Outils d'utilisateurs
sthack4:crackm3
CrackM3
A telecharger ici : https://github.com/StHack/2014-Binaries-Forensics/
On ouvre l'executable, il nous demande de rentrer un mot de passe. On le charge donc avec ollydbg (il y a quelques protections anti debug, comme des appels a “isDebuggerPresent”, facilement contournables avec des plugins), et on regarde la partie du code qui affiche ce message, et ce qu'il y a autour :
004107E2 /. 55 PUSH EBP 004107E3 |. 8BEC MOV EBP,ESP 004107E5 |. 8B45 0C MOV EAX,DWORD PTR [EBP+C] 004107E8 |. 56 PUSH ESI 004107E9 |. 2D 10010000 SUB EAX,110 ; Switch (cases 110..111) 004107EE |. 74 29 JE SHORT CrackM3-.00410819 004107F0 |. 48 DEC EAX 004107F1 |. 75 22 JNZ SHORT CrackM3-.00410815 004107F3 |. 8B4D 10 MOV ECX,DWORD PTR [EBP+10] ; Case 111 of switch 004107E9 004107F6 |. 33F6 XOR ESI,ESI 004107F8 |. 46 INC ESI 004107F9 |. 66:3BCE CMP CX,SI 004107FC |. 74 06 JE SHORT CrackM3-.00410804 004107FE |. 66:83F9 02 CMP CX,2 00410802 |. 75 11 JNZ SHORT CrackM3-.00410815 00410804 |> 0FB7C9 MOVZX ECX,CX 00410807 |. 51 PUSH ECX ; /Result 00410808 |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 0041080B |. FF15 38114100 CALL DWORD PTR [<&USER32.EndDialog>] ; \EndDialog 00410811 |. 8BC6 MOV EAX,ESI 00410813 |. EB 07 JMP SHORT CrackM3-.0041081C 00410815 |> 33C0 XOR EAX,EAX ; Default case of switch 004107E9 00410817 |. EB 03 JMP SHORT CrackM3-.0041081C 00410819 |> 33C0 XOR EAX,EAX ; Case 110 of switch 004107E9 0041081B |. 40 INC EAX 0041081C |> 5E POP ESI 0041081D |. 5D POP EBP 0041081E \. C2 1000 RET 10 00410821 /. 55 PUSH EBP 00410822 |. 8BEC MOV EBP,ESP 00410824 |. 83EC 50 SUB ESP,50 00410827 |. 8B45 0C MOV EAX,DWORD PTR [EBP+C] 0041082A |. 56 PUSH ESI 0041082B |. 57 PUSH EDI 0041082C |. 33F6 XOR ESI,ESI 0041082E |. 6A 0A PUSH 0A 00410830 |. 48 DEC EAX ; Switch (cases 2..111) 00410831 |. 59 POP ECX 00410832 |. 8975 F0 MOV DWORD PTR [EBP-10],ESI 00410835 |. 894D F4 MOV DWORD PTR [EBP-C],ECX 00410838 |. C745 F8 BE000>MOV DWORD PTR [EBP-8],0BE 0041083F |. C745 FC 64000>MOV DWORD PTR [EBP-4],64 00410846 |. 48 DEC EAX 00410847 |. 0F84 AB020000 JE CrackM3-.00410AF8 0041084D |. 83E8 0D SUB EAX,0D 00410850 |. 0F84 5C020000 JE CrackM3-.00410AB2 00410856 |. 2D F1000000 SUB EAX,0F1 0041085B |. 74 5F JE SHORT CrackM3-.004108BC 0041085D |. 83E8 11 SUB EAX,11 00410860 |. 74 0B JE SHORT CrackM3-.0041086D 00410862 |. FF75 14 PUSH DWORD PTR [EBP+14] 00410865 |. FF75 10 PUSH DWORD PTR [EBP+10] 00410868 |. FF75 0C PUSH DWORD PTR [EBP+C] 0041086B |. EB 17 JMP SHORT CrackM3-.00410884 0041086D |> 8B4D 10 MOV ECX,DWORD PTR [EBP+10] ; Case 111 (WM_COMMAND) of switch 00410830 00410870 |. 0FB7C1 MOVZX EAX,CX 00410873 |. 83E8 68 SUB EAX,68 ; Switch (cases 68..69) 00410876 |. 74 28 JE SHORT CrackM3-.004108A0 00410878 |. 48 DEC EAX 00410879 |. 74 17 JE SHORT CrackM3-.00410892 0041087B |. FF75 14 PUSH DWORD PTR [EBP+14] ; Default case of switch 00410873 0041087E |. 51 PUSH ECX 0041087F |. 68 11010000 PUSH 111 00410884 |> FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd; Default case of switch 00410830 00410887 |. FF15 54114100 CALL DWORD PTR [<&USER32.DefWindowProcA>>; \DefWindowProcA 0041088D |. E9 6F020000 JMP CrackM3-.00410B01 00410892 |> FF75 08 PUSH DWORD PTR [EBP+8] ; /hWnd; Case 69 ('i') of switch 00410873 00410895 |. FF15 58114100 CALL DWORD PTR [<&USER32.DestroyWindow>] ; \DestroyWindow 0041089B |. E9 5F020000 JMP CrackM3-.00410AFF 004108A0 |> 56 PUSH ESI ; /lParam; Case 68 ('h') of switch 00410873 004108A1 |. 68 E2074100 PUSH CrackM3-.004107E2 ; |DlgProc = CrackM3-.004107E2 004108A6 |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hOwner 004108A9 |. 6A 67 PUSH 67 ; |pTemplate = 67 004108AB |. FF35 248B4100 PUSH DWORD PTR [418B24] ; |hInst = NULL 004108B1 |. FF15 5C114100 CALL DWORD PTR [<&USER32.DialogBoxParamA>; \DialogBoxParamA 004108B7 |. E9 43020000 JMP CrackM3-.00410AFF 004108BC |> 8B45 10 MOV EAX,DWORD PTR [EBP+10] ; Case 100 (WM_KEYDOWN) of switch 00410830 004108BF |. 83F8 4D CMP EAX,4D ; Switch (cases 20..5A) 004108C2 |. 0F87 0A010000 JA CrackM3-.004109D2 004108C8 |. 0F84 F8000000 JE CrackM3-.004109C6 004108CE |. 83F8 46 CMP EAX,46 004108D1 |. 0F87 9D000000 JA CrackM3-.00410974 004108D7 |. 0F84 8E000000 JE CrackM3-.0041096B 004108DD |. 83E8 20 SUB EAX,20 004108E0 |. 74 5D JE SHORT CrackM3-.0041093F 004108E2 |. 83E8 21 SUB EAX,21 004108E5 |. 74 4F JE SHORT CrackM3-.00410936 004108E7 |. 48 DEC EAX 004108E8 |. 74 43 JE SHORT CrackM3-.0041092D 004108EA |. 48 DEC EAX 004108EB |. 74 37 JE SHORT CrackM3-.00410924 004108ED |. 48 DEC EAX 004108EE |. 74 2B JE SHORT CrackM3-.0041091B 004108F0 |. 48 DEC EAX 004108F1 |. 75 19 JNZ SHORT CrackM3-.0041090C 004108F3 |. A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 45 ('E') of switch 004108BF 004108F8 |. 83F8 03 CMP EAX,3 004108FB |. 74 51 JE SHORT CrackM3-.0041094E 004108FD |. 83F8 06 CMP EAX,6 00410900 |. 74 4C JE SHORT CrackM3-.0041094E 00410902 |. 83F8 0C CMP EAX,0C 00410905 |. 74 47 JE SHORT CrackM3-.0041094E 00410907 |. 83F8 13 CMP EAX,13 0041090A |> 74 42 JE SHORT CrackM3-.0041094E 0041090C |> C705 208B4100>MOV DWORD PTR [418B20],1 ; Default case of switch 004108BF 00410916 |. E9 E4010000 JMP CrackM3-.00410AFF 0041091B |> 833D 208B4100>CMP DWORD PTR [418B20],1D ; Case 44 ('D') of switch 004108BF 00410922 |. EB 28 JMP SHORT CrackM3-.0041094C 00410924 |> 833D 208B4100>CMP DWORD PTR [418B20],1F ; Case 43 ('C') of switch 004108BF 0041092B |. EB 1F JMP SHORT CrackM3-.0041094C 0041092D |> 833D 208B4100>CMP DWORD PTR [418B20],1E ; Case 42 ('B') of switch 004108BF 00410934 |. EB 16 JMP SHORT CrackM3-.0041094C 00410936 |> 833D 208B4100>CMP DWORD PTR [418B20],10 ; Case 41 ('A') of switch 004108BF 0041093D |. EB 0D JMP SHORT CrackM3-.0041094C 0041093F |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 20 (' ') of switch 004108BF 00410944 |. 83F8 04 CMP EAX,4 00410947 |. 74 05 JE SHORT CrackM3-.0041094E 00410949 |. 83F8 0E CMP EAX,0E 0041094C |>^ 75 BE JNZ SHORT CrackM3-.0041090C 0041094E |> 56 PUSH ESI ; /Erase 0041094F |. 56 PUSH ESI ; |pRect 00410950 |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 00410953 |. FF15 50114100 CALL DWORD PTR [<&USER32.InvalidateRect>>; \InvalidateRect 00410959 |. 6A 01 PUSH 1 0041095B |> 56 PUSH ESI ; |hUpdateRgn 0041095C |. 56 PUSH ESI ; |pRect 0041095D |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 00410960 |. FF15 4C114100 CALL DWORD PTR [<&USER32.RedrawWindow>] ; \RedrawWindow 00410966 |. E9 94010000 JMP CrackM3-.00410AFF 0041096B |> 833D 208B4100>CMP DWORD PTR [418B20],1C ; Case 46 ('F') of switch 004108BF 00410972 |.^ EB D8 JMP SHORT CrackM3-.0041094C 00410974 |> 83E8 47 SUB EAX,47 00410977 |. 74 3C JE SHORT CrackM3-.004109B5 00410979 |. 48 DEC EAX 0041097A |. 74 30 JE SHORT CrackM3-.004109AC 0041097C |. 48 DEC EAX 0041097D |. 74 24 JE SHORT CrackM3-.004109A3 0041097F |. 48 DEC EAX 00410980 |. 74 18 JE SHORT CrackM3-.0041099A 00410982 |. 48 DEC EAX 00410983 |. 74 0C JE SHORT CrackM3-.00410991 00410985 |. 48 DEC EAX 00410986 |.^ 75 84 JNZ SHORT CrackM3-.0041090C 00410988 |. 833D 208B4100>CMP DWORD PTR [418B20],8 ; Case 4C ('L') of switch 004108BF 0041098F |.^ EB BB JMP SHORT CrackM3-.0041094C 00410991 |> 833D 208B4100>CMP DWORD PTR [418B20],5 ; Case 4B ('K') of switch 004108BF 00410998 |.^ EB B2 JMP SHORT CrackM3-.0041094C 0041099A |> 833D 208B4100>CMP DWORD PTR [418B20],1A ; Case 4A ('J') of switch 004108BF 004109A1 |.^ EB A9 JMP SHORT CrackM3-.0041094C 004109A3 |> 833D 208B4100>CMP DWORD PTR [418B20],1B ; Case 49 ('I') of switch 004108BF 004109AA |.^ EB A0 JMP SHORT CrackM3-.0041094C 004109AC |> 833D 208B4100>CMP DWORD PTR [418B20],2 ; Case 48 ('H') of switch 004108BF 004109B3 |.^ EB 97 JMP SHORT CrackM3-.0041094C 004109B5 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 47 ('G') of switch 004108BF 004109BA |. 3BC1 CMP EAX,ECX 004109BC |.^ 74 90 JE SHORT CrackM3-.0041094E 004109BE |. 83F8 0B CMP EAX,0B 004109C1 |.^ E9 44FFFFFF JMP CrackM3-.0041090A 004109C6 |> 833D 208B4100>CMP DWORD PTR [418B20],0F ; Case 4D ('M') of switch 004108BF 004109CD |.^ E9 7AFFFFFF JMP CrackM3-.0041094C 004109D2 |> 83C0 B2 ADD EAX,-4E 004109D5 |. 83F8 0C CMP EAX,0C 004109D8 |.^ 0F87 2EFFFFFF JA CrackM3-.0041090C 004109DE |. FF2485 090B41>JMP DWORD PTR [EAX*4+410B09] 004109E5 |> 833D 208B4100>CMP DWORD PTR [418B20],20 ; Case 4E ('N') of switch 004108BF 004109EC |.^ E9 5BFFFFFF JMP CrackM3-.0041094C 004109F1 |> 833D 208B4100>CMP DWORD PTR [418B20],9 ; Case 4F ('O') of switch 004108BF 004109F8 |.^ E9 4FFFFFFF JMP CrackM3-.0041094C 004109FD |> 833D 208B4100>CMP DWORD PTR [418B20],21 ; Case 50 ('P') of switch 004108BF 00410A04 |.^ E9 43FFFFFF JMP CrackM3-.0041094C 00410A09 |> 833D 208B4100>CMP DWORD PTR [418B20],22 ; Case 51 ('Q') of switch 004108BF 00410A10 |.^ E9 37FFFFFF JMP CrackM3-.0041094C 00410A15 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 52 ('R') of switch 004108BF 00410A1A |. 83F8 0D CMP EAX,0D 00410A1D |.^ 0F84 2BFFFFFF JE CrackM3-.0041094E 00410A23 |. 83F8 14 CMP EAX,14 00410A26 |.^ E9 DFFEFFFF JMP CrackM3-.0041090A 00410A2B |> 833D 208B4100>CMP DWORD PTR [418B20],11 ; Case 53 ('S') of switch 004108BF 00410A32 |.^ E9 15FFFFFF JMP CrackM3-.0041094C 00410A37 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 54 ('T') of switch 004108BF 00410A3C |. 33FF XOR EDI,EDI 00410A3E |. 47 INC EDI 00410A3F |. 3BC7 CMP EAX,EDI 00410A41 |. 74 10 JE SHORT CrackM3-.00410A53 00410A43 |. 83F8 12 CMP EAX,12 00410A46 |. 74 0B JE SHORT CrackM3-.00410A53 00410A48 |. 893D 208B4100 MOV DWORD PTR [418B20],EDI 00410A4E |. E9 AC000000 JMP CrackM3-.00410AFF 00410A53 |> 56 PUSH ESI ; /Erase 00410A54 |. 56 PUSH ESI ; |pRect 00410A55 |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 00410A58 |. FF15 50114100 CALL DWORD PTR [<&USER32.InvalidateRect>>; \InvalidateRect 00410A5E |. 57 PUSH EDI 00410A5F |.^ E9 F7FEFFFF JMP CrackM3-.0041095B 00410A64 |> C705 208B4100>MOV DWORD PTR [418B20],24 ; Case 55 ('U') of switch 004108BF 00410A6E |.^ E9 DBFEFFFF JMP CrackM3-.0041094E 00410A73 |> C705 208B4100>MOV DWORD PTR [418B20],23 ; Case 56 ('V') of switch 004108BF 00410A7D |.^ E9 CCFEFFFF JMP CrackM3-.0041094E 00410A82 |> 833D 208B4100>CMP DWORD PTR [418B20],19 ; Case 57 ('W') of switch 004108BF 00410A89 |.^ E9 BEFEFFFF JMP CrackM3-.0041094C 00410A8E |> 833D 208B4100>CMP DWORD PTR [418B20],18 ; Case 58 ('X') of switch 004108BF 00410A95 |.^ E9 B2FEFFFF JMP CrackM3-.0041094C 00410A9A |> 833D 208B4100>CMP DWORD PTR [418B20],7 ; Case 59 ('Y') of switch 004108BF 00410AA1 |.^ E9 A6FEFFFF JMP CrackM3-.0041094C 00410AA6 |> 833D 208B4100>CMP DWORD PTR [418B20],17 ; Case 5A ('Z') of switch 004108BF 00410AAD |.^ E9 9AFEFFFF JMP CrackM3-.0041094C 00410AB2 |> FF05 208B4100 INC DWORD PTR [418B20] ; Case F (WM_PAINT) of switch 00410830 00410AB8 |. 8D45 B0 LEA EAX,DWORD PTR [EBP-50] 00410ABB |. 50 PUSH EAX ; /pPaintstruct 00410ABC |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 00410ABF |. FF15 48114100 CALL DWORD PTR [<&USER32.BeginPaint>] ; \BeginPaint 00410AC5 |. 833D 208B4100>CMP DWORD PTR [418B20],15 00410ACC |. 6A 01 PUSH 1 00410ACE |. 8D4D F0 LEA ECX,DWORD PTR [EBP-10] 00410AD1 |. 51 PUSH ECX 00410AD2 |. 6A FF PUSH -1 00410AD4 |. 75 07 JNZ SHORT CrackM3-.00410ADD 00410AD6 |. 68 A05B4100 PUSH CrackM3-.00415BA0 ; ASCII "That's it buddy !" 00410ADB |. EB 05 JMP SHORT CrackM3-.00410AE2 00410ADD |> 68 B45B4100 PUSH CrackM3-.00415BB4 ; ASCII "Please enter Password" 00410AE2 |> 50 PUSH EAX ; |hDC 00410AE3 |. FF15 44114100 CALL DWORD PTR [<&USER32.DrawTextA>] ; \DrawTextA 00410AE9 |. 8D45 B0 LEA EAX,DWORD PTR [EBP-50] 00410AEC |. 50 PUSH EAX ; /pPaintstruct 00410AED |. FF75 08 PUSH DWORD PTR [EBP+8] ; |hWnd 00410AF0 |. FF15 40114100 CALL DWORD PTR [<&USER32.EndPaint>] ; \EndPaint 00410AF6 |. EB 07 JMP SHORT CrackM3-.00410AFF 00410AF8 |> 56 PUSH ESI ; /ExitCode; Case 2 (WM_DESTROY) of switch 00410830 00410AF9 |. FF15 3C114100 CALL DWORD PTR [<&USER32.PostQuitMessage>; \PostQuitMessage 00410AFF |> 33C0 XOR EAX,EAX 00410B01 |> 5F POP EDI 00410B02 |. 5E POP ESI 00410B03 |. C9 LEAVE 00410B04 \. C2 1000 RET 10
Ce qu'on remarque en premier, il y'a un switch qui couvre toutes les lettres de l'alphabet. Ce switch est appelé quand une touche est pressée (004108BC : Case 100 (WM_KEYDOWN) of switch…)
Pour presque toutes les lettres, il y a une comparaison entre l'entier à l'addresse 00418B20 et un nombre qui va de 0 a une trentaine, puis un jump vers 0041094C, par exemple:
CMP DWORD PTR [418B20],10 ; Case 41 ('A') of switch 004108BF JMP SHORT CrackM3-.0041094C
Si on suit le jump on arrive sur:
JNZ SHORT CrackM3-.0041090C
On pourrait continuer l'analyse, mais on peut déjà suposer que l'addresse 004108BF sert à compter les touches pressées, et que ces CMP servent donc a verifier que les touches du clavier ont bien été pressées dans l'ordre.
Il faudrait donc lire les valeurs des CMP pour savoir quelles sont les positions des lettres dans le mot de passe.
Si la mauvaise touche est pressée, PTR [418B20] est remis à 1 :
0041090C |> C705 208B4100>MOV DWORD PTR [418B20],1
On cherche donc pour quelle touche une comparaison à 1 est effectuée. Pour le T:
00410A37 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] 00410A3C |. 33FF XOR EDI,EDI ; EDI = 0 00410A3E |. 47 INC EDI ; EDI = 1 00410A3F |. 3BC7 CMP EAX,EDI ; On compare eax a 1 00410A41 |. 74 10 JE SHORT CrackM3-.00410A53 ; La touche est validé si T est pressée en 1er 00410A43 |. 83F8 12 CMP EAX,12 ; Mais aussi a 0x12 00410A46 |. 74 0B JE SHORT CrackM3-.00410A53 ; Donc il y a un T en 18ème position 00410A48 |. 893D 208B4100 MOV DWORD PTR [418B20],EDI ; Si les JE n'ont pas été suivis, alors T n'as pas été pressé au bon moment, PTR [418B20] reprend la valeur 1 00410A4E |. E9 AC000000 JMP CrackM3-.00410AFF
On peut commencer à remplir le mot de passe :
T________________T
004109AC |> 833D 208B4100>CMP DWORD PTR [418B20],2 ; Case 48 ('H') of switch 004108BF
TH_______________T
004108F3 |. A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 45 ('E') of switch 004108BF 004108F8 |. 83F8 03 CMP EAX,3 004108FB |. 74 51 JE SHORT CrackM3-.0041094E 004108FD |. 83F8 06 CMP EAX,6 00410900 |. 74 4C JE SHORT CrackM3-.0041094E 00410902 |. 83F8 0C CMP EAX,0C 00410905 |. 74 47 JE SHORT CrackM3-.0041094E 00410907 |. 83F8 13 CMP EAX,13 0041090A |> 74 42 JE SHORT CrackM3-.0041094E 0041090C |> C705 208B4100>MOV DWORD PTR [418B20],1 ; Default case of switch 004108BF 00410916 |. E9 E4010000 JMP CrackM3-.00410AFF
THE__E_____E_____TE
0041093F |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 20 (' ') of switch 004108BF 00410944 |. 83F8 04 CMP EAX,4 00410947 |. 74 05 JE SHORT CrackM3-.0041094E ; Si pressée en 4ème, saute vers l'incrémentation de PTR [418B20] 00410949 |. 83F8 0E CMP EAX,0E 0041094C |>^ 75 BE JNZ SHORT CrackM3-.0041090C ; Si n'est pas pressée en 14ème, saute vers la réinitialisation de PTR [418B20]
THE _E_____E_ ___TE
00410991 |> 833D 208B4100>CMP DWORD PTR [418B20],5 ; Case 4B ('K') of switch 004108BF 00410998 |.^ EB B2 JMP SHORT CrackM3-.0041094C
THE KE_____E_ ___TE
00410A9A |> 833D 208B4100>CMP DWORD PTR [418B20],7 ; Case 59 ('Y') of switch 004108BF 00410AA1 |.^ E9 A6FEFFFF JMP CrackM3-.0041094C
THE KEY____E_ ___TE
00410988 |. 833D 208B4100>CMP DWORD PTR [418B20],8 ; Case 4C ('L') of switch 004108BF 0041098F |.^ EB BB JMP SHORT CrackM3-.0041094C
THE KEYL___E_ ___TE
004109F1 |> 833D 208B4100>CMP DWORD PTR [418B20],9 ; Case 4F ('O') of switch 004108BF 004109F8 |.^ E9 4FFFFFFF JMP CrackM3-.0041094C
THE KEYLO__E_ ___TE
004109B5 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 47 ('G') of switch 004108BF 004109BA |. 3BC1 CMP EAX,ECX 004109BC |.^ 74 90 JE SHORT CrackM3-.0041094E 004109BE |. 83F8 0B CMP EAX,0B 004109C1 |.^ E9 44FFFFFF JMP CrackM3-.0041090A
THE KEYLOGGE_ ___TE
00410A15 |> A1 208B4100 MOV EAX,DWORD PTR [418B20] ; Case 52 ('R') of switch 004108BF 00410A1A |. 83F8 0D CMP EAX,0D 00410A1D |.^ 0F84 2BFFFFFF JE CrackM3-.0041094E 00410A23 |. 83F8 14 CMP EAX,14 00410A26 |.^ E9 DFFEFFFF JMP CrackM3-.0041090A
THE KEYLOGGER ___TER
004109C6 |> 833D 208B4100>CMP DWORD PTR [418B20],0F ; Case 4D ('M') of switch 004108BF 004109CD |.^ E9 7AFFFFFF JMP CrackM3-.0041094C
THE KEYLOGGER M__TER
00410936 |> 833D 208B4100>CMP DWORD PTR [418B20],10 ; Case 41 ('A') of switch 004108BF 0041093D |. EB 0D JMP SHORT CrackM3-.0041094C
THE KEYLOGGER MA_TER
00410A2B |> 833D 208B4100>CMP DWORD PTR [418B20],11 ; Case 53 ('S') of switch 004108BF 00410A32 |.^ E9 15FFFFFF JMP CrackM3-.0041094C
THE KEYLOGGER MASTER
Le mot de passe est donc “The keylogger master” ; il faut le rentrer assez vite pour voir apparaitre le goodboy.
— c4ffein
sthack4/crackm3.txt · Dernière modification: 2017/04/09 15:33 (modification externe)
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
