App Extra

I'm stuck at this….i've completed all the other apps….

any pointers to how i should start..

Step1:Read Some Tutorial On Assembly Language Step2:Understand The Code Flow Of APP-Extra Step3:Retrive The Password Step4:Help Others..

PS: Don't Get Misguided By looking At My Profile….I've Cracked It…And Submitted My Answer ..For Points…

i read some articles on assembly laguage…. but i still cant carack it….

i've put breakpoints on thoes text references..but still no luck….

Find out..in the application how does it checks for the password length

there r two easy methods…

PS : forget LenStr

the answer is near it….

Can someone give me link for ASM language tutorial. I would need it. Don't say "google for it". Say "here is the link …".

Say "here is the link …".

here is the link …

http://en.wikibooks.org/wiki/X86_Assembly

I remember finding something really useful there when I was trying to learn x86 ASM… but that is all I can give you, I don't have time to find the actual thing right now.

I'm near it, but still can't see it.

UnknownFromHell wrote: Find out..in the application how does it checks for the password length

there r two easy methods…

PS : forget LenStr

the answer is near it….

ok.. i did submit my solution.. but haven't got any points for it.. If i did something wrong.. should i again submit my (edited)answer or should i just wait for the admins to check it out..

if my answer is wrong please notify me so that i correct it..

Answer (Provide the actual answer and how you got to it.):

Are there multiple passwords or just one ? (I have multiple valid 'passwords')

Should be just one if you did it the right way. Your answer should be the same word the program uses.

It is possible to have collisions, but like js 16, there is only 1 right answer.

PS. I submitted my answer a few days ago, so be prepared to wait for it to get checked. That said, it is probably worth being confident that your answer is right, otherwise it will be a waste time for both yourself and the admin checking it.

Johnson wrote: Your answer should be the same word the program uses. I dont' think so ^^ when I beat it, I changed the application's password check function and beat it with a random password ;)

Uber0n wrote: [quote]Johnson wrote: Your answer should be the same word the program uses. I dont' think so ^^ when I beat it, I changed the application's password check function and beat it with a random password ;)[/quote]

Well then it just depends on which methods the admins will accept.

The challenge does state that you're looking for the 'actual' answer, but whatever.

Johnson wrote: Should be just one if you did it the right way. Your answer should be the same word the program uses.

Define 'the right way'…

There are 4 'checkpoints' that are needed for this challenge. (3 of them are checking for the same value)

So there is no way to get the 'exact' password from the program itself. Or do i have to write a bf-script ?

pr2008 wrote:

Define 'the right way'…

There are 4 'checkpoints' that are needed for this challenge. (3 of them are checking for the same value)

So there is no way to get the 'exact' password from the program itself. Or do i have to write a bf-script ?

There is a way to get the actual answer. I made some assumptions when I did it, but would have to think that the result I got is the same.

Don't bother with a bruteforcer just get stuck into how the program actually works.

I'm not sure if this is too much info, and if it is someone can feel free to edit it…

At some point in the program it does specify a set of characters which are used to compare your input against (after it has been manipulated in some way). My answer consisted of finding those characters, and figuring out the order which gave me the correct output.

If you need to know more than that consider PM'ing me.

pr2008 wrote: Or do i have to write a bf-script ? Just as Johnson said; bruteforce is not necessary.

Johnson wrote: It is possible to have collisions, but like js 16, there is only 1 right answer.

The big difference with js16 is that you don't get the 'goodguy' message. (you can find a collision, but it won't go to the correct page; if this crackme was a real application, the passwords i found would be valid.)

pr2008 wrote:

The big difference with js16 is that you don't get the 'goodguy' message. (you can find a collision, but it won't go to the correct page; if this crackme was a real application, the passwords i found would be valid.)

That is a good point. UberOn also cracked this using a different method to what I did. Maybe an admin should clarify if getting the right message is enough to complete the challenge.

Sorry for tagging on to an old thread but how long should it take for admins to check the answer? I submitted my answer two days ago… I reversed this by finding the values of the buttons, a bit of patch led to being able to analyze the code which does include a hard coded password. I saved my patches and it works fine with the password.

Does admin reply, even if they aren't happy with the answer because I would like to know if my working patch is the wrong answer they are looking for.

Thanks, zbert