Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Lazy pressing bot is already cracked
#1
Some guy on the other forum has successfully cracked lazy pressing
But he is not sharing it , so it is possible
I dont know if i can post the link of that forum ,
If its not allowed MOD edit my post than


!!! click here for the link !!!
Reply
#2
(12-16-2014, 08:20 PM)Malosa Wrote:  Some guy on the other forum has successfully cracked lazy pressing
But he is not sharing it , so it is possible
I dont know if i can post the link of that forum ,
If its not allowed MOD edit my post than


!!! click here for the link !!!

I can't see the post

[Image: pdosfq.png]

Could you post a screenshot of it instead?
Reply
#3
I CanĀ“t enter in the post because the site are blocked for my IP, I am Brazilian
Reply
#4
[Image: 16032919771_3ae7322c49_o.png]
Reply
#5
(12-22-2014, 05:40 AM)Envyus Wrote:  Does the above code mean anything to anyone? If so what do we do in order to crack to ourselves?


Ollydbg
Reply
#6
(12-27-2014, 08:33 AM)Envyus Wrote:  That makes zero sense to me...

its assembly
ollydbg is a disassembler, it turns machine code back into assembly (although its not identical to when it was compiled/assembled)
Reply
#7
Reply
#8
this is new for me...can anybody show me how to use ollydbg to crack lazypressing
Reply
#9
(04-21-2015, 07:18 AM)deivymg2 Wrote:  this is new for me...can anybody show me how to use ollydbg to crack lazypressing

Well, I don't think you're supposed to grave-dig threads like that, but nevertheless, I will provide some information for you.

As others have previously mentioned, OllyDbg is a tool that allows you to view and modify an application's assembly as it is executing. The tool allows you to do things like removing/modifying if-statements, skipping function, deleting code, changing values, and more. In my opinion, that's really all you need to know, but I'll give you a little bit more information in case you still do not understand.

Many average developers are not overly knowledgeable when it comes to security. Because of their lack of knowledge about secure programming/development, they will, metaphorically, only put 1 lock on their application. It sounds like this is case with Lazy Pressing.

Consider this example code written in C:
[Image: b4EeGAyh.png]

Most developers would view that as a secure login. It checks with an external server. If the server doesn't reply, the login fails. If the server sends back an unknown message, the login fails. If the server sends back "invalid", the login fails. And the login will only succeed if the server sends back "valid user". So, in theory, this is secure. However, in practice this would be insecure.

A malicious user running OllyDbg could exploit this in several ways. The user could force all conditions to return IS_PREMIUM. The user could skip/delete the condition checks and just return IS_PREMIUM. The user could set userPremiumResp equal to "invalid" so if the server returns "invalid", the application views that as the access granted message. The user also could change "if( strcmp(...) == 0 )" to "if( strcmp(...) != 0 )" to force the application to view a consider anything other than "valid user" as the access granted message. And there are numerous other ways a malicious user could force the application to login.

From what I gather based on this thread, it seems Lazy Pressing has a security error similar to this. So, by using OllyDbg, you can find and exploit the security flaw to allow you access to the bot.

I hope that helps.

Best regards,
Spencer
Reply
 


Forum Jump:


Users browsing this thread: 1 Guest(s)

About The Bytecode Club

We're a community focused on Reverse Engineering, we try to target Java/Android but we also include other langauges/platforms. We pride ourselves in supporting and free and open sourced applications.

Website