For all you hax0rs and wana bees -----------

[dionx]

only got past level 1. i'm not a hax0r and i dont care.

 

[Descartes]

Joony: We've seen that link in the binary, but obviously that's not the correct link.

I'm still having problems with dissassembling the binary. My first guess would be that it's using a rudimentary encryption scheme for the passwords. If you look in the binary, there are two strings that are 5 characters each (makes sense for level 5). You'll also note a string containing all characters from 0-9 to a-z to A-Z to .-0 or something. I imagine he's doing a simple lookup on this string to pseudo-encrypt these 5 character strings.

Haven't yet figured it out, and disassembling an NE file is a pain.

 

[Pr0Hawk]

If txtPassword <> Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1) & Mid(mc001A, 45, 1) & Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1) & Mid(mc001A, 26, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 25, 1) & Mid(mc001A, 24, 1) Then MsgBox "Username/Password don't match."

hmmm

 

[Descartes]

Also note, that there is *another* string literal containing five characters and the value "start"

I imagine this is where we should start to seed the other two 5-character strings.

 

[gopunk]

yea i think you may be right... i got some disassembler, but everything was in wingdongs or some weird thing like that. anyways, Try2Hack is likely the username

 

[Pr0Hawk]

I got level 5 w0h000!

 

[Descartes]

Sweet, I just got level5 too.

Thanks pr0hawk!

What decompiler did you use?

 

[gopunk]

yea, how'd you do it?

i am not worthy...

 

[Descartes]

Well, I was right about using that string for the password, but I thought he was going to make it more difficult than just decompiling.

 

[thEnEuRoMancER]

Dodi's VB decompiler v3.48e does miracles 🙂

 

[Descartes]

gopunk:

That string in the binary I told you about was the key. If you declare a string in VB, and use pr0hawk's code, you get this:

mc001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}<\/>0"

MsgBox Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1) & Mid(mc001A, 30, 1) & _
Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1) & Mid(mc001A, 45, 1) & _
Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1) & Mid(mc001A, 26, 1) & _
Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 11, 1) & _
Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 25, 1) & _
Mid(mc001A, 24, 1)

You'll get the password with the above code. The username is still "Try2Hack" (I had to guess that one). If you don't have VB, you most likely have WSH, so just open a text file, save with the above code and a .vbs extension, and run it.

 

[Descartes]

I used Dodi's VB3 decompiler, but it bombed on me. 🙁

 

[thEnEuRoMancER]

Just search for the newer version, the old version bombed on me too

 

[gopunk]

thanks for the info..

unfortunately, i get the feeling my limits have been reached... we'll see though

 

[Joony]

where do i find this "decomplier"?

 

[Descartes]

Joony: Google, use it, love it.

A VB3 decompiler isn't much use anymore though, but it served it's purpose for this task.

 

[gopunk]

sooo.... if we can't decompile it... how do we go about getting the info?

 

[Joony]

Descartes: tried that, can't find it, links are dead for some of the DL links.

 

[Wallydraigle]

Wow! I learned a lot today. I wonder if it'll be any use?

 

[gopunk]

<< Wow! I learned a lot today. I wonder if it'll be any use? >>



bah 😉

well at least i found a time killer... i thought i was going to be really bored, with all the closed shops

 

[MrCodeDude]

Spoilers.. Let's post the passwords:

Level One
Password: hackerzzz

Level Two
Username: Try2Hack
Password: NokiaIsGood

Level Three
Password:

That's as far as I got.. Can't find anything in the source. Anyone care to help?
-- mrcodedude

 

[gopunk]

is that the javascript prompt one? there's a separate file that has the info in it.

 

[Descartes]

<< sooo.... if we can't decompile it... how do we go about getting the info? >>



Well, you can dissasemble it. That's not the same as decompiling, and it's much much intensive. Some languages can be decompiled (Java, for example, because it compiles to bytecode), others can only be dissassembled (e.g. c, c++). Both are considered forms of "reverse engineering", the latter being the more intensive. When you disassemble, all you're really getting is the assembly instructions for the program, and nothing else. Doing an analysis of a disassembly is usually not something everyone is capable of, and it's a pain. I was actually attempting to disassemble it, but was having difficulty as I don't have any tools that can disassemble an NE (new executable) executable (modern executables on win32 are PE -- portable executable).

If you have Visual Studio installed, you have a tool called "dumpbin." Dumpbin has an argument /disasm that'll let you disassemble any PE file. There are also countless other tools: DataReturn's IDA, WinDasm, dumppe, pe explorer, etc..

[edit]I noticed I change my spelling of disassemble often, sorry 🙂[/edit]

 

[gopunk]

yea i was hoping you wouldn't say that 🙂

disassembly scares me... i have no clue how to read the output.

 

[chasem]

anyone got lvl 5 yet?

im stuck,


anyone know of a vb disassembler?