Hacking challenge!
-migrated-
Hacking challenge! Posted on: 11/12/2010 4:33pm
Quote Post
Hello again  :mrgreen:

I need help hacking a swf. The swf has an Input where you need to put the correct password. To check if its the right password, click GO, if the text is red, it is wrong answer, if its green its correct!

Link: https://dl.dropbox.com/u/9934067/Protection/Final.swf

Tip: The password string is not encrypted! The swf is like a wrapper that will protect the real swf (containing everything, the code itself that also is not encrypted).

Good luck (broken image removed)
Re: Hacking challenge! Posted on: 11/12/2010 4:43pm
Quote Post
System Bot
Can you actually prove that there is a right password? (broken image removed) (a screenshot is no proof, as you can edit the .swf and make a screenshot of the edited one)

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Hacking challenge! Posted on: 11/12/2010 5:34pm
Quote Post
hakunamatata
Re: Hacking challenge! Posted on: 11/12/2010 5:41pm
Quote Post
System Bot
Quote from: "Derek"
hakunamatata
Hahaha, you owned him! (broken image removed)

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Hacking challenge! Posted on: 11/12/2010 5:53pm
Quote Post
damn. came back to get started, and its already solved. no fun!
Re: Hacking challenge! Posted on: 11/12/2010 6:19pm
Quote Post
Quote from: "Derek"
hakunamatata

You found it  :oops: , protecting a swf is too hard, how did you find the password?  (broken image removed)
Re: Hacking challenge! Posted on: 11/13/2010 12:31am
Quote Post
System Bot
Quote from: "brunoja"
You found it  :oops: , protecting a swf is too hard, how did you find the password?  (broken image removed)

It is in plaintext - I don't see this as much of a challenge

Code: [Select]
       private function click(event:Event) : void
        {
            if (this.inp.text == "hakunamatata")
            {
                this.txt.text = "YOU GOT IT!!";
                this.txt.textColor = 65280;
            }
            else
            {
                this.txt.text = "NOT GOOD!!";
                this.txt.textColor = 16711680;
            }
            return;
        }

Accept any password
2c 24 14 12 00 00
2c 24 14 00 00 00

This post was imported from an account that no longer exists!
Previous Name: Anonymous
Re: Hacking challenge! Posted on: 11/13/2010 1:01am
Quote Post
I wonder is this will become something for our resident hacking masters to torment each other with... almost a tutorial in itself.
Re: Hacking challenge! Posted on: 11/13/2010 2:03am
Quote Post
Quote from: "praetor"
Quote from: "brunoja"
You found it  :oops: , protecting a swf is too hard, how did you find the password?  (broken image removed)

It is in plaintext - I don't see this as much of a challenge

Code: [Select]
       private function click(event:Event) : void
        {
            if (this.inp.text == "hakunamatata")
            {
                this.txt.text = "YOU GOT IT!!";
                this.txt.textColor = 65280;
            }
            else
            {
                this.txt.text = "NOT GOOD!!";
                this.txt.textColor = 16711680;
            }
            return;
        }

Accept any password
2c 24 14 12 00 00
2c 24 14 00 00 00

I mean, how did you get the inside swf, I used a loader that will load the real swf :p is it too easy to get the inside swf? What tool did you used?
Re: Hacking challenge! Posted on: 11/13/2010 3:46am
Quote Post
System Bot
There are several tools that will scan a process for swfs that are loaded in memory.  SWF Reader, pmdump & swfmdump just to name a few.

This post was imported from an account that no longer exists!
Previous Name: Anonymous
Re: Hacking challenge! Posted on: 11/13/2010 11:40am
Quote Post
System Bot
Quote from: "brunoja"
I mean, how did you get the inside swf, I used a loader that will load the real swf :p is it too easy to get the inside swf? What tool did you used?
I used .swf dump right now and it worked fine.

[attachment=0:1fd57rrf]Final.zip[/attachment:1fd57rrf]

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Hacking challenge! Posted on: 11/13/2010 12:11pm
Quote Post
Oh, I didnt know about that tool  :oops:  It seems that protecting the swf without messing up with the code (the bytecode obfuscations, bigger swfs and slower apps) is impossible  :|, and that will only slow the hacking, wont stop it..

You can trick those decompilers like sothink, trillix, etc, but they could not find a way to protect from swf-reader, you will always read the bytecodes :shock:, anyone saw a swf that you could not hack?

EDIT----

Using DoSwf, the swfmdump crashed, I will check that  :mrgreen:
Re: Hacking challenge! Posted on: 11/13/2010 12:33pm
Quote Post
System Bot
Quote from: "brunoja"
Using DoSwf, the swfmdump crashed, I check that  :mrgreen:
There is no full version of the latest or any recent DoSWF version in the Internet, so you will always have their ugly logo on the .swf and not as much features as with the full one, just saying. Anyway, you can always look at the bytecode, for example just by opening the .swf with HxD Hex Editor. I can't think of a way to prevent someone from doing that. (broken image removed)

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Hacking challenge! Posted on: 11/13/2010 1:29pm
Quote Post
Quote from: "phreneticus"
Quote from: "brunoja"
Using DoSwf, the swfmdump crashed, I check that  :mrgreen:
There is no full version of the latest or any recent DoSWF version in the Internet, so you will always have their ugly logo on the .swf and not as much features as with the full one, just saying. Anyway, you can always look at the bytecode, for example just by opening the .swf with HxD Hex Editor. I can't think of a way to prevent someone from doing that. (broken image removed)

But I think they sell the product: http://www.doswf.com/?page_id=332&appID=776

They dont remove the watermark on the full one?  :shock:
Re: Hacking challenge! Posted on: 11/13/2010 1:34pm
Quote Post
System Bot
Quote from: "brunoja"
But I think they sell the product: http://www.doswf.com/?page_id=332&appID=776

They dont remove the watermark on the full one?  :shock:
You want to spend 80$ for something that won't make your game hacking proof? Well, anyway, of course you can remove the watermark on the full one.

This post was imported from an account that no longer exists!
Previous Name: phreneticus