this is Nuke's teaching crackme,here is No.1
please provide serial or keygen.

lordor
03.12

update again,had translate into english,and don't packed the program.

12.16

I decided to translate crackme's rsrc to inglesh using PExplorer.
I hope, I correctly guess chinese!?
but there are also chinese strings in .data for MessageBoxes..
Hey, Solomon..

sorry,this is my first time to release here,I had updated again,had translate into english,and don't packed the program.
please down load again.

Hi lordor,

If you're having problems uploading that file again, there could be 2 reasons. VBulletin uses kind of a funny system for uploading files, your original file called 'crackme1.zip' actually still exists on the database under your name, even though you think you've deleted it.

This doesn't allow you to upload a new file of the same name, you may have gotten a "attachment already exists" error. The file needs to be physically deleted from the database by one of our kind moderators in that case... which I just did. So you can try once again to upload the file (or you could have changed the name).

Anyway, since I saw you online updating the post but without an attachment, I thought you might be having this problem, so please try again. The crackme looked good so I transferred your post here to the Project forum.

The other issue is that I think popups need to be enabled since VBulletin uses a separate window for uploading attachments, I usually forget and get kicked out of the posting page and then there's no attachment, then I'm forced to swear repeatedly because I have to go and physically delete the attachment from the database before I can try again...

Kayaker

Hi eval,

I seldom browse this section(Mini project area) of this forum.

To lordor:
please re-compile your keygen using English strings.

ok,had re-compile again.

Hi lordor.
Thx for your crackme! It seems to be very interesting and it represents something unusual for this area; infact, if you want to solve it, you have to know something about crypto-stuff.

When you run the crackme, it shows two boxes, the 'serial' and the 'key' boxes. The first one contains a number and the second box is empty. Due to the fact that the crackme wants a valid Serial/Key combination to be registered, first of all we have to find what is the number written in the Serial box.

The Serial is a number obtained by the xor between the volume serial number and the value 0xABCDE123. How did I found this information? Which are the possible functions capable to set the text of an edit box? SetDlgItemText and SetDlgItemInt for example; a simple observation of the disasm reveals that the function is SetDlgItemInt...

The protection routine starts with the GetDlgITemInt function at 40240F. The protection routine uses two different algorithms: MD5 and Des.
I am sure about the MD5; it is applied to the 'Serial' (in his *signed* version). I am not totally sure about Des; I think that 'key' is used at the same time like key and plaintext of the Des algorithm... can someone confirm this?

Later,
ZaiRoN

hi,ZaiRoN

I think you are the first one to find out DES in this crackme.yes,It used standard DES algorithms.and DES's key is in the program.

lordor

The cryptoanalyzer plugin for PEid does a good job
just want to recommend it hereby for those asking how the h... to figure out as a starting point... (it also tells us about the crc32 )

I think these types of tools are useless if you can't deal with the crypto algo. Does it show you the key?

foreigner

hi!

no it does not, and it cant. thats clear. but: it gives you quickly the information where to start. and that you see it might be a standard algo so you know which docz you have to download that will help you. if i for example do not know it and cant discover that algo type myself i was helped by this plugin because i can have much information about the used algo type on the web. and i know i am helped on this topic by many researchers that have worked on it before.

nobody has to use this tool. and nobody has to like it for experienced guys maybe u can say it is useless.

i only wanted to give the hint for those who read this thread and are not so experienced - hey they can try it out and - for example i did not see anybody to mention fo example in the codelock issue that blowfish is used. only talking about what it could be some this or that... once you know you can read about blowfish implementations and understand better or lets say faster what is going on in the pcode.

i didnt wanted this topic to be discussed so much, just wanted to give the hint. it is not because i want to say / hey i am cool i know the plugin. no. this should be a hint on this topic for unexperienced guys that maybe get scared because they cant figure out such info theirselfes. and there i think are a lot of guys who start here, read and include this into their toolset. thats good i think.

i mean you can say for example every posting about pe headers is useless here just because you are an expert on this. thats ok, and you need not read it.

last to say it is my attitude to say information is power - so why not help people to get information. and it fits to this topic i think. so sorry that i bothered you maybe with this posting. maybe someone was helped by it - maybe not.

i for example use this plugin sometimes for a starting point to have a quick (but not 100% sure) info what i will have to deal with. does it do crc, ...? i know i will see it in the deadlisting anyway. yes. but thats not the point. got me?

[edit] yes here it is shown in the subject what algo is used so my posting indeed was useless for _this_ crackme

regards, 0xf001

Hi 0xf001,
I like to see this kind of post, thx 0xf001.It's not useless, you gave a way to discover the algo
Have you solved the crackme?

Best regards,
Zai

hi zai! thats a rime and what rimes is good we learned some years ago ....

sorry to myself, but i did not work on this crackme _yet_. i have big amounts of work to do (my own fault ggg) and as i registered on ryans site to try to crack codelock i have another project, too now and a deadline in about 30 days yup but i find this one interresting and scheduled it.
so my posting was too early

i mean i do not really like that because i also want to work on it and discuss the progress and exchange memory so i think i will reconfigure the task scheduler tonight ... (btw. red bull figured out to also go into my toolset )

greetz, da 0xf001

I think the same thing but only for the first part of encryption.
I saw this if I give 1234567890123456 for the "key" :
- First part of Des encryption will use :
0012F938 12 34 56 78 90 12 34 56 4Vx?4V
to crypt the first part of the "key" I've done.
- Second part of Des encryption will use :
0012F940 F0 EE 5E 00 01 00 00 00 ро^.
...
to crypt the second part of the "key" I've done.
F0EE5E0001000000 is a constant.

The serial is the volume serial number of our C:\ xor ABCDE123h and converted in decimal (in "unsigned" version).

If the first part (16 chars) of the hash (md5) of the "signed" version of serial number = encrypt_DES (key_des, "key" we are registered.
But the key_des is different (cf above) for the encryption of the first part of the "key" (8 chars) and for the second part (the last 8 chars).
For the second part of encryption the key_des is always F0EE5E0001000000 but for the 1rst part the key_des is the "key" we've done (value put in a buffer like a hexadecimal value).

But it is possible I've done some mistakes... What do you think about it ?

Sorry for my very bad english
And sorry to answer to this old post.

Regards,

elooo