| solve this if you love yourself |
2025-12-09 07:46 |
I used x64dbg with plugin ScyllaHide and IDA pro with plugin Fusion to make signatures. Firstly, when I ran the programm using the debugger and skip all breakpoints I noticed the string "[SOTERIA] loading entry point..\n" in registers and callstack, I went to the address and found all output strings, after I entered the wrong password I found the correct password nearby in memory.
Also i tried another way. I set the breakpoint on strcmp and entered a wrong password again. I catched the breakpoint and found the place where this strcmp function was called by the looking on stack of calls, there i can see my input and correct password. Also there i can patch "call r9" that means strcmp(correct_password, input_password); to xor eax, eax; that means all my passwords that I will input in future will be correct, because the program will be thinking that strcmp returned 0, so the strings is equals. |