|
Tutorial Cracking : Password Recovery for MSN v1.08.01.09
|
Target :
Password Recovery for MSN v1.08.01.09
Tool :
OllyDebug Defixed
Exe Info PE
MSN Messenger Password Recovery is the MSN password finder that instantly cracks and decrypts the MSN Passwords and Windows Messenger passwords stored on your computer.
Buka programnya terus register.
"Invalid Registration Code" point pertama
Coba untuk recovery password MSN.
"To see your password, you need to register this program. Click the "Register Now" button to see how you can register" point kedua.
Untuk memastikan proteksi softwarenya, langsung cek dengan Exe Info PE.
"Microsoft Visual C++ 9.0 - Visual Studio 2008"
Buka file Password Recovery for MSN.exe dengan OllyDebug DeFixeD.
Langsung cari "Referenced Text Strings"
Masukkan kata "password" yang ada dipoint kedua.
Jangan lupa hilangkan tanda di case sensitive dan tandai entire scope.
kita berada dialamat
004012D5 PUSH 0042B380 ASCII "ps:password"
Klik dua kali dialamat diatas
004012BC 0F85 7F010000 JNZ 00401441
004012C2 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
004012C6 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
004012CA 51 PUSH ECX ; pBufSize
004012CB 8D9424 D40300 LEA EDX,DWORD PTR SS:[ESP+3D4] ;
004012D2 52 PUSH EDX ; Buffer
004012D3 53 PUSH EBX ; pValueType
004012D4 53 PUSH EBX ; Reserved
004012D5 68 80B34200 PUSH 0042B380 ; ValueName = "ps:password"
Dialamat "004012BC" kode "JNZ" ganti dengan "NOP"
Cari lagi di "Referenced Text Strings"
004013D1 PUSH 0042B3A0 ASCII "Password: "
Klik dua kali dialamat diatas
004013CF 74 11 JE SHORT 004013E2
004013D1 68 A0B34200 PUSH 0042B3A0 ; ASCII "Password: "
004013D6 E8 E50A0000 CALL 00401EC0
004013DB 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+58]
004013DF 51 PUSH ECX
004013E0 EB 3B JMP SHORT 0040141D
Dialamat "004013CF" kode "JE" ganti dengan "NOP"
Cari lagi di "Referenced Text Strings"
00401888 PUSH 0042B3A0 ASCII "Password: "
Klik dua kali dialamat diatas
00401886 74 11 JE SHORT 00401899
00401888 68 A0B34200 PUSH 0042B3A0 ; ASCII "Password: "
0040188D E8 2E060000 CALL 00401EC0
00401892 8D4424 58 LEA EAX,DWORD PTR SS:[ESP+58]
00401896 50 PUSH EAX
00401897 EB 41 JMP SHORT 004018DA
Dialamat "00401886" kode "JE" ganti dengan "NOP"
Cari lagi di "Referenced Text Strings"
00401DD2 PUSH 0042B3A0 ASCII "Password: "
Klik dua kali dialamat diatas
00401DCE 74 24 JE SHORT 00401DF4
00401DD0 6A 0A PUSH 0A
00401DD2 68 A0B34200 PUSH 0042B3A0 ; ASCII "Password: "
Dialamat "00401DCE" kode "JE" ganti dengan "NOP"
Cari lagi di "Referenced Text Strings"
00403ACA PUSH 0042B8C0 ASCII "To see your password, you need to register this program. Click the ""Register Now"" button to see how you can register."
Klik dua kali dialamat diatas
00403AB9 75 1E JNZ SHORT 00403AD9
00403ABB 68 CCB34200 PUSH 0042B3CC ; ASCII CR,LF,CR,LF
00403AC0 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14]
00403AC4 50 PUSH EAX
00403AC5 E8 16010000 CALL 00403BE0
00403ACA 68 C0B84200 PUSH 0042B8C0 ; ASCII "To see your password, you need to register this program. Click the ""Register Now"" button to see how you can register."
Dialamat "00403AB9" kode "JNZ" ganti dengan "JMP"
Simpan semua perubahan diatas.
Jalankan Password Recovery for MSNnya.
Gak perlu register, abaikan saja.
Klik "Recover Password"
Nah... tuh password kamu udah kelihatan dengan jelas.
27/07/09
|