I would like to run a small amount of newbie Reverse Engineering classes if its ok with all of you, first lesson, the easy jne patch and a newbie reverser problem.... it should not be too hard do it and have fun, another one will be comming soon...

Rage9's Crackme #1

http://www16.brinkster.com/realcool23/download/rcrackme1.zip

-brad

Hi Rage9,

Sounds good. I modified your link slightly because it wasn't working as written.

Regards,
Kayaker

Hi Rage9,

Ah good thing
I also had that kind of idea some time back, i had the idea to make some CrackMe's from very easy to a little bit harder (Offcourse not Impossible )
So i think it's a nice thing for people to learn let's say "Some Basic Techniques"

Cya...

CoDe_InSiDe

Hi everyone,

Well, i just want to say that i resolved the 2 things that could be accomplished (Patching and reversing).
I'm not going to tell the solution (yet ) because i want that other people have a look at it

Cya...

CoDe_InSiDe

Hiya all.

Rage9, i'm maybe (*probably*) missing a thing, but isn't there a kind of "gap" between the two tasks ?
I mean, patching the exe was done in 20 seconds, but I'm damn unable to complete the "reverse" part (actually, i wrote the code, but I don't know how to place some strings in the proggy to call 'em for the mbox)
Anyway, I think i'll have a play with BRW on this ...

Regards,
Aleph

Dont worry too much about the reversing part, if you cant do it you cant, its acutally quite complicated at first. It requires a good knowledge of writing pure assembly code and knowing what it does, im sure if i dont write the essay someone else will....

-Rage9

[QUOTE]Rage9 (06-04-2001 19:29):
I would like to run a small amount of newbie Reverse Engineering classes if its ok with all of you, first lesson, the easy jne patch and a newbie reverser problem.... it should not be too hard do it and have fun, another one will be comming soon..
well im the ultimate newbie cause i need help i went in with not pad and started changing the way it was writen like say two things were the same even when the wern't well all this did is make the program not run it had a problem with not enough conventional memory what am i doing wrong do i need to start my schooling at an even lower level than this please help cause im not computer illiterate

Hello all !The idea is very good Rage9 ! I think that you couldnt do it more simple then already iS!To put Msg box inside isnt hard !SO Aleph if you have problems with it you should read more that will help!ANd Rage) about cracking i think you should do it more hard because i saw here more difficult project the this NAg !SO i think even if ppl should learn it better to make it a little harder not to hard because if it harder to do it harder to forget!


NeO'X'QuiCk

boop keep this a blank next message contains everything....

NeO'X'QuiCk: I understand your point but as you can see our freinds netjunki and Aleph can not do one part or all of that, hell everyone starts off like that, what did u just become a half decent reverse engineer over night? no at least not for me, it took long hours of reading through books on assembly language and mounts of reverse engineering tutorials to get this far and i think its important to help others who dont know how, beleive me it will get LOTS harder as the class goes on but you cant do the other advance stuff without know the basics, how many of us can say we learned to ride a bike without riding w/ training wheels? I dont know anyone who can say that.

netjunki : goto http://protools.cjb.net and click on 'Decompilers' and download 'W32DASM'

then click on 'Utilities' scroll down to 'Binary file editors' and download 'Hiew'

then go over to http://exagone.cjb.net/ and read everything in his 'Win32Asm Tutor' and read everything from the ' Introduction' down.

head over to http://webster.cs.ucr.edu/ and click on 'DOS Assembly' and scroll down to the text 'The Art of Assembly Language Programming' and click 'HTML Version' and read what you can it will keep you bussy for a while.

make a stop back here or head over to http://crackmes.cjb.net/ and read all the level 1 essays you can, you should then have a kinda hazy idea how to reverse engineer somthing simple... its alota work.

-brad

Woops, maybe i wasn't clear. I wrote the call in the proggy, and it's working fine. What I don't know yet is how to place my own title and text (for the messagebox) into the proggy ...

Regards,
Aleph

Rage9 I meant the cracking part the revesing part is ok!!And above all you should putted up the reversmes uRl not cracking ones beucase ppl would learn more from REvermes the crackmes and there are a lot of the On Immortaldescendnats!!


NeO'X'QuiCk

Aleph,

Just dump the strings somewhere in the exe... where enough free space is available.
Probably somewhere at the end of a section ;D

Regards,
JimmyClif

Hiya Aleph,

I haven't done this particular crackme / reverseme so I can't offer any specifics, but maybe I can give you a few general pointers...

The first thing you need (if you don't have it already) is a copy of the win32 API reference. Looking up MessageBoxA in the reference reveals that it takes 4 parameters.

int MessageBox(

HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);

All 4 of these parameters will be pushed on the stack prior to the call .

First off, the style of the MessageBox defines the appearence of the box...

MB_ABORTRETRYIGNORE The message box contains three push buttons: Abort, Retry, and Ignore.
MB_OK The message box contains one push button: OK. This is the default.
MB_OKCANCEL The message box contains two push buttons: OK and Cancel.
MB_RETRYCANCEL The message box contains two push buttons: Retry and Cancel.

These styles, MB_OK, MB_OKCANCEL, ect are actually defined constants and if memory serves me correct you should be able to find out their values by doing a search within the header file winuser.h (or from looking at the MessageBoxes referenced in a dead listing)... Anyway, you'll need to push the numerical value for the style of the messagebox you want.

Next, you have pointers to the text and title strings. In order to insert this text, you'll need to find some empty space in the file. Often there is some empty space at the end of the code section in the proggy. Here you'll write your desired title and text in a hex editor using the ASCII codes for the letters. The addresses where you place them are going to be the second and third parameters you push prior to the MessageBox call. Note, you'll also likely need to change the section characteristics from C0000020 to E0000020. This will allow the section to contain both data and executable code without crashing.

Lastly, is the handle to the window that owns the MessageBox. In the simplest case this parameter can simply be NULL.

Anyway, I hope the above is of some assistance to you. Feel free to ask additional questions if any part of it is not clear



To Neo :
While it may be true that there is more to be learned from the 'reversing' task than the 'cracking' task, it is necessary for most to begin at the beginning in their persuit of knowledge. Man, I didn't even know what an API was when I first began... but I sure have learned a whole hell of a lot since I inverted that first jump on a reg routine. And as such, simple tasks like changing a jump or noping a call are necessary stepping stones on path to gaining the knowledge and skills necessary to tackle more advanced issues. IMHO, a purely 'reversing' challenge is beyond the complete newbie and in most cases would lead to more discouragement than productive learning... We all crawl before we walk. Anyway, this is just my humble opinion based on my own personal experience.

Good Luck Guys

Regards,
Clandestiny

What happened to my post anyway ? The forum says I was the last person to post... but my post is gone ??? Well apparently not gone... let me rephrase the problem

It seems that the last poster's message disappears until there has been another post, after which the message appears and the new poster's message becomes invisible....

Any ideas why this is happening ?

Clandestiny

anyone ready to post a small essay?

mine if someone doest post one in... ohhhhhh.... a day or so i will....

ok? any objections?? peace out...

-Rage9

I've noticed this delay in posts that Clandestiny mentions before, in other boards as well. The latest post is by Hz, but it doesn't show - yet. I'm posting this just to see if I can "force" the previous one to show, to try to see why we're always one post behind.

'course if this works you won't see THIS one until later as well

Kayaker

The essay is done, the essay is in the zip and the finnished exe, if your still working on it dont read it but if your done go ahead.... peace out.

-Rage9

Hi Rage9,

Hey, nice project, and *very* nice essay about it. Well explained, step-by-step and informative, giving extra information about using hiew and the details of basic code injection. Very instructive and newbie-friendly

This is exactly the kind of projects we need in here to help develop peoples interest in and understanding of reversing. Thanks for your efforts, and those helping with suggestions, they are much appreciated. I hope you've got a Lesson 2 for us to enjoy

Regards,
Kayaker

Thanx Kayaker and yes there is a lesson 2 comming, I will continue doing these until there is no intrest hopfully! The lesson 2 crackme will be done in a day or two, check you all later.

-Rage9

Hi Rage9,

Way to go! Great project. And, there are many of us interested in your next project.

Links to appropriate study pages and the attachment are very helpful. (No I didn't peek)

Thanks, Kugi

Hi everyone,

Kayaker, what's wrong with the messages again?
Kugi has posted an Message now, but first instead of his message was a message from "Rage9" with the text "bump" ?
Weird.

Cya...

CoDe_InSiDe

Dunno CoDe_InSiDe. It only seems to be happening with this thread. I'm just bumping whoever posted last so their post is shown, which is what Rage9 did.

I've been deleting the 'bump' messages as they come up (I know I've got a couple outstanding

To be assured your post shows, FOR THIS THREAD ONLY, just make a second post with whatever you want, and your 1st post will show up.

As I wrote in a now deleted bump post, I think it's some kind of temporal shift or something

"bump" was coined by Hz btw ;P

Kayaker

Hi Kayaker,

Ok, i get it now still pretty weird

Cya...

CoDe_InSiDe

Hey.

I'm in, too - a bit late but better late then never, isnt it.
I'm goin to try to do the msgbox job, too and then get over to the 2nd lesson.

cya later

Joda

Cool Joda, feel free to post questions or results, these projects never really end y'know.

Hi,

I feel so sorry that I am going on holiday in two days' time. Can I join your class when I come back ? (May be several weeks from now). I am definitely interested in learning about r.e.

Jim

By all means join whenever you can, remember to real all the other eassays and the such.

-brad

Well, people, here I am, back again. I swear, if it's the last thing I ever learn whilst on this planet, it's how to crack an app!!!

I gotta say, though, the membership is HUGE!! With all these people, perhaps I'll make it this time. Anyway, I have a little time today, so I'll putz around for a bit, but I need to mow the lawn, and get my dog to the kennels - we're going away for several days, and these chores need to be done, otherwise my name is MUD!

TTYL
Zee.

p.s. From now on, ALWAYS thumbs up ... <g>

Excellent! This helped me, a definite newbie, an amazing amount with code injection...code injection had always been scary, but this project was a really easy approach to it, very newbie friendly...sparked my interest in this sorta thing, that was cool =)

Hey rage9/everyone else...this topics been kinda dead for the last few days

I say we get the next project goin...Perhaps since the last one was patching a conditional jump/code injection, maybe the next one should be serial fishing/calculation routine determining and possibly an extra credit keygen? ; )


--ThRaX

Wow guys, I love the suport. Yes I am working on the next lesson, serial fishing, oh hell yeah, the scheem with be a little harder and with a cool twist. right now im working full time and doing art on the side for a small german game developer, and trying to get this sneeked inbetween, ill put some time into it and hopfuly come out with somthing soon! ok? l8er all.

-Rage9

bumping my last message up, god this thread is screwed up