Good at cracking? Crack this file!

Fr0z3N · February 26, 2006, 12:12 AM

Quote from: Topaz on February 26, 2006, 12:08 AM
If you're going to post a request on a public forum, you should be prepared to provide certain things to the public. Idiot.

Thus I am, and unless you can help, why the fuck are you posting here?

hismajesty · February 26, 2006, 02:53 PM

Quote from: Fr0z3N on February 26, 2006, 12:00 AM
Point being? Is it impossible for a human to change their fucking mind? Stop ruining threads and go back to being childish.

Yes because your response was sooooo mature. I wish I could be more like you.

Warrior · February 26, 2006, 07:19 PM

I'd suggest taking a step back and looking at it logically. What do I need to get done and how do I think the programmer did this. Familiarize yourself with a debugger and IDA. Learn simple ASM and get more complex later on etc.. this isn't something done in a few days with zero knowledge. Once you take the time to understand it, you'll have an easier time doing things like this in the future.

Fr0z3N · February 26, 2006, 08:20 PM

I need the DLL unpacked if anyone can do that. I don't know what it was packed with.

LivedKrad · February 27, 2006, 09:21 AM

Quote from: Warrior on February 26, 2006, 07:19 PM
I'd suggest taking a step back and looking at it logically. What do I need to get done and how do I think the programmer did this. Familiarize yourself with a debugger and IDA. Learn simple ASM and get more complex later on etc.. this isn't something done in a few days with zero knowledge. Once you take the time to understand it, you'll have an easier time doing things like this in the future.

I already told him to do that when he messaged me individually on how to do it.

iago · February 27, 2006, 12:02 PM

I *think* that PE Explorer can unpack executables. But I could be wrong. It's worth checking, though.

Additionally, it can be done manually with IDA. The advantage is that it can decode custom encoding schemes (packers, whatever). The disadvantage is that it's a slow process, likely. More information on how to do that can be found in the book Hacker Disassembling Uncovered. In one of the chapters they walk you through decoding an executable with IDA.

Skywing · February 27, 2006, 12:59 PM

HIEW has some nice support for unpacking encrypted/packed executables in that it lets you provide a small assembler program that matches the decryption that the packer does (to run over a sequence).

Fr0z3N · February 27, 2006, 03:18 PM

Quote from: iago on February 27, 2006, 12:02 PM
I *think* that PE Explorer can unpack executables. But I could be wrong. It's worth checking, though.

Additionally, it can be done manually with IDA. The advantage is that it can decode custom encoding schemes (packers, whatever). The disadvantage is that it's a slow process, likely. More information on how to do that can be found in the book Hacker Disassembling Uncovered. In one of the chapters they walk you through decoding an executable with IDA.

I've been using PE Explorer after talking with LivedKrad, maybe I'm not using the right things.

I'll try that, thanks Skywing.

Fr0z3N · February 27, 2006, 05:21 PM

Ok well that didn't help either since it all looked like jibberish.

For sure I've established that:
1) It does authenticate from a website because when the site is down it stopped working
2) I need to worry about the DLL not the exe
3) I was told the DLL needs to be unpacked but I think PE Explorer is doing this for me

Warrior · February 27, 2006, 05:30 PM

Cheat:

Use a packetlogger find out what it does with the website
Edit your hostfile and make it return "True" or whatever pending your findings with the packet logger.

Fr0z3N · February 27, 2006, 05:56 PM

Quote from: Warrior on February 27, 2006, 05:30 PM
Cheat:

Use a packetlogger find out what it does with the website
Edit your hostfile and make it return "True" or whatever pending your findings with the packet logger.

Problem:

WPE Pro (What I'm using) and my Firewalls is not detecting any internet activity.

Ideas:
AV Killer?
No ideas other then that which I doubt.

Mystical · February 27, 2006, 05:59 PM

Maybe the author just wrote the database inside the program, and wants people to think it connects to a database, maybe someone just said what i said, i didn't read full post. so my bad if its been said.

Fr0z3N · February 27, 2006, 06:09 PM

Quote from: MyStiCaL on February 27, 2006, 05:59 PM
Maybe the author just wrote the database inside the program, and wants people to think it connects to a database, maybe someone just said what i said, i didn't read full post. so my bad if its been said.

Good guess, I thought of that too. Problem is that it DOES read from the website as I have 2 ways to prove it.

1) site goes down, program does not inject.
2) I had my friend get an account added to the list for me when I already had the program thus it must have checked somewhere because it would not load on the account then once it was added it worked fine.

Mystical · February 27, 2006, 06:23 PM

for a newbie way then, maybe open with hex editor and check if theres any strings that arnt encrypted to a website, or maybe somthing he missed to encrypt and get all possible ideas from that.

Fr0z3N · February 27, 2006, 06:26 PM

Tried that, didn't really know what to look for or didn't find anything.

Good at cracking? Crack this file!

hismajesty