Results 1 to 12 of 12

Thread: try this crackme

  1. #1
    SaNGa
    Guest

    try this crackme

    I wrote this simple crackme, tell me about my work!

    http://space.tin.it/clubnet/esangale/clubnet/esangale/tutorials.htm
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    hi SaNGa,
    i have tried and done it.

    i don't think it's the right place to put this thread.
    maybe "mini project area" is the right place; it's an easy level and could be a little mini project for newbies.

    ciao,
    ZaiRoN

  3. #3
    Registered User
    Join Date
    Jan 2002
    Location
    Ger***y
    Posts
    39
    -------------------------------------
    Fishing a Serial for Sangas CrackMe1
    -------------------------------------
    Tricks: - Bpx-Check (CC)
    - MeltIce

    - MeltIce-Check is executed after startup..

    Bpx CreateFileA +1 -> e eax 00

    Name : [NtSC]
    Serial: 123456

    017F:004031D4 5B 4E 74 53 43 5D 00 00-00 00 00 00 00 00 00 00 [NtSC]..........
    017F:004031E4 00 00 00 00 54 45 56 42-46 56 00 00 00 00 00 00 ....TEVBFV......
    017F:004031F4 00 00 00 00 00 00 00 00-31 32 33 34 35 36 00 00 ........123456..

    Correct Serial: TEVBFV

  4. #4
    SaNGa
    Guest
    Originally posted by [NtSC]
    -------------------------------------
    Fishing a Serial for Sangas CrackMe1
    -------------------------------------
    Tricks: - Bpx-Check (CC)
    - MeltIce

    - MeltIce-Check is executed after startup..

    Bpx CreateFileA +1 -> e eax 00

    Name : [NtSC]
    Serial: 123456

    017F:004031D4 5B 4E 74 53 43 5D 00 00-00 00 00 00 00 00 00 00 [NtSC]..........
    017F:004031E4 00 00 00 00 54 45 56 42-46 56 00 00 00 00 00 00 ....TEVBFV......
    017F:004031F4 00 00 00 00 00 00 00 00-31 32 33 34 35 36 00 00 ........123456..

    Correct Serial: TEVBFV
    Good job [NtSC]!

    Have your tried to patch the executable?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Registered User
    Join Date
    Jan 2002
    Location
    Ger***y
    Posts
    39

    Patching..

    Hi Sanga!
    Nope,i didnt try patching it,why?
    CRC over previous Code ?

    A good hint to walk with on your CrackMe is to let it run + dump it.
    So its easy to obtain your decrypted Strings.. MeltIce

    But finally ... Patch?..
    What kinda patch do u want ? tell me ;>

  6. #6
    SaNGa
    Guest
    If I tell you, it will easier!

    ...try yourself! good luck
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Registered User
    Join Date
    Jan 2002
    Location
    Ger***y
    Posts
    39
    Patch-Adress: 40109c - New Bytes: e9 85 00 00 00 - Result: Kill MeltIce-Check
    Patch-Adress: 4014e0 - New Bytes: 90 90 - Result: Any Serial Valid

    I dont see any Tricks that stop me to exchange my Patch-Bytes with your original Ones.

    So i dont see the Patching Challenge really at the Moment..

  8. #8
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    hi [NtSC],
    you are right!
    two bytes-patch and the crackme will accept all name/reg combo.
    i want to add a little thing about the proggie. i don't know if it's a bug or is a feature of the crackme but it accept only 1 valid name/reg combo. if you try a second time the proggie will crash. this because the call in 401470 receive GetDlgItemTextA and not the encrypted string....

    bye,
    ZaiRoN

  9. #9
    SaNGa
    Guest
    Originally posted by [NtSC]
    Patch-Adress: 40109c - New Bytes: e9 85 00 00 00 - Result: Kill MeltIce-Check
    Patch-Adress: 4014e0 - New Bytes: 90 90 - Result: Any Serial Valid

    I dont see any Tricks that stop me to exchange my Patch-Bytes with your original Ones.

    So i dont see the Patching Challenge really at the Moment..
    I've done a bullshit!
    ...the crackme code should be self-modify its critical sections...but I forgot the jne at 4014E0h
    Sorry to everybody for this bullshit crackme
    I think that I have more and more experience to done!
    I've attached the crackme suorce code...
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    SaNGa
    Guest
    Originally posted by ZaiRoN
    hi [NtSC],
    you are right!
    two bytes-patch and the crackme will accept all name/reg combo.
    i want to add a little thing about the proggie. i don't know if it's a bug or is a feature of the crackme but it accept only 1 valid name/reg combo. if you try a second time the proggie will crash. this because the call in 401470 receive GetDlgItemTextA and not the encrypted string....

    bye,
    ZaiRoN
    This is another my bullshit
    Thank you for reporting ZaiRoN

    ciao
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    hi SaNGa,
    don't discourage yourself! "mistaking it is learned"
    i hope to see your next crackme and thx for the source

    ciao,
    ZaiRoN

  12. #12
    Registered User
    Join Date
    Jan 2002
    Location
    Ger***y
    Posts
    39

    ;-)

    Yes. I also noticed the Crash..
    But anyway.. I would say it wasnt bad for your first CrackMe.

    Nice Ideas that latly would keep some Newbies in Trouble :>
    Looking forward for the next Challenge

    Cheers,[NtSC]

Similar Threads

  1. Need help with crackme
    By lucid_dream in forum The Newbie Forum
    Replies: 4
    Last Post: January 12th, 2005, 04:32
  2. help with this crackme
    By chitech in forum Mini Project Area
    Replies: 2
    Last Post: August 28th, 2002, 11:41
  3. int 20 (hinte's crackme #6)
    By ZaiRoN in forum Mini Project Area
    Replies: 26
    Last Post: March 7th, 2002, 16:40
  4. A little crackme
    By raven58 in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: February 14th, 2001, 18:19

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •