 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
#1
06-12-2012, 05:32 PM
|
|||
|
|||
retrieve xceed zip decryptor password from a program
I have app which is packed using boxed app
http://ifile.it/ik5ag6o/boxedapp.rar I have it unpacked and extracted dependencies. The program is written in .net and obfuscated using crypto obfuscator so I cleaned the code and here it is http://ifile.it/qzl9j3u/crypto%20obfuscator.rar The program has folder called db which has many .dat files. These dat files are zip files but we need to change "mc" to "PK" using hex editor and rename file as *.zip. The zip files contain xml files which i want to extracted however they are encrypted. I launched the app using .net tracer and set BP on reading dat file by changing one of the dat files in the db folder. It seems that it checks for some password to decrypt the zip files Here is the reflector image http://postimage.org/image/lyd6ts181/full/ I hope some one help me finding the pass to dat files 
|
|
#2
06-13-2012, 02:03 PM
|
|||
|
|||
|
You've made some progress since last post, congratulations!
 You should look into GClass32.smethod_9() - it gets password in one of parameters and then modifies it a bit. Figure out the the modification algorithm. Then look at the methods which call GClass32.smethod_9() and see what password they use, and where it comes from. I started at GClass30.method_8(), and traced it all the way to GClass32.smethod_9(). It shouldn't take more than an hour to figure how it works.  In case you get stuck, here's a hint: Cnffjbeq sbe "gbp.qng" vf "gbpGBP"
|
|
#3
06-19-2012, 01:33 PM
|
|||
|
|||
|
Thanks Kao ....
Actually, I tried a shortcut method (didn't bother the algo though)... I created exception in Dile by inserting a file with wrong pass and checked arguments as it breaks on error while decryption. The arguments have the correct pass
|
Hybrid Mode
