Hacking challenge!
-migrated-
|
Additional Info
|
Hello again :mrgreen:
I need help hacking a swf. The swf has an Input where you need to put the correct password. To check if its the right password, click GO, if the text is red, it is wrong answer, if its green its correct! Link: https://dl.dropbox.com/u/9934067/Protection/Final.swf Tip: The password string is not encrypted! The swf is like a wrapper that will protect the real swf (containing everything, the code itself that also is not encrypted). Good luck (broken image removed) |
|
Additional Info
|
Can you actually prove that there is a right password? (broken image removed) (a screenshot is no proof, as you can edit the .swf and make a screenshot of the edited one)
This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
hakunamatata
|
|
Additional Info
|
Quote from: "Derek" hakunamatataHahaha, you owned him! (broken image removed) This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
damn. came back to get started, and its already solved. no fun!
|
|
Additional Info
|
Quote from: "Derek" hakunamatata You found it :oops: , protecting a swf is too hard, how did you find the password? (broken image removed) |
|
Additional Info
|
Quote from: "brunoja" You found it :oops: , protecting a swf is too hard, how did you find the password? (broken image removed) It is in plaintext - I don't see this as much of a challenge Code: [Select] private function click(event:Event) : voidAccept any password 2c 24 14 12 00 00 2c 24 14 00 00 00 This post was imported from an account that no longer exists! Previous Name: Anonymous |
|
Additional Info
|
I wonder is this will become something for our resident hacking masters to torment each other with... almost a tutorial in itself.
|
|
Additional Info
|
Quote from: "praetor"
I mean, how did you get the inside swf, I used a loader that will load the real swf :p is it too easy to get the inside swf? What tool did you used? |
|
Additional Info
|
There are several tools that will scan a process for swfs that are loaded in memory. SWF Reader, pmdump & swfmdump just to name a few.
This post was imported from an account that no longer exists! Previous Name: Anonymous |
|
Additional Info
|
Quote from: "brunoja" I mean, how did you get the inside swf, I used a loader that will load the real swf :p is it too easy to get the inside swf? What tool did you used?I used .swf dump right now and it worked fine. [attachment=0:1fd57rrf]Final.zip[/attachment:1fd57rrf] This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
Oh, I didnt know about that tool :oops: It seems that protecting the swf without messing up with the code (the bytecode obfuscations, bigger swfs and slower apps) is impossible :|, and that will only slow the hacking, wont stop it..
You can trick those decompilers like sothink, trillix, etc, but they could not find a way to protect from swf-reader, you will always read the bytecodes :shock:, anyone saw a swf that you could not hack? EDIT---- Using DoSwf, the swfmdump crashed, I will check that :mrgreen: |
|
Additional Info
|
Quote from: "brunoja" Using DoSwf, the swfmdump crashed, I check that :mrgreen:There is no full version of the latest or any recent DoSWF version in the Internet, so you will always have their ugly logo on the .swf and not as much features as with the full one, just saying. Anyway, you can always look at the bytecode, for example just by opening the .swf with HxD Hex Editor. I can't think of a way to prevent someone from doing that. (broken image removed) This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
Quote from: "phreneticus"
But I think they sell the product: http://www.doswf.com/?page_id=332&appID=776 They dont remove the watermark on the full one? :shock: |
|
Additional Info
|
Quote from: "brunoja" But I think they sell the product: http://www.doswf.com/?page_id=332&appID=776You want to spend 80$ for something that won't make your game hacking proof? Well, anyway, of course you can remove the watermark on the full one. This post was imported from an account that no longer exists! Previous Name: phreneticus |