App 12, the most annoying thing ever

Hi, i've been working on App 12 for ages now and i still can't figure out what to change:angry:

any help, ideas or Hints!!!! thanks

Easy way to do it is brute force it 1-10 chars(hint). Can't patch this one;)

oh gee thanks, Uberon said that i had to change a jnz to something else using olly db, does any one have any ideas what that might be

If you try to reverse eng. this one by changing jnz to jz it will accept any answer but not the right one. Brute forcer takes less than a minute if done right:D

i've tried a buteforcer before on this but i don't think i did it right this is my code i used in c#:

        {
            for(int i=600;i<1000000000;i++){
                if (stop)
                {
                    break;
                }
                string command = "/C " + i;
                this.number_txt.Text = "" + i;
                System.Diagnostics.ProcessStartInfo psi =
                    new System.Diagnostics.ProcessStartInfo(@"app12.exe", command);
                psi.RedirectStandardOutput = true;
                psi.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
                psi.UseShellExecute = false;

                System.Diagnostics.Process listFiles;
                listFiles = System.Diagnostics.Process.Start(psi);

                System.IO.StreamReader myOutput = listFiles.StandardOutput;

                listFiles.WaitForExit(2000);

                if (listFiles.HasExited)
                {
                    string output = myOutput.ReadToEnd();
                    int p;
                    float a;
                    a = i / 1000000000 * 100;
                    p = (int)a;
                    bar1.Value = p;
                    this.processResults.Text = "" + p + "% Percent done.";
                    if (!output.Contains("Wrong password"))
                    {
                        MessageBox.Show("Got it: " + i);
                        break;
                        this.processResults.Text = output;
                    }
                }
            }
        }```

You don't need to brute force app12, you only need to look at one line of asm code- it's extremely simple and doesn't deserve to be the final app challenge (besides app extra).

yea i know which line it is but i have no idea what to change it to :xx:

WizardOfAus ….. gave u the hint……

app12 is the easiest…

dont overthink the challenge, just becoz its the last app it does'nt mean it has to be tough…and there is absolutly no need for brute forcing….patching etc… or even applying break points. once u understand…"WizardOfAus" hint.. u'll do it it less than 2mins.. or may be less like me….

Happy Craking

PS:Think, like it was the easiest app,how would the app check for the pass

I agree ^^ this one was one of the easiest app cracking challenges, the only thing required is a tiny bit of ASM knowledge. What I said was that changing the common JNZ > JZ or vice versa isn't the right thing to do here, you only have to use a different kind of comparison… ;)

WizardOfAus wrote: You don't need to brute force app12, you only need to look at one line of asm code- it's extremely simple and doesn't deserve to be the final app challenge (besides app extra).

ROFL, the apps go in order of submission you retard.

^^ Well it's ranked 2nd hardest by the points system, so it's obviously supposed to be one of the 'hardest'- Pfffttt hard!? Your just pissed cause you wrote an easily crackable app.

And to think you were just so kind to me, helping with real 16 about 15 minutes ago- now your calling me a retard.

Oh well I don't think I'm going to get a reply from the last PM I sent you.

I can see why they give it some extra points though, since it forces you to think a bit different than usual (which seems to trouble many people :p)

Thanks for all the help but i just don't get any luck, i searched on google for anything about using another cmp command but i just can't figure out how to do it:(

You have to change nothing becouse the app dont give us a pass but say use the same code on the app page to get points. So you have to find the pass in the code. The CMP command compare two values, the password and your entry. After there are a jump –>JNZ somewhere. If the values are equals so u guessed the password, JNZ is not taken and you can see the message Congrats, use the same code bla bla bla. Find the CMP where the app compare your entry to the password. A good hint is that the CMP is near the JNZ that jump to the ascii "incorrect password". Think hex and read more about asm. Hope this help.

hmm…., i'll think about it… what do you mean by hex, how is that going to help?

Its useful even translate the hex values when you are in trouble cracking. Maybe somethimes you'll see numbers or letters if you translate the hex values.

WizardOfAus wrote: ^^ Well it's ranked 2nd hardest by the points system, so it's obviously supposed to be one of the 'hardest'- Pfffttt hard!? Your just pissed cause you wrote an easily crackable app..

you can obv see he didn't try to write a difficult app it was simply something like

printf("first message"); asd = scanf(); if(asd == correctAnswer) //its a value but i'm obv not gonna write it here { printf("correct answer message"); } else { printf("you fail"); } system("pause"); // sorry i forgot this

maybe if you had a clue, you would have understood that he hadn't even tried.

i understand that this is a very simple challenge, just a matter of finding the hex encoded (possibly) password in the asm and tapping it in, however i cannot find the jump location after the CMP (or basicly what it compares to)