Acid_Cool_178
presents he's

This crackme has a key generator. If i'm entering AC_178 and using that key to register Acid_Cool_178 then the key are wrong. Sorry..

Eddie Van Camper, one man army who has started hes own crew. I'f you are visitting he's page then please use Netscape and not Internet Explorer. In this tutorial i will patch this crackme so it accept all keys :) and ofcourse we will have some fun with this crackme ;) And take a backup of the file*

Taks1 <-- Patching with W32Dasm and Hiew
Task2 <-- Fun fun fun :)

Task1
I did open the crackme in W32Dasm and founded this string at "String DataReferences" Congratulations Registred. I did click on that and i landed on this code.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040115D(C)
|
:0040117F 33C0 xor eax, eax
:00401181 33DB xor ebx, ebx
:00401183 8B85F8FEFFFF mov eax, dword ptr [ebp+FFFFFEF8]
:00401189 8B9DFCFEFFFF mov ebx, dword ptr [ebp+FFFFFEFC]
:0040118F 2BC3 sub eax, ebx
:00401191 7516 jne 004011A9               <-- Jump If Not Equal
:00401193 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"Key Checker"1
|
:00401195 683C304000 push 0040303C       
* Possible StringData Ref from Data Obj ->"Congratulations, Registered"
|
:0040119A 6813304000 push 00403013        <-- U Land Here
:0040119F FF7508 push [ebp+08]

Take a look at the jump, JNE means Jump If Not Equal and what dosen't need to be equal ? So i did NOP that jump and the crackme can accept all codes :)
If you dont now how to nop then scroll up to the jump and look at W32Dasm's statusbar, there you can see @Offset 00000591h and so on.
The number 591 are the number what we are using in Hiew and h in the end og the number means HEX1
So just open the crackme Hiew and press enter two times. GoTo (F5) 591 and press Edit (F3) and type 90 two times. Update the file (F9) and quit Hiew  (F10 or Esc) adn runt the crackme and every code are accepted :)

NOP means No Operation and NOP has the vaule 90 in hex. Thats why you had to enter 90 two times. And if you want to now why the hell wo times and not three thimes then read this.
:00401191 7516 jne 004011A9

:00401191         <-- The Offser in SoftIce and W32Dasm
7560                  <-- The Code that we did NOP (90)
JNE 004011A9 <-- Jump If Not Exual to 004011A9

The 7560 part are four numbers and 90 are two numbers so if i are typing 90 ine time then it will be error. So

Easy huh ?

Task 2
When we have patched the crackme and pressing the register button, then a NAG are comming up, lets remove that one.

* Possible StringData Ref from Data Obj ->"Congratulations, Registered"
|
:0040119A 6813304000 push 00403013
:0040119F FF7508 push [ebp+08]
* Reference To: USER32.MessageBoxA, Ord:01BBh
|
:004011A2 E82D000000 Call 004011D4
:004011A7 EB14 jmp 004011BD

NOP the call at 004011A2 because thats the NAG call. Open the crackme in Hiew and press enter two times to get ASM code anf GoTo (F5)  5A2 and Edit (F3) and nop it 5 times. and update (F9) and exit (F10 or Esc) the file and run the crackme. No nag  :)

Now we replace the file with an backup and we want to remove the NAG wich sayt that the code are wrong.

* Possible StringData Ref from Data Obj ->"Invalid Code"
|
:004011B0 682F304000 push 0040302F
:004011B5 FF7508 push [ebp+08]
* Reference To: USER32.MessageBoxA, Ord:01BBh
|
:004011B8 E817000000 Call 004011D4

The call at 004011B8 needs to be nop'ed 5 times and the NAG will be gone. Now i hace created a newbie challange, find the offser, and open the file in Hiew and nop the call.

And thats all folks. I have patchen a new crackme and who is easy to newbies/wannabies. I guess that i have a shitload og grammer/spelling errors in this text, wel thats beacuse i'm from Norway and english ain't my best side..

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss and all the other i have forgotten