Lab-Project 10: Hacking Minesweeper

What You Need for This Project

● A virtual machine with Windows 10.

Purpose

1. Practicing how to use Ollydbg debugger, Procdump, and Python.

Installing Python

2. In a web browser, go to link and download Python 2.7.18.

3. Install Python with the default options.
4. Add Python to the environment variables.

Getting Ollydbg

5. In a web browser, go to link and download Ollydbg 1.10.

6. Unzip the file.

Getting Minesweeper

7. If you do not have Minesweeper from another project already, go to link.

8. A zip file will be downloaded. Navigate to the location of the downloaded
file and unzip it.

Viewing the Game in OllyDbg

9. Run OLLYDBG.EXE you unzipped in step 6 as Administrator. Some pop-

ups will show up. Select Yes to proceed.
10. Click File, Open. Navigate to and open minesam.exe you unzipped in step
8.
11. Click View, Memory. Right-click the line minesam.data and select Dump.
12. In the Dump window, scroll down to show memory near line 01005340.
This area only contains zeros.
13. Click View, CPU. Then click Debug, Run. A Minesweeper window
appears in the background. Select it to display the window.
Viewing the stored gameboard

14. Select Window, Dump. Notice that the memory near line 01005340 now
contains data.

15. Click a cell in Minesweeper. Look at the Dump again. There should be
changes in comparison to the one from before.
 16. If we can read the RAM, we can cheat the game.

Getting Procdump

17. In a web browser, go to link and download Procdump.

18. Unzip the downloaded file.

Capturing the process memory

19. Close Minesweeper. Close Ollydbg.

20. Run minesam.exe.
21. Open Command Prompt. Navigate to the folder you extracted Procdump.
Execute the following command:
procdump -ma minesam.exe mine
22. A Procdump License Agreement window pops up. Select Agree.
23. A dump was created as shown below.

Viewing the memory with HxD

24. If you do not have HxD already installed, go to link to download and install
it.
25. Open HxD. Select File, Open. Navigate to the location you saved the dump
from step 23. Open mine.dmp.
26. In HxD, select Search, Find. Switch to the Hex-values tab. Search for the
following hex values:
0a 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00 10 10 10 10
27. After this sequence, we can find the gameboard data.
Creating a Python script for Beginner level

28. In Command Prompt, execute the following commands, replacing

FILEPATH with any location you would like to store your cheat script:
cd FILEPATH
notepad cheat_yourname.py
(with your real name). A prompt will appear in Notepad, asking to create
the new file. Select Yes.
29. Paste in this code:

import os

# Dump memory
cmd = "del mine.dmp"
os.system(cmd)
cmd = "procdump -ma minesam.exe mine"
os.system(cmd)
# Find gameboard

mark ='\x0A\x00\x00\x00\x09\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\
x00\x10\x10\x10\x10'

nread = 20
boardfound = 0
gameboard = []

with open("mine.dmp", "rb") as f:

line = f.read(20)

while (boardfound == 0):

c = f.read(1)
if c == "":
print "File ended, but gameboard not found!"
exit()
line = line[1:] + c
nread += 1
if nread % 0x100000 == 0:
print "Looking at byte", hex(nread), nread
if line == mark:
print "Gameboard found at ", hex(nread)
boardfound = 1
for i in range(4):
gameboard.append('\x10')
for i in range(500):
gameboard.append(f.read(1))

# Print Gameboard

l = len(gameboard)
m = 32 # items per line

for i in range(0, l-m, m):

line = ""
for j in range(m):
g = gameboard[i+j]
# print i, j, ord(g)
 if g == '\x10':
c = "-"
elif g == '\x0f':
c=""
elif g == '\x8f':
c = "*"
elif g == '\x00':
c=""
else:
c = chr( ord(g) - 16 )
line += c
print line

30. Save cheat_yourname.py.

31. In Command Prompt, execute the following command:
python cheat_yourname.py
32. You might have to disable python.exe in Settings > Manage App
Execution Aliases in order to execute step 31.
33. You will now be able to see where the mines are and complete the level
with ease.
 34.When you win the game, a secret word will appear, which is covered by a
green box in the image below

Saving a screen image

35. Make sure the secret word is visible.

36. Save the image with the filename Lab-Proj10a-YOURNAME.png. Use your
real name, not the literal text YOURNAME.

Bonus:

Creating a Python script for Intermediate level

37.Write a script to beat the Intermediate level.

Saving a screen image

38. Make sure the secret word is visible.

39. Save the image with the filename Lab-Proj10b-YOURNAME.png. Use your
real name, not the literal text YOURNAME.
Creating a Python script for Expert level

40. Write a script to beat the Expert level.

Saving a screen image

41. Make sure the secret word is visible.

42. Save the image with the filename Lab-Proj10c-YOURNAME.png. Use your
real name, not the literal text YOURNAME.

Turning in your Project

43. Submit the images you save in the steps Saving a Screen Image
to: cms with a subject line of Lab-Proj10-YOURNAME, replacing
YOURNAME with your real name.