[HowTo] How To Get around FadeToBlacks 2 Minute Blowfish Key Change

~~I don't have a username~~ · 11/25/2012, 15:22

Quote:

Originally Posted by _DreadNought_

Hmmm .net cannot be reversed in OlyDbg.

So really, get a few **** good protectors for the app/dll and

Reflecting is the most appropriate way of reversing any .net application, without that they're in trouble.

You can reflect any .net application luls, obfuscation on the other hand is another talk, but anyone with proper knowledge will have no problems.

The reason why .NET is so easy to reflect is because of all the **** of data kept in the executable for the CIL.

diedwarrior · 11/25/2012, 19:20

Quote:

Originally Posted by AllTheBestThings

I think you should try to do something more creative than what you do. Isnt that waste of time? anyway good job

Being able to log-in any account without the need of a valid password is a waste of time ? I need some of what you smoke bro

_DreadNought_ · 11/25/2012, 19:55

Quote:

Originally Posted by I don't have a username

You can reflect any .net application luls, obfuscation on the other hand is another talk, but anyone with proper knowledge will have no problems.

The reason why .NET is so easy to reflect is because of all the **** of data kept in the executable for the CIL.

I never said .net cannot be reflected.... but when you use a proper obfuscation such as Themida which noone has cracked(latest version irrc) and without OlyDbg it's going to be a **** job to do.

~~I don't have a username~~ · 11/25/2012, 21:02

Quote:

Originally Posted by _DreadNought_

Themida which noone has cracked(latest version irrc)

You can never put such claims, just saying. Not everyone is using that obfuscation nor is everyone attemtping to even give it a try.

AllTheBestThings · 11/26/2012, 12:07

Quote:

Originally Posted by diedwarrior

Being able to log-in any account without the need of a valid password is a waste of time ? I need some of what you smoke bro

Cracking stupid games? yes is kind of waste of time, hes smart enough to get some good money out of his knowledge but he wastes his time on useless things to make kids happy

Ultimation · 11/26/2012, 12:15

#bump Finally got round to it, updated code on first post to show there updated algo.

_Emme_ · 11/26/2012, 23:10

And once again beaten, lol.

It's way harder to protect than to attack, in my opinion. I think the server is doing a great job, truth be told.

Edit:
To clarify, the one who got beaten was Ultimation. The first way was fixed within a day, and this within a few hours.

_DreadNought_ · 11/27/2012, 01:05

Quote:

Originally Posted by EmmeTheCoder

And once again beaten, lol.

It's way harder to protect than to attack, in my opinion. I think the server is doing a great job, truth be told.

Edit:
To clarify, the one who got beaten was Ultimation. The first way was fixed within a day, and this within a few hours.

And I personally timed Ultimation in figuring out the first way and he beat it within 10 minutes.

And they added one line of code to bypass his second anyone who just does "a xor'd by b" is in my utter opinion is a noob, truth be told, that one line is harder to crack than to add so your point is invalid.

Edit:
To clarify, the one who got beaten was not Ultimation.

Ultimation · 11/27/2012, 01:17

you know the funny thing... it still works.. ive just tested it.. so where am i exactly beaten? and what did u exactly change 0.o because everything is still working for me.

Example:

Code:

Response:s = <;94=>=?;=-<95?5>;8>?-<48<494>5;-4;>4?;<<9-<><?>55<59-<4==48<4?9-<5>;<9?<>:-4;>9:>:9?-?=>>5=;:=8-<489<=<;<>-<48>:4=?;8-4<>;=<;8:-<:<9599:55-;;45;<?-?;<;;-<=?-158

Your Xor Decryption

Code:

   string xordecr = s.Cast<char>().Aggregate("", (current, b) => current + (char) (byte)(b ^ 0xD));

Code:

xordecr variable = 1649030260 1482836532 1951949386 963926114 1312388184 1900951924 1836142137 963473742 2033806705 1954101613 1953790265 913601657 1714844788 6698612 26166 102 <85

Next few lines of code

Code:

var data = xordecr.Split(' ');
for (int i = 0; i < 16; i++)
            {
                bfKey += (char)ConvertHexStringToByteArray(int.Parse(data[i]).ToString("X8"))[3];  
            }

Code:

bfkey variable = t4JbXt9Nqm9ytt6f

Seems like its still working for me

Note: the only thing i havent checked is that you are using a different page... and this existing readkey page is now obselete. (if u noobs know what that means)

btw, the biggest error u guys made was not using a dynamic xor variable.. i figured it was xor a,b wen i started to see the same numbers all the way through the encrypted string