thornerat April 04,2017 Video quality on this tutorial definitely went down...it was hard to see and the presenter seemed less prepared/extremely bored this time. I wish he went into more detail about each line of code and what the changes that he made really meant re: the flow of code and what the program was reading. Seemed pretty similar to his previous videos - I would like him to show the other capabilities of Ollydbg instead of just demonstrating how he can manipulate the program to show the valid username and passwords.
Again, very powerful tool and demonstrates the importance of secure coding.
msharma6at April 26,2017 This video is pretty similar to the one of his earlier videos which showed how to find the real password. In this video, however, he shows to find the real password with the username. Overall it was a dry video.
echukalovat April 27,2017 The video quality on this tutorial makes it hard to see and follow. This was similar to the previous videos and used the same technique to get the password. It is generally considered bad coding practice to have usernames and passwords that are hardcoded in the executable, especially if they are unencrypted.
BSharmaat May 03,2017 This is a continuation of the other ollydbg videos. The speaker has learned how to find specific functions (conditional function, error messages, success messages) in the code to determine where to look for the real password. However, good software development practice says to never encode password and usernames in to code just for this reason.
student0at May 08,2017 It’s really surprising to me that OllyDBG’s program can identify passwords in cleartext. I thought that is was common practice to store and compare passwords either in a hashed or encrypted format. The same concept applies to the username. However, that the SOSX crackme 3 only has one username and password leads me to believe, again, that the SOSX crackeme 3 application is an easier program to crack than one would typically find today for sale by major commercial software vendors. However, there is immense value in OllyDBG’s program to locate username and passwords even if they are hashed or encrypted. The hash of a weak or common password is most likely stored in a rainbow table and can be located with a tailored search.