Tutorial Number 12
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Website: http://crackmes.cjb.net
http://surf.to/crackmes
Date written: 12th Mar 1999
Program Details:
Name: Crackme v2.0
Author: CoSH
Tools Used:
W32Dasm
Cracking Method:
Looking at String Data Reference
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
About this protection system
No disabled function. Protection is based on a code you enter. This code
has nothing to do with your UserName. But you have to enter a UserName of
6 or more characters.
__________________________________________________________________________
String Data Reference in W32Dasm
Run the CrackMe a few times first. You will get a message box showing you
"One of the Details you entered was wrong". And the CrackMe exits...
Start your W32Dasm and open the CrackMe to disassemble it.
Under "String Data Items", you will see
"ERROR"
"One of the Details you entered"
"Well done,"
"YOU DID IT"
Double click on the "One of the Details you entered" string. You will see this:
===============================Code Start=================================
:0040150C E833030000 Call 00401844
:00401511 8B07 mov eax, dword ptr [edi]
:00401513 803836 cmp byte ptr [eax], 36
:00401516 751E jne 00401536 <-- jump to "Bad" message
:00401518 80780132 cmp byte ptr [eax+01], 32
:0040151C 7518 jne 00401536 <-- jump to "Bad" message
:0040151E 80780238 cmp byte ptr [eax+02], 38
:00401522 7512 jne 00401536 <-- jump to "Bad" message
:00401524 80780337 cmp byte ptr [eax+03], 37
:00401528 750C jne 00401536 <-- jump to "Bad" message
:0040152A 8078042D cmp byte ptr [eax+04], 2D
:0040152E 7506 jne 00401536 <-- jump to "Bad" message
:00401530 80780541 cmp byte ptr [eax+05], 41
:00401534 7417 je 0040154D <-- jump to "Good" message
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004014E4(C), :004014F3(C), :00401516(C), :0040151C(C), :00401522(C)
|:00401528(C), :0040152E(C) <-- take note of the locations
|
:00401536 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"ERROR"
|
:00401538 6864304000 push 00403064
* Possible StringData Ref from Data Obj ->"One of the Details you entered "
->"was wrong"
|
:0040153D 6838304000 push 00403038 <-- this is where you
:00401542 8BCE mov ecx, esi will land
===============================Code End====================================
You will land at 0040153D. Scroll up a bit and you will see that this
part of the code is "used" when a conditional jump points to it...
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004014E4(C), :004014F3(C), :00401516(C), :0040151C(C), :00401522(C)
|:00401528(C), :0040152E(C)
Now, scroll up a bit more to see the codes at :00401516, :0040151C,
:00401522, :00401528, :0040152E
**These are the locations that will cause the crackme to jump to
"Bad" Message
Can you that what is in eax is compared char by char to 36, 32, 38, 37, 2D, 41 ?
36(hex) = 6
32(hex) = 2
38(hex) = 8
37(hex) = 7
2D(hex) = -
41(hex) = A
And if any of the char is not the same, you will jump to "Bad" message.
At the last compare, if it is the same, you will be brought to the "Good" message...
What does this mean?
It means that the serial is hard-coded and has got nothing to do with your Name!!
Well, it is not exactly right... If you enter less than 6 char for the name, you will get the "Bad" message even if you type in the correct serial.
So, try with any name with 6 or longer chars.
e.g.
ETERNAL BLISS for Name
6287-A for Serial.
You will get "Well done,ETERNAL BLISS"
So, that is what the Name box is for...
CrackMe Cracked!!
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me.
And because I'm a newbie myself, I may have explained certain things wrongly
So, if that is the case, please forgive me. Email me if there is anything
you are not clear about.
My thanks and gratitude goes to:-
The Sandman
All the writers of Cracks tutorials and CrackMes