Results 1 to 4 of 4
  1. #1
    Farah[Aisyah]'s Avatar
    Join Date
    Jan 2013
    Gender
    female
    Location
    <------> ◕‿◕ <------>
    Posts
    679
    Reputation
    98
    Thanks
    11,073
    My Mood
    Angelic

    Post 4D1 Login Bypass ReSearch

     
    char __cdecl sub_1007D270(int a1)
    {
    int j; // [sp+4Ch] [bp-54h]@9
    int v3; // [sp+50h] [bp-50h]@9
    int i; // [sp+54h] [bp-4Ch]@1
    int v5; // [sp+58h] [bp-48h]@4
    const CHAR *v6; // [sp+5Ch] [bp-44h]@8
    int v7; // [sp+60h] [bp-40h]@9
    int v8; // [sp+64h] [bp-3Ch]@9
    int v9; // [sp+98h] [bp-8h]@1
    char v10; // [sp+9Fh] [bp-1h]@1

    v10 = 0;
    sub_10059809(&unk_10F02F78, a1, 16384);
    v9 = 0;
    for ( i = sub_10058AC6(&unk_10F02F78, L"#"); i && v9 < 16; i = sub_10058AC6(0, L"#") )
    *(&v5 + v9++) = i;
    if ( *(_BYTE *)v5 == 111 ) //this is our shiet.
    v10 = 1;
    if ( v10 )
    {
    dword_10F071A0 = sub_10057BD0(v7);
    sub_10058B25(&unk_10F06F78);
    sub_10059809(&unk_10F070A0, v8, 256);
    sub_10059809(byte_10F06FA0, &unk_10F070A0, 256);
    v3 = sub_10058A85(byte_10F06FA0);
    for ( j = 0; j < v3; ++j )
    byte_10F06FA0[j] ^= 0xD3u;
    }
    else
    {
    sub_10059C96(v6);
    }
    return v10;
    }


    This is 'O' Token.

     
    if ( *(_BYTE *)v5 == 111 )


     
    Sig : \xC6\x45\xFF\x01\x0F\xB6\x45\xFF xxxxxxxx


    Module name : iw5m.dll
    Now, if we NOP that Check.. We can login with any userName/Password..
    (Haven't tried.. yet..)
    Assembly :

     
    .text:1007D270 push ebp
    .text:1007D271 mov ebp, esp
    .text:1007D273 sub esp, 94h
    .text:1007D279 push ebx
    .text:1007D27A push esi
    .text:1007D27B push edi
    .text:1007D27C mov [ebp+var_1], 0
    .text:1007D280 push 4000h
    .text:1007D285 mov eax, [ebp+arg_0]
    .text:1007D288 push eax
    .text:1007D289 push offset unk_10F02F78
    .text:1007D28E call sub_10059809
    .text:1007D293 add esp, 0Ch
    .text:1007D296 mov [ebp+var_8], 0
    .text:1007D29D push offset asc_1010D328 ; "#"
    .text:1007D2A2 push offset unk_10F02F78
    .text:1007D2A7 call sub_10058AC6
    .text:1007D2AC add esp, 8
    .text:1007D2AF mov [ebp+var_4C], eax
    .text:1007D2B2
    .text:1007D2B2 loc_1007D2B2: ; CODE XREF: sub_1007D270+73j
    .text:1007D2B2 cmp [ebp+var_4C], 0
    .text:1007D2B6 jz short loc_1007D2E5
    .text:1007D2B8 cmp [ebp+var_8], 10h
    .text:1007D2BC jge short loc_1007D2E5
    .text:1007D2BE mov eax, [ebp+var_8]
    .text:1007D2C1 mov ecx, [ebp+var_4C]
    .text:1007D2C4 mov [ebp+eax*4+var_48], ecx
    .text:1007D2C8 mov edx, [ebp+var_8]
    .text:1007D2CB add edx, 1
    .text:1007D2CE mov [ebp+var_8], edx
    .text:1007D2D1 push offset asc_1010D328 ; "#"
    .text:1007D2D6 push 0
    .text:1007D2D8 call sub_10058AC6
    .text:1007D2DD add esp, 8
    .text:1007D2E0 mov [ebp+var_4C], eax
    .text:1007D2E3 jmp short loc_1007D2B2
    .text:1007D2E5 ; ---------------------------------------------------------------------------
    .text:1007D2E5
    .text:1007D2E5 loc_1007D2E5: ; CODE XREF: sub_1007D270+46j
    .text:1007D2E5 ; sub_1007D270+4Cj
    .text:1007D2E5 mov eax, [ebp+var_48]
    .text:1007D2E8 movsx ecx, byte ptr [eax]
    .text:1007D2EB cmp ecx, 6Fh
    .text:1007D2EE jnz short loc_1007D2F4
    .text:1007D2F0 mov [ebp+var_1], 1
    .text:1007D2F4
    .text:1007D2F4 loc_1007D2F4: ; CODE XREF: sub_1007D270+7Ej
    .text:1007D2F4 movzx eax, [ebp+var_1]
    .text:1007D2F8 test eax, eax
    .text:1007D2FA jnz short loc_1007D30D
    .text:1007D2FC mov eax, [ebp+var_44]
    .text:1007D2FF push eax
    .text:1007D300 call sub_10059C96
    .text:1007D305 add esp, 4
    .text:1007D308 jmp loc_1007D3A1
    .text:1007D30D ; ---------------------------------------------------------------------------
    .text:1007D30D
    .text:1007D30D loc_1007D30D: ; CODE XREF: sub_1007D270+8Aj
    .text:1007D30D mov eax, [ebp+var_40]
    .text:1007D310 push eax
    .text:1007D311 call sub_10057BD0
    .text:1007D316 add esp, 4
    .text:1007D319 mov dword_10F071A0, eax
    .text:1007D31E mov eax, [ebp+var_34]
    .text:1007D321 push eax
    .text:1007D322 push offset unk_10F06F78
    .text:1007D327 call sub_10058B25
    .text:1007D32C add esp, 8
    .text:1007D32F push 100h
    .text:1007D334 mov eax, [ebp+var_3C]
    .text:1007D337 push eax
    .text:1007D338 push offset unk_10F070A0
    .text:1007D33D call sub_10059809
    .text:1007D342 add esp, 0Ch
    .text:1007D345 push 100h
    .text:1007D34A push offset unk_10F070A0
    .text:1007D34F push offset byte_10F06FA0
    .text:1007D354 call sub_10059809
    .text:1007D359 add esp, 0Ch
    .text:1007D35C push offset byte_10F06FA0
    .text:1007D361 call sub_10058A85
    .text:1007D366 add esp, 4
    .text:1007D369 mov [ebp+var_50], eax
    .text:1007D36C mov [ebp+var_54], 0
    .text:1007D373 jmp short loc_1007D37E
    .text:1007D375 ; ---------------------------------------------------------------------------
    .text:1007D375
    .text:1007D375 loc_1007D375: ; CODE XREF: sub_1007D270+12Fj
    .text:1007D375 mov eax, [ebp+var_54]
    .text:1007D378 add eax, 1
    .text:1007D37B mov [ebp+var_54], eax
    .text:1007D37E
    .text:1007D37E loc_1007D37E: ; CODE XREF: sub_1007D270+103j
    .text:1007D37E mov eax, [ebp+var_54]
    .text:1007D381 cmp eax, [ebp+var_50]
    .text:1007D384 jge short loc_1007D3A1
    .text:1007D386 mov eax, [ebp+var_54]
    .text:1007D389 movsx ecx, byte_10F06FA0[eax]
    .text:1007D390 xor ecx, 0D3h
    .text:1007D396 mov edx, [ebp+var_54]
    .text:1007D399 mov byte_10F06FA0[edx], cl
    .text:1007D39F jmp short loc_1007D375
    .text:1007D3A1 ; ---------------------------------------------------------------------------
    .text:1007D3A1
    .text:1007D3A1 loc_1007D3A1: ; CODE XREF: sub_1007D270+98j
    .text:1007D3A1 ; sub_1007D270+114j
    .text:1007D3A1 mov al, [ebp+var_1]
    .text:1007D3A4 pop edi
    .text:1007D3A5 pop esi
    .text:1007D3A6 pop ebx
    .text:1007D3A7 mov esp, ebp
    .text:1007D3A9 pop ebp
    .text:1007D3AA retn
    .text:1007D3AA sub_1007D270 endp


    NOP Them

     
    .text:1007D2EB cmp ecx, 6Fh
    .text:1007D2EE jnz short loc_1007D2F4


    credit: @mwxplayer
    Last edited by Farah[Aisyah]; 02-17-2013 at 02:41 AM.

  2. #2
    mwxplayer's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    hax
    Posts
    584
    Reputation
    10
    Thanks
    2,677
    My Mood
    Doh
    lol.
    lame LEECHER
    this was posted by me on UC.
    atleast give credits.

  3. #3
    Threadstarter
    Life is wasted on the living ◕‿◕
    MPGH Member
    Farah[Aisyah]'s Avatar
    Join Date
    Jan 2013
    Gender
    female
    Location
    <------> ◕‿◕ <------>
    Posts
    679
    Reputation
    98
    Thanks
    11,073
    My Mood
    Angelic
    Quote Originally Posted by mwxplayer View Post
    lol.
    lame LEECHER
    this was posted by me on UC.
    atleast give credits.
    ok sir ,

  4. #4
    mwxplayer's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    hax
    Posts
    584
    Reputation
    10
    Thanks
    2,677
    My Mood
    Doh
    Quote Originally Posted by Farah[Aisyah] View Post
    ok sir ,
    .__________.
    I still don't see Credits

Similar Threads

  1. Edexcel login bypass?
    By sabik13 in forum General Hacking
    Replies: 1
    Last Post: 02-26-2015, 09:08 AM
  2. [Release] AlterOps Login Bypass
    By fatjoe2015 in forum Call of Duty 7 - Black Ops Hacks & Cheats
    Replies: 3
    Last Post: 09-08-2011, 07:57 AM
  3. [Release] alterOps Login Bypass
    By House in forum Call of Duty Black Ops Discussions
    Replies: 81
    Last Post: 08-29-2011, 06:58 PM
  4. Login ByPass??
    By demolish145 in forum Starcraft 2 Hacks
    Replies: 1
    Last Post: 08-05-2010, 08:13 AM
  5. Replies: 9
    Last Post: 11-09-2009, 06:40 AM