($dBytes) + 1) To 0 Step -2
$dOut &= StringMid($dBytes, $i, 2)
Next
Return $dOut
EndFunc ;==>_ReverseBytes
Func _GetBinary($sPath)
Local $hFile = FileOpen($sPath, 16), $dData
$dData = FileRead($hFile, FileGetSize($sPath))
FileClose($hFile)
Return $dData
EndFunc ;==>_GetBinary
Func _ProcessGetLocation($iPID)
Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID)
If $aProc[0] = 0 Then Return SetError(1, 0, '')
Local $vStruct = DllStructCreate('int[1024]')
DllCall('psapi.dll', 'int', 'EnumProcessModules', 'hwnd', $aProc[0], 'ptr', DllStructGetPtr($vStruct), 'int', DllStructGetSize($vStruct), 'int_ptr', 0)
Local $aReturn = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'hwnd', $aProc[0], 'int', DllStructGetData($vStruct, 1), 'str', '', 'int', 2048)
If StringLen($aReturn[3]) = 0 Then Return SetError(2, 0, '')
Return $aReturn[3]
EndFunc ;==>_ProcessGetLocation```
MolesteD_ wrote: I love how everyone on this forum talks about ASM/C/C++ and I bet most of them don't even understand an easy AutoIt (considered as one of the most simple languages) script I made. Just because someone doesn't know one language (AutoIt) doesn't mean they can't recommend other languages (C).
MolesteD_ wrote: an easy AutoIt … script I made. You can't say it's an easy script to understand if it's dealing with the opcodes directly. I'm sure lots of that script is using some Windows APIs as well, so you can't expect people to know that without looking it up unless they program specifically for Windows all the time.
MolesteD_ wrote: It is even commented so you shouldn't have to think too hard. … but the comments aren't in English
Finally, I recommend learning C for anyone who doesn't already know it.
MolesteD_ wrote: I love how everyone on this forum talks about ASM/C/C++ and I bet most of them don't even understand an easy AutoIt (considered as one of the most simple languages) script I made.
Heres one of mine, and I would love to hear what it does and what it is supposed to achieve. It is even commented so you shouldn't have to think too hard. Durrrrrrrr. If you can answer that, without Googling for hours, you can talk about low-level languages such as C or ASM. Otherwise please learn how to program yourself first before recommending things.
Yeah, everyone who talks about C or ASM should have completely memorized AutoIt syntax and functions. And they should know what function is at address 0x00646360 of some program they don't have, obviously. And they must know Dutch (this is essential). And they must use 32-bit Windows. And they don't have to know any C. If all these fucktarded conditions are met, only then can an individual talk about C or ASM.
Apparently MolesteD_ likes to play Perfect World: http://www.elitepvpers.com/forum/pw-hacks-bots-cheats-exploits/674919-mob-item-listings.html#post6229462 (look for the SelectMob function). The code seems to be part of a bot made for the game. It searches in a running process for assembly instructions using regular expressions to find the right byte sequences and then displays the found bytes. The _Ci function (which isn't called at all in the sample code) would be used to manipulate a value associated with a certain in-game mob using a call to a function that we do not have access to. It's a bit jerkish to give sample code meant to test people when it's clearly incomplete and is meant to be used with a particular application that most people don't have. That's essentially like showing a PCB with a microcontroller to an electrical/computer engineer and asking them what it does, without showing them any code.
I guess some people like to think that making bots for MMORPGs makes them special but they need some extra convincing from external parties so they post their code for others to see, hoping to get the attention they need so that they can keep feeling special.
suid wrote: Hello, I am suid. I am 21 years old and getting my CS degree. I have been throwing my skills at the challenges for a while now, but after reading a couple other members' intros I decided I guess I should post my own. I normally remain a floater on sites, sampling the challenges every once and a while but rarely posting much. I hardly ever create my own threads with questions. I feel finding answers on my own is a much better and more creative way of learning.
That sounds like a great way of learning, but the forums are nice in moderation because they can offer more specialized and direct assistance. There are definitely more people that need to learn your method though ;)
Nice intro, and welcome to HBH. :happy:
@SlimTim10: Lol, I love reading shit like that.
SlimTim10 wrote: It searches in a running process for assembly instructions using regular expressions to find the right byte sequences and then displays the found bytes. The _Ci function (which isn't called at all in the sample code)
Any good programmer would simply understand this piece of code whether you like it or not. Yes, you might have to be familiar with the Windows API, but how can you possibly think you're remotely good with security when you don't even know the API of the most common operating system on this planet.
Like you said, the _Ci function is not called in that script, therefore it is not nessecary to know whats at 0x00646360.
I'm unsure why you would require Dutch to read comments such as; ; 004557D2 - 89 86 78040000 - mov [esi+00000478],eax ; 004557D8 - 8A 4F 03 - mov cl,[edi+03]
It's a bit jerkish to give sample code meant to test people when it's clearly incomplete and is meant to be used with a particular application that most people don't have. It does what it has to do, it looks for new offsets, and it finds them, returns them. How is it incomplete? Because i'm not calling a function that would be fully implenmented in the next version?
And you would look for offsets like this, in any application (if you want them automatically updated, after patches). Therefore, it is not required to have any knowledge of this specific application, whatsoever.
Your comment is hilarious, especially the part where you complain about the syntax. I mastered 8 languages, and i'm familiar with over 15, and i'm pretty sure every good programmer would know about the same, or more. They shouldn't have problems with the syntax of any language.
@OP: Welcome to HBH!
@SlimTim10: Why do I not know you? You make most beautiful posts I have ever seen. ♥
@MolesteD_: I don't like you. Nothing personal.