Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CrackMe v3.0 - By: Gunner54

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
gunner54
Newbie cheater
Reputation: 0

Joined: 17 Mar 2006
Posts: 12

PostPosted: Sat Mar 08, 2008 7:47 pm    Post subject: CrackMe v3.0 - By: Gunner54 Reply with quote

Well, i decided to make this after being board...

CrackMe v3.0
- Simple Key Generation
- Simple Anti-Breakpoint (On One Function)

Im looking for a KeyGen. Their again... if you just post how the key is generated that will do.
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Sat Mar 08, 2008 8:36 pm    Post subject: Reply with quote

Valid Names and serials...Razz I used the red bait.... hehehe
Crack it with:
0040???3 . /7? ?? J?? SHORT CrackMeV.0040???E


Code:

Wiccaan
0215187175175171171197145

Dark Byte
0187181215201115183229219189185

Labyrnth
0198176178224210202214190165

Cheat Engine
0200210204196234130204222208212222204245

Bill Gates
0188202208208120198186224194222205

AAAAAA
0166166166166166166125

BBBBBB
0168168168168168168125

CCCCCC
0170170170170170170125

??????
0162162162162162162125

!!!!!!
0102102102102102102125

111111
0134134134134134134125

222222
0136136136136136136125

_________________



Last edited by Labyrnth on Sat Mar 08, 2008 11:34 pm; edited 1 time in total
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Mar 08, 2008 9:54 pm    Post subject: Reply with quote

This is more of a keygen me then anything. After looking through this I can't say I found the anti-debug you put in it. There is no call to any debugging API, no checks for processes or window names, etc. So what ever it is it's not to prevent debugging apparently lol.

As for the serial to my name, Lab, the one you posted is wrong. My name and serial would be:

Name: Wiccaan
Serial: 0215187175175171171197145

You missed some numbers. Might be the same case for your others Wink

The key generation is here:

Code:
0040965F    8B0F            MOV ECX,DWORD PTR DS:[EDI]
00409661    57              PUSH EDI
00409662    FF91 08030000   CALL DWORD PTR DS:[ECX+308]
00409668    8D55 CC         LEA EDX,DWORD PTR SS:[EBP-34]
0040966B    50              PUSH EAX
0040966C    52              PUSH EDX
0040966D    FF15 3C104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
00409673    8BD8            MOV EBX,EAX
00409675    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
00409678    51              PUSH ECX
00409679    53              PUSH EBX
0040967A    8B03            MOV EAX,DWORD PTR DS:[EBX]
0040967C    FF90 A0000000   CALL DWORD PTR DS:[EAX+A0]
00409682    3BC6            CMP EAX,ESI
00409684    DBE2            FCLEX
00409686    7D 12           JGE SHORT CrackMeV.0040969A
00409688    68 A0000000     PUSH 0A0
0040968D    68 FC914000     PUSH CrackMeV.004091FC
00409692    53              PUSH EBX
00409693    50              PUSH EAX
00409694    FF15 30104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
0040969A    8B45 D4         MOV EAX,DWORD PTR SS:[EBP-2C]
0040969D    8D55 BC         LEA EDX,DWORD PTR SS:[EBP-44]
004096A0    8945 C4         MOV DWORD PTR SS:[EBP-3C],EAX
004096A3    8D45 AC         LEA EAX,DWORD PTR SS:[EBP-54]
004096A6    52              PUSH EDX
004096A7    50              PUSH EAX
004096A8    8975 D4         MOV DWORD PTR SS:[EBP-2C],ESI
004096AB    C745 BC 0800000>MOV DWORD PTR SS:[EBP-44],8
004096B2    FF15 5C104000   CALL DWORD PTR DS:[<&MSVBVM60.#528>]     ; MSVBVM60.rtcUpperCaseVar
004096B8    8D4D AC         LEA ECX,DWORD PTR SS:[EBP-54]
004096BB    51              PUSH ECX
004096BC    FF15 18104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
004096C2    8B1D B8104000   MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
004096C8    8BD0            MOV EDX,EAX
004096CA    8D4D D0         LEA ECX,DWORD PTR SS:[EBP-30]
004096CD    FFD3            CALL EBX                                 ; <&MSVBVM60.__vbaStrMove>
004096CF    8BD0            MOV EDX,EAX
004096D1    8D4F 3C         LEA ECX,DWORD PTR DS:[EDI+3C]
004096D4    FF15 98104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
004096DA    8D4D D0         LEA ECX,DWORD PTR SS:[EBP-30]
004096DD    FF15 CC104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004096E3    8D4D CC         LEA ECX,DWORD PTR SS:[EBP-34]
004096E6    FF15 D0104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
004096EC    8D55 AC         LEA EDX,DWORD PTR SS:[EBP-54]
004096EF    8D45 BC         LEA EAX,DWORD PTR SS:[EBP-44]
004096F2    52              PUSH EDX
004096F3    50              PUSH EAX
004096F4    6A 02           PUSH 2
004096F6    FF15 1C104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
004096FC    66:8B4F 34      MOV CX,WORD PTR DS:[EDI+34]
00409700    83C4 0C         ADD ESP,0C
00409703    66:6BC9 05      IMUL CX,CX,5
00409707    0F80 7D020000   JO CrackMeV.0040998A
0040970D    66:83C1 06      ADD CX,6
00409711    56              PUSH ESI
00409712    0F80 72020000   JO CrackMeV.0040998A
00409718    0FBFD1          MOVSX EDX,CX
0040971B    8957 38         MOV DWORD PTR DS:[EDI+38],EDX
0040971E    FF15 00104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrI2>; MSVBVM60.__vbaStrI2
00409724    8BD0            MOV EDX,EAX
00409726    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
00409729    FFD3            CALL EBX
0040972B    8BD0            MOV EDX,EAX
0040972D    8D4F 40         LEA ECX,DWORD PTR DS:[EDI+40]
00409730    FF15 98104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
00409736    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
00409739    FF15 CC104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
0040973F    66:8B57 34      MOV DX,WORD PTR DS:[EDI+34]
00409743    B8 02000000     MOV EAX,2
00409748    B9 01000000     MOV ECX,1
0040974D    8985 7CFFFFFF   MOV DWORD PTR SS:[EBP-84],EAX
00409753    8985 6CFFFFFF   MOV DWORD PTR SS:[EBP-94],EAX
00409759    8985 5CFFFFFF   MOV DWORD PTR SS:[EBP-A4],EAX
0040975F    894D 84         MOV DWORD PTR SS:[EBP-7C],ECX
00409762    898D 64FFFFFF   MOV DWORD PTR SS:[EBP-9C],ECX
00409768    8D85 7CFFFFFF   LEA EAX,DWORD PTR SS:[EBP-84]
0040976E    66:8995 74FFFFF>MOV WORD PTR SS:[EBP-8C],DX
00409775    8D8D 6CFFFFFF   LEA ECX,DWORD PTR SS:[EBP-94]
0040977B    50              PUSH EAX
0040977C    8D95 5CFFFFFF   LEA EDX,DWORD PTR SS:[EBP-A4]
00409782    51              PUSH ECX
00409783    8D85 20FFFFFF   LEA EAX,DWORD PTR SS:[EBP-E0]
00409789    52              PUSH EDX
0040978A    8D8D 30FFFFFF   LEA ECX,DWORD PTR SS:[EBP-D0]
00409790    50              PUSH EAX
00409791    8D55 DC         LEA EDX,DWORD PTR SS:[EBP-24]
00409794    51              PUSH ECX
00409795    52              PUSH EDX
00409796    FF15 38104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarFo>; MSVBVM60.__vbaVarForInit
0040979C    3BC6            CMP EAX,ESI
0040979E    0F84 BC000000   JE CrackMeV.00409860
004097A4    8D45 BC         LEA EAX,DWORD PTR SS:[EBP-44]
004097A7    8D4D DC         LEA ECX,DWORD PTR SS:[EBP-24]
004097AA    50              PUSH EAX
004097AB    51              PUSH ECX
004097AC    C745 C4 0100000>MOV DWORD PTR SS:[EBP-3C],1
004097B3    C745 BC 0200000>MOV DWORD PTR SS:[EBP-44],2
004097BA    FF15 AC104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaI4Var>; MSVBVM60.__vbaI4Var
004097C0    8B57 3C         MOV EDX,DWORD PTR DS:[EDI+3C]
004097C3    50              PUSH EAX
004097C4    52              PUSH EDX
004097C5    FF15 50104000   CALL DWORD PTR DS:[<&MSVBVM60.#631>]     ; MSVBVM60.rtcMidCharBstr
004097CB    8BD0            MOV EDX,EAX
004097CD    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
004097D0    FFD3            CALL EBX
004097D2    50              PUSH EAX
004097D3    FF15 24104000   CALL DWORD PTR DS:[<&MSVBVM60.#516>]     ; MSVBVM60.rtcAnsiValueBstr
004097D9    66:6BC0 02      IMUL AX,AX,2
004097DD    8B57 38         MOV EDX,DWORD PTR DS:[EDI+38]
004097E0    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
004097E3    0F80 A1010000   JO CrackMeV.0040998A
004097E9    0FBFF0          MOVSX ESI,AX
004097EC    03F2            ADD ESI,EDX
004097EE    0F80 96010000   JO CrackMeV.0040998A
004097F4    FF15 CC104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
004097FA    8D4D BC         LEA ECX,DWORD PTR SS:[EBP-44]
004097FD    FF15 10104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar
00409803    8B47 40         MOV EAX,DWORD PTR DS:[EDI+40]
00409806    50              PUSH EAX
00409807    56              PUSH ESI
00409808    FF15 0C104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrI4>; MSVBVM60.__vbaStrI4
0040980E    8BD0            MOV EDX,EAX
00409810    8D4D D4         LEA ECX,DWORD PTR SS:[EBP-2C]
00409813    FFD3            CALL EBX
00409815    50              PUSH EAX
00409816    FF15 2C104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCa>; MSVBVM60.__vbaStrCat
0040981C    8BD0            MOV EDX,EAX
0040981E    8D4D D0         LEA ECX,DWORD PTR SS:[EBP-30]
00409821    FFD3            CALL EBX
00409823    8BD0            MOV EDX,EAX
00409825    8D4F 40         LEA ECX,DWORD PTR DS:[EDI+40]
00409828    FF15 98104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
0040982E    8D4D D0         LEA ECX,DWORD PTR SS:[EBP-30]
00409831    8D55 D4         LEA EDX,DWORD PTR SS:[EBP-2C]
00409834    51              PUSH ECX
00409835    52              PUSH EDX
00409836    6A 02           PUSH 2
00409838    FF15 9C104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
0040983E    83C4 0C         ADD ESP,0C
00409841    8D85 20FFFFFF   LEA EAX,DWORD PTR SS:[EBP-E0]
00409847    8D8D 30FFFFFF   LEA ECX,DWORD PTR SS:[EBP-D0]
0040984D    8D55 DC         LEA EDX,DWORD PTR SS:[EBP-24]
00409850    50              PUSH EAX
00409851    51              PUSH ECX
00409852    52              PUSH EDX
00409853    FF15 C4104000   CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarFo>; MSVBVM60.__vbaVarForNext
00409859    33F6            XOR ESI,ESI
0040985B  ^ E9 3CFFFFFF     JMP CrackMeV.0040979C
00409860    8B07            MOV EAX,DWORD PTR DS:[EDI]
00409862    8D8D 48FFFFFF   LEA ECX,DWORD PTR SS:[EBP-B8]
00409868    51              PUSH ECX
00409869    57              PUSH EDI
0040986A    C785 48FFFFFF 0>MOV DWORD PTR SS:[EBP-B8],1
00409874    FF90 08070000   CALL DWORD PTR DS:[EAX+708]


The last call is the call to the check function to compare.

You can break here:

Code:
00409D31   .  FF15 60104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;  MSVBVM60.__vbaStrCmp


And figure out any name and serial.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Sat Mar 08, 2008 11:30 pm    Post subject: Reply with quote

Agh yes, im going to fix the ones i messed up on right now.
I didnt step one more time where it does *2 then 5.

_________________

Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Mar 08, 2008 11:34 pm    Post subject: Reply with quote

Ok so took the time to keygen this cause I wanted to attempt to finally keygen something. And, yay for me cause it turned out well >.> Anyway, spent like an hour or so working on this with tons of debugging and shit Mad

Works for everything that I've tossed at it. Smile

Keygen and source attached. Programmed in VB6 for the reason of me being lazy and not wanted to do it in C++

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
gunner54
Newbie cheater
Reputation: 0

Joined: 17 Mar 2006
Posts: 12

PostPosted: Mon Mar 10, 2008 11:47 am    Post subject: Reply with quote

Nice one Wiccan Wink virtualy matches my VB code.
Back to top
View user's profile Send private message
Sinok
Cheater
Reputation: 0

Joined: 21 Mar 2008
Posts: 34

PostPosted: Thu Apr 10, 2008 3:27 am    Post subject: Reply with quote

That was kinda easy..

SinokLoL
0212192202204196198204198165
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites