Log in

View Full Version : try this crackme


SaNGa
June 1st, 2002, 17:53
I wrote this simple crackme, tell me about my work!

http://space.tin.it/clubnet/esangale/clubnet/esangale/tutorials.htm

ZaiRoN
June 1st, 2002, 18:45
hi SaNGa,
i have tried and done it.

i don't think it's the right place to put this thread.
maybe "mini project area" is the right place; it's an easy level and could be a little mini project for newbies.

ciao,
ZaiRoN

[NtSC]
June 2nd, 2002, 14:51
-------------------------------------
Fishing a Serial for Sangas CrackMe1
-------------------------------------
Tricks: - Bpx-Check (CC)
- MeltIce

- MeltIce-Check is executed after startup..

Bpx CreateFileA +1 -> e eax 00

Name : [NtSC]
Serial: 123456

017F:004031D4 5B 4E 74 53 43 5D 00 00-00 00 00 00 00 00 00 00 [NtSC]..........
017F:004031E4 00 00 00 00 54 45 56 42-46 56 00 00 00 00 00 00 ....TEVBFV......
017F:004031F4 00 00 00 00 00 00 00 00-31 32 33 34 35 36 00 00 ........123456..

Correct Serial: TEVBFV

SaNGa
June 2nd, 2002, 19:50
Quote:
Originally posted by [NtSC]
-------------------------------------
Fishing a Serial for Sangas CrackMe1
-------------------------------------
Tricks: - Bpx-Check (CC)
- MeltIce

- MeltIce-Check is executed after startup..

Bpx CreateFileA +1 -> e eax 00

Name : [NtSC]
Serial: 123456

017F:004031D4 5B 4E 74 53 43 5D 00 00-00 00 00 00 00 00 00 00 [NtSC]..........
017F:004031E4 00 00 00 00 54 45 56 42-46 56 00 00 00 00 00 00 ....TEVBFV......
017F:004031F4 00 00 00 00 00 00 00 00-31 32 33 34 35 36 00 00 ........123456..

Correct Serial: TEVBFV


Good job [NtSC]!

Have your tried to patch the executable?

[NtSC]
June 3rd, 2002, 17:49
Hi Sanga!
Nope,i didnt try patching it,why?
CRC over previous Code ?

A good hint to walk with on your CrackMe is to let it run + dump it.
So its easy to obtain your decrypted Strings.. MeltIce

But finally ... Patch?..
What kinda patch do u want ? tell me ;>

SaNGa
June 4th, 2002, 08:50
If I tell you, it will easier!

...try yourself! good luck

[NtSC]
June 4th, 2002, 18:06
Patch-Adress: 40109c - New Bytes: e9 85 00 00 00 - Result: Kill MeltIce-Check
Patch-Adress: 4014e0 - New Bytes: 90 90 - Result: Any Serial Valid

I dont see any Tricks that stop me to exchange my Patch-Bytes with your original Ones.

So i dont see the Patching Challenge really at the Moment..

ZaiRoN
June 4th, 2002, 18:47
hi [NtSC],
you are right!
two bytes-patch and the crackme will accept all name/reg combo.
i want to add a little thing about the proggie. i don't know if it's a bug or is a feature of the crackme but it accept only 1 valid name/reg combo. if you try a second time the proggie will crash. this because the call in 401470 receive GetDlgItemTextA and not the encrypted string....

bye,
ZaiRoN

SaNGa
June 4th, 2002, 19:01
Quote:
Originally posted by [NtSC]
Patch-Adress: 40109c - New Bytes: e9 85 00 00 00 - Result: Kill MeltIce-Check
Patch-Adress: 4014e0 - New Bytes: 90 90 - Result: Any Serial Valid

I dont see any Tricks that stop me to exchange my Patch-Bytes with your original Ones.

So i dont see the Patching Challenge really at the Moment..


I've done a bullshit!
...the crackme code should be self-modify its critical sections...but I forgot the jne at 4014E0h
Sorry to everybody for this bullshit crackme
I think that I have more and more experience to done!
I've attached the crackme suorce code...

SaNGa
June 4th, 2002, 19:06
Quote:
Originally posted by ZaiRoN
hi [NtSC],
you are right!
two bytes-patch and the crackme will accept all name/reg combo.
i want to add a little thing about the proggie. i don't know if it's a bug or is a feature of the crackme but it accept only 1 valid name/reg combo. if you try a second time the proggie will crash. this because the call in 401470 receive GetDlgItemTextA and not the encrypted string....

bye,
ZaiRoN


This is another my bullshit
Thank you for reporting ZaiRoN

ciao

ZaiRoN
June 4th, 2002, 19:10
hi SaNGa,
don't discourage yourself! "mistaking it is learned"
i hope to see your next crackme and thx for the source

ciao,
ZaiRoN

[NtSC]
June 4th, 2002, 20:13
Yes. I also noticed the Crash..
But anyway.. I would say it wasnt bad for your first CrackMe.

Nice Ideas that latly would keep some Newbies in Trouble :>
Looking forward for the next Challenge

Cheers,[NtSC]