Re: A Simple Crack

mach wrote:
> My used (i.e. cheap) copy of "The Mezonic Agenda" arrived in yesterday's
mail. Yet another 
> compelling (from a geek perspective) cyberthriller from
http://www.syngress.com
that 
> enables its readers to hack along with a typically blackhat protagonist.
Near the 
> beginning The authors illustrate a simple crack that byp***** password
protection embedded 
> in a binary named DECRYPTOR.EXE from
http://www.mezonicagenda.com/contest/index.html
> 
> Using HIEW.EXE to examine DECRYPTOR.EXE yields:
> 
>   .000121B0:  25 73 00 00-0A 54 79 70-65 20 74 68-65 20 66 75  %s  ?Type
the fu
> 
>   .000121C0:  6C 6C 20 70-61 74 68 20-74 6F 20 74-68 65 20 65  ll path
to the e
> 
>   .000121D0:  6E 63 72 79-70 74 65 64-20 66 69 6C-65 3A 20 00  ncrypted
file:
> 
>   .000121E0:  20 20 20 20-20 20 20 20-5C 5F 5F 5F-2F 00 00 00         
\___/
> 
>   .000121F0:  20 20 20 20-20 20 20 20-28 20 20 20-29 00 00 00          (
  )
> 
>   .00012200:  20 20 20 20-20 20 20 20-5C 20 20 20-2F 00 00 00          \
  /
> 
>   .00012210:  20 20 20 20-20 20 20 20-2F 20 20 20-5C 00 00 00          /
  \
> 
>   .00012220:  20 20 20 20-20 20 20 49-5F 20 20 20-5F 49 00 00         I_
  _I
> 
>   .00012230:  20 20 20 20-20 20 20 49-20 20 20 20-20 49 00 00         I 
   I
> 
>   .00012240:  20 20 20 5B-5F 5F 5F 5F-5F 5F 5F 5F-5F 5F 5F 5F    
[____________
> 
>   .00012250:  5F 5D 00 00-20 20 20 5B-5D 20 3A 3A-3A 3A 3A 3A  _]     []
::::::
> 
>   .00012260:  3A 3A 3A 20-5B 5D 00 00-20 20 20 5B-5D 20 3A 3A  ::: []   
 [] ::
> 
>   .00012270:  2A 2A 2A 2A-2A 3A 3A 20-5B 5D 00 00-20 20 20 5B  *****::
[]     [
> 
>   .00012280:  5D 20 3A 7C-3A 3A 3A 3A-3A 7C 3A 20-5B 5D 00 00  ]
:|:::::|: []
> 
>   .00012290:  20 20 20 5B-5D 20 3A 7C-20 28 5F 29-20 7C 3A 20     [] :|
(_) |:
> 
>   .000122A0:  5B 5D 00 00-20 20 20 2F-20 20 20 20-20 20 5F 20  []     / 
    _
> 
>   .000122B0:  20 20 20 20-20 5C 00 00-25 73 0A 00-20 20 20 20       \ 
%s?
> 
>   .000122C0:  5F 5F 5F 5F-5F 5F 5F 5F-5F 5F 5F 5F-5F 00 00 00 
_____________
> 
>   .000122D0:  0A 53 75 63-63 65 73 73-2E 2E 2E 74-68 65 20 6B 
?Success...the k
> 
>   .000122E0:  65 79 20 69-73 20 79 6F-75 72 73 21-0A 0A 00 00  ey is
yours!??
> 
>   .000122F0:  57 68 61 74-20 69 73 20-74 68 65 20-6B 65 79 3A  What is
the key:
> 
>   .00012300:  20 00 00 00-35 31 64 32-62 32 31 30-64 31 61 64     
51d2b210d1ad
> 
>   .00012310:  38 36 32 64-37 38 31 66-30 36 35 65-62 32 32 64 
862d781f065eb22d
> 
>   .00012320:  39 33 37 30-00 00 00 00-63 6C 73 00-F0 31 40 00  9370   
cls =1@[EMAIL PROTECTED]
> 
> 
> 
> Using the somewhat hokey eye-grabber allows us to discern the MD5 hash
as:
> 
> 
> 
>     51d2b210d1ad862d781f065eb22d9370
> 
> 
> 
> We use md5 to generate a md5 to generate our own MD5 hash for a known
password:
> 
> 
>     $ md5 -s mach
>     MD5 ("mach") = 73b5ac0111d26c2c149c563e8c027aab
> 
> 
> then use HIEW.EXE to replace the original embedded MD5 hash with our own
hash
> to crack DECRYPTOR.EXE. 
> 
> 
> --
> mach
> 
> "Bring your own subtext." - Joss Whedon.

HAHA That reminds me of the old trick we used to use to crack the old 
DOS games that would make you look up a word in the manual or use that 
stupid red plastic overlay to "decode" some secret word as a form of 
copy protection for the game. We would just fire up Norton Disk Editor 
and change all the words to the same one.

-- 
These morals are lines
Drawn around this shape of mine
Enclosed in the perfect design
Into this ethics mold confined
Define sense