View previous topic :: View next topic |
Author |
Message |
xCodex Grandmaster Cheater Reputation: 0
Joined: 03 Oct 2006 Posts: 891
|
Posted: Tue Jul 24, 2007 9:37 pm Post subject: |
|
|
You used the process name in a string as part of an anti-debugging attempt?
>_>
_________________
|
|
Back to top |
|
|
Ksbunker Advanced Cheater Reputation: 0
Joined: 18 Oct 2006 Posts: 88
|
Posted: Tue Jul 24, 2007 11:30 pm Post subject: re: |
|
|
Password: F8lXZ-UG9LT-K1
Anti-Ollydbg and Anti-CE trick didn't hasten me at all, just edit the string, problem solved.
BUT a better method would be;
Code: | 00451859 . C41C4500 DD CrackMe_.00451CC4
0045185D . 0A DB 0A
0045185E . 4B 6C 50 72 63>ASCII "KlPrcTimer" |
One can easily deduce that KlPrcTimer is the Timer that continually checks to see if the two programs are open. The code related to that particular procedure, is located above the command label, in this case "CrackMe_.00451CC4"
Goto this address, you will see;
Code: | 00451CC4 . B8 E41C4500 MOV EAX,CrackMe_.00451CE4 ; ASCII "CheatEngine.exe"
00451CC9 . E8 3AFCFFFF CALL CrackMe_.00451908
00451CCE . B8 FC1C4500 MOV EAX,CrackMe_.00451CFC ; ASCII "ollydbg.exe"
00451CD3 . E8 30FCFFFF CALL CrackMe_.00451908
00451CD8 . C3 RETN |
We want to completely skip those string params and calls, and jump directly to the "RETN" at 00451CD8. We could either 1) Insert a 'JMP 00451CD8" at the start of this little snippet (ie. at 00451CC4) or 2) where it had ;
Code: | 00451859 . C41C4500 DD CrackMe_.00451CC4
0045185D . 0A DB 0A
0045185E . 4B 6C 50 72 63>ASCII "KlPrcTimer" |
Change;
Code: | 00451859 . C41C4500 DD CrackMe_.00451CC4 |
TO
Code: | 00451859 . C41C4500 DD CrackMe_.00451CD8 | .
Protection moved.
An alternative approach requires absolutely no coding or cracking knowledge at all.
Open up the crackme_.exe in Reshack. Goto RCDATA > TCRKFRM. Scroll down to;
Code: | object KlPrc: TTimer
Interval = 300
OnTimer = KlPrcTimer
end |
Change the interval from 300 to 9999999, interval is sufficiently large to render the timer useless.
|
|
Back to top |
|
|
opcode0x90 Cheater Reputation: 0
Joined: 05 Aug 2006 Posts: 27
|
Posted: Wed Jul 25, 2007 2:58 am Post subject: |
|
|
I wonder how can you have a valid code for random-generated password?
crackmes are meant to simulate the real-world application, where user can register the application with your supplied code. As such, this "creativity" does not apply here.
|
|
Back to top |
|
|
oib111 I post too much Reputation: 0
Joined: 02 Apr 2007 Posts: 2947 Location: you wanna know why?
|
Posted: Sat Jul 28, 2007 9:15 pm Post subject: |
|
|
I find it interesting that everyone had to do all that stuff. I mean its not like it was super big I mean if you went back to olly (or ce if you prefer it) and searched for text strings. You would find all of the strings for the password.
Edit:
By suggest, my sorta-maybe-idk crackme is now going to be released here. You know what to do. If you guys can't do it, I will tell how.
_________________
8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
Back to top |
|
|
xarchelo Cheater Reputation: 0
Joined: 16 Jun 2007 Posts: 31
|
Posted: Mon Aug 06, 2007 11:15 am Post subject: |
|
|
advanced? didnt even take me a min to patch it
Code: |
00451C21 /75 11 JNZ SHORT 00451C34
|
to
Code: |
00451C21 /74 11 JE SHORT 00451C34
|
|
|
Back to top |
|
|
DeletedUser14087 I post too much Reputation: 2
Joined: 21 Jun 2006 Posts: 3069
|
Posted: Fri Aug 10, 2007 11:42 am Post subject: |
|
|
xarchelo wrote: | advanced? didnt even take me a min to patch it
Code: |
00451C21 /75 11 JNZ SHORT 00451C34
|
to
Code: |
00451C21 /74 11 JE SHORT 00451C34
|
|
chaka laka !!!
|
|
Back to top |
|
|
|