• Welcome to Valhalla Legends Archive.
 

Good at cracking? Crack this file!

Started by Fr0z3N, February 22, 2006, 08:09 PM

Previous topic - Next topic

Fr0z3N

Quote from: Topaz on February 26, 2006, 12:08 AM
If you're going to post a request on a public forum, you should be prepared to provide certain things to the public. Idiot.

Thus I am, and unless you can help, why the fuck are you posting here?

hismajesty

Quote from: Fr0z3N on February 26, 2006, 12:00 AM
Point being? Is it impossible for a human to change their fucking mind? Stop ruining threads and go back to being childish.

Yes because your response was sooooo mature. I wish I could be more like you.

Warrior

I'd suggest taking a step back and looking at it logically. What do I need to get done and how do I think the programmer did this. Familiarize yourself with a debugger and IDA. Learn simple ASM and get more complex later on etc.. this isn't something done in a few days with zero knowledge. Once you take the time to understand it, you'll have an easier time doing things like this in the future.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Fr0z3N

I need the DLL unpacked if anyone can do that. I don't know what it was packed with.

LivedKrad

Quote from: Warrior on February 26, 2006, 07:19 PM
I'd suggest taking a step back and looking at it logically. What do I need to get done and how do I think the programmer did this. Familiarize yourself with a debugger and IDA. Learn simple ASM and get more complex later on etc.. this isn't something done in a few days with zero knowledge. Once you take the time to understand it, you'll have an easier time doing things like this in the future.

I already told him to do that when he messaged me individually on how to do it.

iago

#20
I *think* that PE Explorer can unpack executables.  But I could be wrong.  It's worth checking, though. 

Additionally, it can be done manually with IDA.  The advantage is that it can decode custom encoding schemes (packers, whatever).  The disadvantage is that it's a slow process, likely.  More information on how to do that can be found in the book Hacker Disassembling Uncovered.  In one of the chapters they walk you through decoding an executable with IDA. 
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Skywing

HIEW has some nice support for unpacking encrypted/packed executables in that it lets you provide a small assembler program that matches the decryption that the packer does (to run over a sequence).

Fr0z3N

Quote from: iago on February 27, 2006, 12:02 PM
I *think* that PE Explorer can unpack executables.  But I could be wrong.  It's worth checking, though. 

Additionally, it can be done manually with IDA.  The advantage is that it can decode custom encoding schemes (packers, whatever).  The disadvantage is that it's a slow process, likely.  More information on how to do that can be found in the book Hacker Disassembling Uncovered.  In one of the chapters they walk you through decoding an executable with IDA. 


I've been using PE Explorer after talking with LivedKrad, maybe I'm not using the right things.

I'll try that, thanks Skywing.

Fr0z3N

Ok well that didn't help either since it all looked like jibberish.

For sure I've established that:
1) It does authenticate from a website because when the site is down it stopped working
2) I need to worry about the DLL not the exe
3) I was told the DLL needs to be unpacked but I think PE Explorer is doing this for me

Warrior

Cheat:

Use a packetlogger find out what it does with the website
Edit your hostfile and make it return "True" or whatever pending your findings with the packet logger.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Fr0z3N

Quote from: Warrior on February 27, 2006, 05:30 PM
Cheat:

Use a packetlogger find out what it does with the website
Edit your hostfile and make it return "True" or whatever pending your findings with the packet logger.

Problem:

WPE Pro (What I'm using) and my Firewalls is not detecting any internet activity.

Ideas:
AV Killer?
No ideas other then that which I doubt.

Mystical

  Maybe the author just wrote the database inside the program, and wants people to think it connects to a database, maybe someone just said what i said, i didn't read full post. so my bad if its been said.


Fr0z3N

Quote from: MyStiCaL on February 27, 2006, 05:59 PM
  Maybe the author just wrote the database inside the program, and wants people to think it connects to a database, maybe someone just said what i said, i didn't read full post. so my bad if its been said.




Good guess, I thought of that too. Problem is that it DOES read from the website as I have 2 ways to prove it.

1) site goes down, program does not inject.
2) I had my friend get an account added to the list for me when I already had the program thus it must have checked somewhere because it would not load on the account then once it was added it worked fine.

Mystical


for a newbie way then, maybe open with hex editor and check if theres any strings that arnt encrypted to a website, or maybe somthing he missed to encrypt and get all possible ideas from that.

Fr0z3N

Tried that, didn't really know what to look for or didn't find anything.

|