hello guys : i am a newbie and i hav trying kwazy webbit's EASY CRACK.i understood the whole of protection mechanism . i got the "name - code" but i am not able to find the corrrect serial for my name.i found the solution by Rossignol but i am not able to understand the mathematics at the ends.
i hav attached the crackme as well as the solution.


what i dont understand in the solution is the last sentence in page 12 :
"IMPORTANT: Some steps are subjected to an overflow and thus the resulting values are truncated.I marked the equal-sign of the steps in which an overflow occurs in blue."

and in page no 13
step#2 1,632,484,623 + 3,134,983,653 =
overflow(value truncated) = 876,196,128

step#3 876,196,128 ^ 322,420,958 = 655,258,110
i dont understand these steps. what is meant by truncated and why the additions are giving queer values.because 1,632,484,623 + 3,134,983,653 should give me 4767468276 but according to the solution it is 876,196,128.

a little help would be great.

^ means an xor operation.

truncated because the result would be far greater than the registers can hold.

for eg: in C

unsigned int i=65534,j=2;

printf("%d",i+j);

actual result should be 65536 ,but the compiler gives it as 0 because with 65535 all the 16 bits are set and 65536 would cause the 17th bit(which is out of the range of the 16 bit unsigned integer) to be set ,zeroing out the rest of the bits.since the unsigned integer considers only the 1st 16 bits it would take the answer to be zero truncating the 17th bit.

so as you increase j the answer will be truncated because of the limit on the size of unsigned integer.same is the case with registers.

cheers

ok
but how did the author found the reqd serial

My suggestion:

Load the crack me in Olly, place a breakpoint in 401000. That is where the key generation takes place. trace it carefuly in olly, with an eye on the values stored in the registers and the values stored in the stack.

Remember that the tut author (unwisely or not, I do not know) opted to show you the numbers in Decimal notation, but the CPU and OLLY perform all the operations in Hex, so check the values you see in both formats and you will understand how the valid key is generated.

At the end of the generation routine, the calculated key is xored and compared against the key you entered, which is contained in EBP+8. But be aware that key you entered has been converted from dec to hex, so it may not look familiar unless you manually do the conversion:

hint: the windows calculator in "scientific" mode can do most if not all hex operations and dec<-> hex conversions for you.