[HowTo] How To Get around FadeToBlacks 2 Minute Blowfish Key Change

Page 2 of 2 1 2
11/25/2012 15:22 I don't have a username#16
Quote:
Originally Posted by _DreadNought_ View Post
Hmmm .net cannot be reversed in OlyDbg.

So really, get a few damn good protectors for the app/dll and :)

Reflecting is the most appropriate way of reversing any .net application, without that they're in trouble.
You can reflect any .net application luls, obfuscation on the other hand is another talk, but anyone with proper knowledge will have no problems.

The reason why .NET is so easy to reflect is because of all the shit of data kept in the executable for the CIL.
11/25/2012 19:20 diedwarrior#17
Quote:
Originally Posted by AllTheBestThings View Post
I think you should try to do something more creative than what you do. Isnt that waste of time? anyway good job
Being able to log-in any account without the need of a valid password is a waste of time ? I need some of what you smoke bro:bandit:
11/25/2012 19:55 _DreadNought_#18
Quote:
Originally Posted by I don't have a username View Post
You can reflect any .net application luls, obfuscation on the other hand is another talk, but anyone with proper knowledge will have no problems.

The reason why .NET is so easy to reflect is because of all the shit of data kept in the executable for the CIL.
I never said .net cannot be reflected.... but when you use a proper obfuscation such as Themida which noone has cracked(latest version irrc) and without OlyDbg it's going to be a damn job to do.
11/25/2012 21:02 I don't have a username#19
Quote:
Originally Posted by _DreadNought_ View Post
Themida which noone has cracked(latest version irrc)
You can never put such claims, just saying. Not everyone is using that obfuscation nor is everyone attemtping to even give it a try.
11/26/2012 12:07 AllTheBestThings#20
Quote:
Originally Posted by diedwarrior View Post
Being able to log-in any account without the need of a valid password is a waste of time ? I need some of what you smoke bro:bandit:
Cracking stupid games? yes is kind of waste of time, hes smart enough to get some good money out of his knowledge but he wastes his time on useless things to make kids happy
11/26/2012 12:15 Ultimation#21
#bump Finally got round to it, updated code on first post to show there updated algo.
11/26/2012 23:10 _Emme_#22
And once again beaten, lol.

It's way harder to protect than to attack, in my opinion. I think the server is doing a great job, truth be told.

Edit:
To clarify, the one who got beaten was Ultimation. The first way was fixed within a day, and this within a few hours.
11/27/2012 01:05 _DreadNought_#23
Quote:
Originally Posted by EmmeTheCoder View Post
And once again beaten, lol.

It's way harder to protect than to attack, in my opinion. I think the server is doing a great job, truth be told.

Edit:
To clarify, the one who got beaten was Ultimation. The first way was fixed within a day, and this within a few hours.
And I personally timed Ultimation in figuring out the first way and he beat it within 10 minutes.

And they added one line of code to bypass his second anyone who just does "a xor'd by b" is in my utter opinion is a noob, truth be told, that one line is harder to crack than to add so your point is invalid.

Edit:
To clarify, the one who got beaten was not Ultimation.
11/27/2012 01:17 Ultimation#24
you know the funny thing... it still works.. ive just tested it.. so where am i exactly beaten? and what did u exactly change 0.o because everything is still working for me.

Example:

Code:
Response:s = <;94=>=?;=-<95?5>;8>?-<48<494>5;-4;>4?;<<9-<><?>55<59-<4==48<4?9-<5>;<9?<>:-4;>9:>:9?-?=>>5=;:=8-<489<=<;<>-<48>:4=?;8-4<>;=<;8:-<:<9599:55-;;45;<?-?;<;;-<=?-158
Your Xor Decryption
Code:
   string xordecr = s.Cast<char>().Aggregate("", (current, b) => current + (char) (byte)(b ^ 0xD));
Code:
xordecr variable = 1649030260 1482836532 1951949386 963926114 1312388184 1900951924 1836142137 963473742 2033806705 1954101613 1953790265 913601657 1714844788 6698612 26166 102 <85
Next few lines of code

Code:
var data = xordecr.Split(' ');
for (int i = 0; i < 16; i++)
            {
                bfKey += (char)ConvertHexStringToByteArray(int.Parse(data[i]).ToString("X8"))[3];  
            }
Code:
bfkey variable = t4JbXt9Nqm9ytt6f
Seems like its still working for me :)

Note: the only thing i havent checked is that you are using a different page... and this existing readkey page is now obselete. (if u noobs know what that means)

btw, the biggest error u guys made was not using a dynamic xor variable.. i figured it was xor a,b wen i started to see the same numbers all the way through the encrypted string
Page 2 of 2 1 2