SERIAL = abcd-2312
activation key = 38550 |
==> |
int main()
{
int local_20 = 0;
int local_24 = 0;
// 012345678
// 1234-5678
char serial[] = "abcd-2312";
for (int i = 0; i (local_20 & 0x1)) + local_24 + serial[8];
}
else
{
local_2c = ((int)serial[3] |
==> |
I was able to crack this 100.
I did it by overwriting the return address to the address to print the success msg.
mov dword ptr ss:[esp],overflow_me.404050
call
I also made sure to overwrite the next return address further down the stack to the original return address that would of executed the 'good byte' code.
After this I decided to read the solution, the solution mentioned something about the check for '0xff', but i guess this wasnt needed for my method since I bypassed this check and went directly to the message.
good crack me, nice and fun.
ps. I was only able to write the opcode though python piping.
Eg. python -c "print('11112222')" | Overflow_me.exe
If there is a way to write the opcode in ascii straight into the stdin in the console, then please let me know, as I searched for ages to try to find a way but ended up just using piping.
|
==> |
XÞeRop
'ÉÞ†p{mAzes_w3Re_1nv3nteD_by_EgyptianS_cb3c82b9}zh3r0{ |
==> |
the name has no influence on the password, all that matters is the number and password.
i made a program to computer the password for the corresponding number, the first 100 is posted here below.
number: 1 password = 3
number: 2 password = 8
number: 3 password = 15
number: 4 password = 69
number: 5 password = 62
number: 6 password = 75
number: 7 password = 108
number: 8 password = 62
number: 9 password = 36
number: 10 password = 2
number: 11 password = 13
number: 12 password = 24
number: 13 password = 35
number: 14 password = 46
number: 15 password = 57
number: 16 password = 68
number: 17 password = 79
number: 18 password = 90
number: 19 password = 101
number: 20 password = 4
number: 21 password = 25
number: 22 password = 46
number: 23 password = 67
number: 24 password = 88
number: 25 password = 10
number: 26 password = 31
number: 27 password = 52
number: 28 password = 73
number: 29 password = 94
number: 30 password = 6
number: 31 password = 37
number: 32 password = 68
number: 33 password = 99
number: 34 password = 31
number: 35 password = 62
number: 36 password = 93
number: 37 password = 25
number: 38 password = 56
number: 39 password = 87
number: 40 password = 8
number: 41 password = 49
number: 42 password = 90
number: 43 password = 32
number: 44 password = 73
number: 45 password = 15
number: 46 password = 56
number: 47 password = 97
number: 48 password = 39
number: 49 password = 80
number: 50 password = 10
number: 51 password = 61
number: 52 password = 13
number: 53 password = 64
number: 54 password = 16
number: 55 password = 67
number: 56 password = 19
number: 57 password = 70
number: 58 password = 22
number: 59 password = 73
number: 60 password = 12
number: 61 password = 73
number: 62 password = 35
number: 63 password = 96
number: 64 password = 58
number: 65 password = 20
number: 66 password = 81
number: 67 password = 214
number: 68 password = 815
number: 69 password = 426
number: 70 password = 14
number: 71 password = 85
number: 72 password = 57
number: 73 password = 29
number: 74 password = 100
number: 75 password = 513
number: 76 password = 224
number: 77 password = 925
number: 78 password = 636
number: 79 password = 347
number: 80 password = 16
number: 81 password = 97
number: 82 password = 79
number: 83 password = 412
number: 84 password = 223
number: 85 password = 34
number: 86 password = 835
number: 87 password = 646
number: 88 password = 457
number: 89 password = 268
number: 90 password = 18
number: 91 password = 109
number: 92 password = 812
number: 93 password = 723
number: 94 password = 634
number: 95 password = 545
number: 96 password = 456
number: 97 password = 367
number: 98 password = 278 |
==> |