In the other thread
we have seen the easiest method to get the password from the ZIP archives used by various games.
The following method instead is a bit more advanced and can be used not only for the ZIP archives, but also for other types of passwords like those used for encryptions like AES and blowfish.
Like all my tutorials, I will try to make everything as easy as I can.
or Windbg or any other debuggerhttp://ollydbg.de/http://www.microsoft.com/click/services ... =300135395
Optional tools:QuickBMS http://quickbms.aluigi.org
The example game for this tutorial is Mini Robot Wars:http://www.bigfishgames.com/download-ga ... index.html
First step - check the files in the folder of the game and start it.
Start signsrch on the process of the game, in this case mrw.exe but you can specify also the PID in case of conflicts.
If the game runs on two processes, you must specify the PID of the second one.
Output of signsrch:
Attach a debugger to the game, the following example is Windbg.
Windbg is faster than ollydbg and more compatible with "some" games, but it's not easy to use like ollydbg and other visual debuggers.
Now it's necessary to put a breakpoint or finding another way to interrupt the debugger when the zipcrypto function is called.
The simplest way obviously is going with the debugger at the beginning of the instruction pointed by the offset visualized by signsrch.
But if you want something more easy you can use the following script for quickbms:
math quickbms_arg1 -= 3
for i = 0 < 5
put 0xcc byte
With the following command:
quickbms -p -a 0x40426e int3.bms process://mrw.exe
The following is an example of that command with Ollydbg in the background:
Now play the game and wait the debugger.
It's quite easy and doesn't need a big knowledge of debugging, moreover if you use ollydbg in which you must do absolutely nothing.
I don't know if exist easiest ways to explain this, but if you know... tell me