Hi everyone!

Today we'll try to crack the crackme from ceycey.
It is a very easy crackme. I rate it newbie...

I assume you are a newbie, so I'll try to explain it as thoroughly as possible.  I also assume you have Soft Ice installed.  It isn't easy to remember the things I struggled with in the past so...if there are things you don't understand you can mail me
   tutorials@biw-reversing.cjb.net

So...let's hit the road:)

We start by opening the program (yes, double-click the icon ;)
What do we see here...we have to enter a password.

Just enter something, like for example: 'hello'
Now press Ctrl-D, and put a breakpoint on hmemcpy (bpx hmemcpy).
Now press Ctrl-D again, en press the 'Check'-button of the crackme.

YEP! Soft Ice breaks...
Now press F12 a few times (7x) until you are in the program (ceycey!)

Now trace trough the code (with F10) until you reach this part of the code...

:00457620     mov eax, [EBP-04]          ->OUR password is now in eax
:00457628     mov edx, 0045766C          ->ULTRADMA...............(followed by 60 dots) is now in edx. Hmm...what's that doing here?? Trace on...

:00457628     CALL 00403CBC  		 ->enter this call(F8)

    :00403C8C     push ebx      	 ->pushes ebx on the stack
    :00403C8D     push esi		 ->pushes esi on the stack
    :00403C8E     push edi		 ->yes, indeed...:)
    :00403C8F     mov esi, eax		 ->move eax to esi  (ie: esi=password)
    :00403C91     mov edi, edx 		 ->move edi to edx  (ie: edi=ULTRADMA........)
    :00403C93     cmp eax, edx		 ->compare our password (hello) to ULTRADMA..............
    :00403C95     jz 403D2A              ->jump to 403D2A if eax=edx

Now, there is still some code behind this...but we don't have to trace on...
We can see clearly in the code that eax(where OUR (wrong) password is stored) is compared with edx(where ULTRADMA....... is stored)
After that we see a 'jump if zero' (jz). This means that, if the 2 registers are the same, we jump to the good-guy code!!
So, if our (wrong) password is compared with 'ULTRADMA......', it means that 'ULTRADMA.......' is the correct password.

So try it!! Enter ULTRADMA..........(type exactly 60 dots behind ULTRADMA, or it won't work!!)

If you don't feel like typing all those dots, you can copy/paste this:
ULTRADMA............................................................


Well, I hope this tutorial is clear. If there are things you don't understand, feel free to mail me.
If you think I made a mistake somewhere: Mail me!

That's it for now!

Miele...signing off...

