[rAPTOR]'s Crackme 1
--------------------
Tools Used:
Softice

---
Protection:
A simple code protection

---
Ok, first of all, get the crackme ;), you can get it (and many others) from
http://crackmes.cjb.net
Load up the crackme, enter a junk serial and set a breakpoint on Hmemcpy
now press the Validate button to check the serial, when softice break, go on
until you come here:

:0042F6E9  B850174300          MOV     EAX,00431750
:0042F6EE  E8B143FDFF          CALL    00403AA4
:0042F6F3  8B1550174300        MOV     EDX,[00431750]  ; EDX = offset of our entered serial
:0042F6F9  8A541AFF            MOV     DL,[EBX+EDX-01] ; DL = asc value of serial[i]
:0042F6FD  80F210              XOR     DL,10           ; dl = dl xor 10h
:0042F700  885418FF            MOV     [EBX+EAX-01],DL
:0042F704  43                  INC     EBX
:0042F705  4E                  DEC     ESI
:0042F706  75E1                JNZ     0042F7E9        ; is all char's xor'ed? no, then jump

that's all the important code, which simply means that each char of the serial we
entered is XOR'ed by 16(10h). but we need to know one more thing, what is it we should
XOR with?! well, step down until you come here

:0042F708  A150174300          MOV     EAX,[00431750] ; eax = offset of our junk serial
:0042F70D  8B1548174300        MOV     EDX,[00431748] ; edx = offset of our valid serial (XOR'ed)

so do a "d edx" and you'll see KbQ@D_BM and that's simply the thing we should xor with..

     4B  62  51  40  44  5F  42  4D (KbQ@D_BM)
XOR
     10  10  10  10  10  10  10  10
-----------------------------------
     5B  72  41  50  54  4F  52  5D ([rAPTOR])

so the valid serial is [rAPTOR] not so hard eh?
---
/Klefz - http://klefz.cjb.net