- Scroll reverser windows alternative update#
- Scroll reverser windows alternative code#
- Scroll reverser windows alternative password#
Scroll reverser windows alternative update#
However, I cannot ignore the fact that this article has nothing to offer and it is written in such way that makes someone question even if you really understand what you are talking about or you are just reproducing something you saw somewhere online.I've just added the following update to the main README and website: Just to make this clear, I am not trying to disrespect your or the effort you made for writing those lines. I could probably mention a few other things regarding the second part, but I think this is enough already. Then, you just use the ollydump plugin, but again you don’t even mention the imports rebuilding step which is the most important (ticking boxes won’t teach anything to anyone). You don’t even explain for which reason in this case or probably in other cases someone would be interested in the ‘POPAD’ instruction, (and btw POPAD pops DWORDs not WORDs). Unpacking is not just ‘click here.then scroll down.right click, and congrats!’. This article refers exclusively into UPX unpacking, so I think you should have added this into your title.įurthermore, the way you approach the unpacking process doesn’t really give any clues to anyone about what he could do in a slightly different case. I need to say that the title is a little bit misleading. Hi would like to point out a few things regarding the first part of your article.
Scroll reverser windows alternative password#
So this is the correct password! So, if we feed this password in the Crackme2, we will get the message “Great work…” So, now to get the original password, we need to XOR the Hex of ‘Messing_in_bytes’ and 1F 2C 37 36 3B 3D 28 19 3D 26 1A 31 2D 3B 37 3E So, the string being returned from 004013B8 is starting from the address 00402150 ie, 1F 2C 37 36 3B 3D 28 19 3D 26 1A 31 2D 3B 37 3E. In next call, CALL CRACKME2.004013B8, the result is being compared with the correct XOR result in 004013B8. After XORing, the result is being pushed at address 0040217E. So that means our password length also should be 16. So, it has given us the hint that our password supplied is being XORed with the string at address 004021A3 (Messing_in_bytes), which is of 16 characters long. And it keeps doing that till our passwords last letter (‘I’) is finished. XOR BL,CL does an XOR operation with ‘M’ and ‘N’. The instruction MOV BL,BYTE PTR DS: transfers one byte to BL (our password’s first letter ‘N’). The instruction MOV CL,BYTE PTR DS: picks up one character, starting at 004021A3 from Hex dump and moving to CL (‘M’). Now the control goes to address 00401399. The same instructions are repeated until the next letter ‘i’ is converted to ‘I’. Olly lands at the following instructions: Once loaded, press F8 and step through the instructions to get an idea about the code. Now again, press CTRL+F2, this will reload the CrackMe2.exe into Olly (Fig-10). This is my way of doing that and it may differ with the method of others. How and which routines/functions we need to inspect is entirely one’s personal way of doing that based on intuition, but more or less it will be similar approach. Again, there may lots of ways to break this functionality and that depends on the software’s behavior, but the ultimate goal is to bypass the password check. We’ll carefully go through the assembly, understand the logic behind this and try to overcome the password checking. The second one is a bit easier as you only need to directly go and see how we can go to the logical end, and can then change the flow. The first option is a bit difficult as you really need to dive in each and every routine/subroutine and understand the logic.
Scroll reverser windows alternative code#
So our goal will be to inspect the code and break this barrier to get the “Congrats…” message. If you enter the wrong password and press OK, it will display a message “No luck there mate!” Since we don’t know the correct password, we can’t get through the application.