XeNTaX Forum Index
Forum MultiEx Commander Tools Tools Home
It is currently Fri Mar 24, 2017 9:01 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 64 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Hacking Zip Passwords (C9)
PostPosted: Fri Aug 21, 2009 5:18 am 
Offline
Moderator
User avatar

Joined: Sun May 18, 2008 3:01 pm
Posts: 2388
Has thanked: 56 times
Have thanks: 1117 times














You can make the ads go away by registering

Here is a simple to follow guide that involves 0 knowledge of debugging to follow.
You will need the following tools.
1. HXD or a hex editor that can open a program in ram.
2.Cheat Engine or another program that can pause a process.
3.The game C9

Step1

Launch the game update program.
Image

Step2

Launch Cheat Engine
Image

Step3

Setup the hot key to pause the process in cheat engine
Image

Step4.

Set the hot key to your choice (I choose 7)
Image

Step5

Click on the Process list button (magnifying glass) in cheat engine until you see our process (Exlauncher.exe)
do not attach to the process yet.

Image

Step6

This is what it will look like if you attach to the process in cheat engine and pause it.

Image

Step7

Log into C9 and after you are logged in attach to the process and pause it hitting the key you assigned to that and it should look like this.

Image

Step8

Take note of the file name and the progress bar when you see the file finish and the text change pause the process so it looks close to this.

Image

Step9

Now that you have the process paused while it is extracting a file open up HXD and choose open ram

Image

Step10

in the process list you will notice a new process that was created while the game was extracting the files(Launcher.exe)
so this must be what handles extracting the files so lets attach to it.

Image

Step11

Now lets do a search for our file

Image

Step12

We end up here take a look and see if anything looks odd.

Image

Step13

Take note of the long string that looks like it could be a password and it keeps repeats 2x in this view

Image

Step14

if I scroll a little further down it is still repeating this seems like we have our number

Image

Step 15

Try our password on the zip file and it works.
I will post some more advanced tutorials if there is a demand for it let me know
Code:
66b4427013838ceb5b275d5ba884b0ed9df353e0dc6220955e008d9d


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Fri Aug 21, 2009 7:35 am 
Offline
Site Admin
User avatar

Joined: Wed Jan 15, 2003 6:45 pm
Posts: 4005
Location: Dungeons of Doom
Has thanked: 407 times
Have thanks: 541 times
This could come in handy for some users. Thanks for posting your method!

_________________
Please like our Facebook page!


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Wed Aug 26, 2009 1:00 pm 
Offline
mega-veteran
mega-veteran
User avatar

Joined: Sun Jan 18, 2009 1:45 pm
Posts: 205
Location: Sagittarius
Has thanked: 196 times
Have thanks: 12 times
I have a question ? please
i considered that usually data in RAM kept in fragmented form !
whether when we open the memory that assigned to a process in hex editor , it defragment it and show us in its integrated form ?
very very thanks Master

_________________
ILLUSORY VIDEO GAMES ARE MORE IMPORTANT THAN PRECIOUS INTERNATIONAL FOOTBALLs


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Sat Mar 06, 2010 2:27 pm 
Offline
beginner

Joined: Sun Nov 29, 2009 10:13 pm
Posts: 23
Has thanked: 0 time
Have thanks: 8 times
Data in ram is normally not fragmented.

For example if you alloc 200 bytes of memory for an password, the whole memory is one block.
But when you again alloc memory it could be directly behind the other block or somewhere totally else, you just dont know.


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Wed Apr 21, 2010 1:33 pm 
Offline
n00b

Joined: Sun Mar 21, 2010 5:41 pm
Posts: 16
Has thanked: 5 times
Have thanks: 0 time
There`s a game that also uses a password-protected ZIP, Metal drift. I tried your method and found some repeating text but it doesn`t work as a password! To be honest there wasn`t actually written "game.zip" inside the launcher.exe but I decided to check it out because of its periodicity


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Wed Apr 21, 2010 2:42 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 625 times
because this method is not universal.
for example in Metal Drift Demo the key is 37493752032567301837 and I used the classical method to find it:
Code:
- signsrch -e MetalDriftDemo.exe
  0042b6f8 2273 function where is handled the ZipCrypto password [32.le.12&]
- launched the game with ollydbg and set breakpoint at offset 0042B6F0 (that is the starting of the function)
- olly breaks and the password is clearly visible

if the game can't be debugged easily you can even place a byte 0xcc at 3 bytes before the offset reported by signsrch, the debugger will popup immediately when the game will crash.

while if the game executable is encrypted you can launch signsrch when the game is running:
signsrch -P MetalDriftDemo.exe
and then attach olly to the process or write a simple writeprocessmemory tool for placing the 0xcc byte in the process

let us know if the key for the full game differs than the onf of the demo.

oh I forgot the link to signsrch:
http://aluigi.org/mytoolz.htm#signsrch


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Wed Apr 21, 2010 6:24 pm 
Offline
n00b

Joined: Sun Mar 21, 2010 5:41 pm
Posts: 16
Has thanked: 5 times
Have thanks: 0 time
Thanks for a quick response, at least one of my problems is solved now. And the key you gave me fits the full version ZIP too.


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Sun Apr 25, 2010 10:29 am 
Offline
ultra-n00b
User avatar

Joined: Mon Dec 01, 2008 8:40 am
Posts: 3
Location: Russia, Krasnoyarsk
Has thanked: 2 times
Have thanks: 0 time
Can someone help me with another ZIP password protected game? It's called Beat Hazard.

I already found this in hge.dll (beforehand unpacked with UPX):
Quote:
000042ac 2273 function where is handled the ZipCrypto password [32.le.12&]

But no idea what is next.


Last edited by Klaster on Sun Apr 25, 2010 11:09 am, edited 2 times in total.

Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Sun Apr 25, 2010 10:50 am 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 625 times
  • be sure to have ollydbg installed and that it's set as "Just-in-time debugger":
    select "Options->Just-in-time debugging"
    click on "Make Ollydbg just-in-time debugger"
  • open hge.dll with a hex editor (make a backup before)
  • go at offset 0x42a9
  • place the byte 0xcc there
  • save the file and start the game
  • windows will show an error dialog, press CANCEL
  • when ollydbg starts watch in the right-down window (aka "stack window")
  • the password should be one of the first text strings visible in that list
keep us updated if everything worked as expected... and naturally let us know the password :)


Last edited by aluigi on Sun Apr 25, 2010 4:17 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Sun Apr 25, 2010 11:52 am 
Offline
ultra-n00b
User avatar

Joined: Mon Dec 01, 2008 8:40 am
Posts: 3
Location: Russia, Krasnoyarsk
Has thanked: 2 times
Have thanks: 0 time
So, the password is lippylippy, lol. aluigi, thanks for help!
Packing whole resources back into ZIP also works fine, see the attachment.


Attachments:


You do not have the required permissions to view the files attached to this post. Register to gain access.



Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Tue Apr 27, 2010 10:49 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 15, 2003 6:45 pm
Posts: 4005
Location: Dungeons of Doom
Has thanked: 407 times
Have thanks: 541 times
Excellent everyone! :)

_________________
Please like our Facebook page!


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Fri May 14, 2010 12:36 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 625 times
example of how to get the password of Metal Drift using only signsrch 0.1.6 (yeah a fresh new release) and partially ollydbg (partially because it's set only as JIT debugger so it has only the "display" purpose, you don't need to "touch" it):
http://aluigi.org/video/zipcrypto_example.avi


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Mon Feb 28, 2011 10:28 pm 
Offline
ultra-veteran
ultra-veteran

Joined: Mon Oct 27, 2008 12:11 am
Posts: 350
Location: Slovakia
Has thanked: 34 times
Have thanks: 89 times
Hey guys,
What to do in this case:
Code:
signsrch -F hge.dll
10009f09 2273 function where is handled the ZipCrypto password [32.le.12&]

- substracted 3 bytes => 10009F06
- open hge.dll in HxD, Ctrl+G, 10009F06, HxD wrote that file doesn't contains that offset (it ends on 0x4BFFFF)

It's from game Akhra The Treasures and I would like to find password for its data.zip

Thanks in advance


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Tue Mar 01, 2011 12:43 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 625 times
10009f09 is the memory address assigned to that instruction in hge.dll when it's loaded by Windows.
if you are lucky you should find the relative file offset at 0x9f09 of the file.
otherwise use an rva2file offset tool like my quickrva:
http://aluigi.org/mytoolz.htm#quickrva


Top
 Profile  
 
 Post subject: Re: Hacking Zip Passwords (C9)
PostPosted: Tue Mar 01, 2011 1:14 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 625 times
the password of the data.zip in "Akhra - The Treasures" is 2yKJ6KhRJKJ/18J5
found in less than one minute :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 64 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group