"PhoX's CrackMe v2.0"
 
 
This tutorial is coming from... 
 

 

##########                     #######  ####                ####   #####    ##########  
  ###    ###                       ###     #   ###                    ###   #          #         ###  
  ###    ###        ###         ###  #      ###     ###          ###  #           #        ###  
  ###    ###      ## ##        ###  #      ###    ## ##         ####                     ###  
  ###   ###      ### ###     ######    ###   ### ###         ###                   ###  
  #######       #######    ###  #      ###   #######        ###                  ###  
  ### ###        ###           ###  #      ###   ###               ####                ###  
  ###  ###       ###           ###          ###   ###             #  ###               ###      #  
  ###   ###      ###           ###          ###   ###            #   ###              ###       #  
 ###    ###       ###  #      ###          ###    ###  #      #     ###            ###       ##  
####### ####   ####   #######    #####   ####   #####  ######    ########## 

 
 
 
ReFleXZ '99
 
Url: Http://ReFleXZ99.cjb.net 
Email: ReFleXZ@fcmail.com
 
 
 
 
 
About the essay... 
 
Written by
Bjanes 
 
Date: 10th April 1999
Program name: PhoX's CrackMe v2.0
Program type: Win32 CrackMe 
Program location: Here
Program filename: phox_cm2.zip 
Program size: 1,2 Kb 
 
Tools required: 
Softice 3.2 - Debugger
 
Difficult level: 
Easy ( X )  Medium (   )  Hard (    )  Pro (    ) 
 
 
 
About the protection...
 
 
Type of protection:
Serial only
Even this crackme is very easy, there are some tricks that can
prevent non-crackers crackming this babe.
Program don't look what you enter in the textbox, it only looks
for the lenght of the string that you entered.
So the crackme don't use most common breakpoints for catching
input from the textboxes, you can find another way to break it.
  
Bad message: "Wrong serial"
Good message: "Nice...Now mail your right serial to me (see readme.txt)"
 
 
The Essay...
 
Even this crackme is not worth the tut. I'll explain how to crack 
it for absolute newbies.... 

First I try to force the crackme to break with the most common 
breakpoints like GetDlgItemTextA, GetWindowTextA,HMemCpy.... 
But any of these breakpoints didn't work, everytime I got the  
MessageBox displaying bad message. 

So I decide to put the breakpoint at the "MessageBoxA", to 
break the crackme when it want to display bad message. 

So load the crackme, fire up the Sice,  and type "bpx  
MessageBoxA", now enter any random serial(etc. 998899), 
and press "OK" button. When the sice breaks press "F11", and 
press "OK" when the messagebox appears. You'll now see this 
part of the code.... 

015F:0040119B  837D1020            CMP     DWORD PTR [EBP+10],20 
015F:0040119F  754C                JNZ     004011ED 
015F:004011A1  FF354C204000        PUSH    DWORD PTR [0040204C] 
015F:004011A7  E89B000000          CALL    USER32!GetWindowTextLengthA ;Get the lenght of the serial 
015F:004011AC  A3E9204000          MOV     [004020E9],EAX ;Save it 
015F:004011B1  8BF0                MOV     ESI,EAX ;ESI = Lenght of the serial 
015F:004011B3  83FE0C              CMP     ESI,0C  ;Is the lenght of the serial 12(0Ch)?? 
015F:004011B6  751E                JNZ     004011D6(1)   ;If not then jump to 'bad' section of code 
015F:004011B8  6A30                PUSH    30 
015F:004011BA  6891204000          PUSH    00402091 
015F:004011BF  6897204000          PUSH    00402097 
015F:004011C4  FF3548204000        PUSH    DWORD PTR [00402048] 
015F:004011CA  E88A000000          CALL    USER32!MessageBoxA  <--- Bad guy message 
015F:004011CF  5E                  POP     ESI   <--- You land here 
015F:004011D0  5F                  POP     EDI 
015F:004011D1  5B                  POP     EBX 
015F:004011D2  C9                  LEAVE 
015F:004011D3  C21000              RET     0010 
015F:004011D6  6A30                PUSH    30(1) 
015F:004011D8  68ED204000          PUSH    004020ED 
015F:004011DD  68FB204000          PUSH    004020FB 
015F:004011E2  FF3548204000        PUSH    DWORD PTR [00402048] 
015F:004011E8  E86C000000          CALL    USER32!MessageBoxA <--- Good guy message 
015F:004011ED  33C0                XOR     EAX,EAX 
015F:004011EF  5E                  POP     ESI 
015F:004011F0  5F                  POP     EDI 
015F:004011F1  5B                  POP     EBX 
015F:004011F2  C9                  LEAVE 
015F:004011F3  C21000              RET     0010 

How you can see, program only check the lenght of serial. So to  
register the crackme enter any serial with 12 chars. 
I entered "[ReFleXZ'99]", and good message appears. 

If you still have some problems or questions you can mail us: ReFleXZ@fcmail.com

 
 
 
Final notes...
 
My thanks and gratitude goes to:- 

The Sandman for his great site(the best site for newbies) full of knowledge and for 
his cracking forum(also the best on the net)! 
Eternal Bliss, my GREAT 'virtual'  friend, for all what he done for me! 
MiZ, also the GREAT friend of mine. For all the time that I spent with you :) 
Iczelion, for his great Win32Asm tutorials, and all knowladge that he gave me! 
DnNuke, for link of GREAT mp3 site that he gave me :)) 

Torn@do, Carpathia, Zobel, MisterE, VisionZ, DecoderZ, Rhytm, noos, Ordoc, Nitrus... 
...and all there at #cracking4newbies and #Win32Asm(and #ReFleXZ99 too :) 

If I miss someone plz forgive me, and if you think that you must be on this list tell me! 
 

 
 
 
Disclaimer... 
 
This tutorial is written for EDUCATIONAL purposes only. 
So if you want to use the program after its trial period ends please BUY IT! 
Support shareware(and its authors), this is our learning tool! 
 
ReFleXZ is not responsibile for any damage caused with this essay or any of its parts. 
So everything what you're doing and 'experimenting' is on your own responsibile!
 
Also, in this tutorial you'll not find any serial numbers, so try to search elsewhere 
under Cracks and Warez. 
 
Copyright © 1999 by ReFleXZ '99
All rights reserved