View previous topic :: View next topic |
Author |
Message |
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Sun Feb 10, 2008 4:46 am Post subject: easy crackme |
|
|
i didn't add any anti debugging thing.
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
Zand Master Cheater Reputation: 0
Joined: 21 Jul 2006 Posts: 424
|
Posted: Sun Feb 10, 2008 5:44 am Post subject: |
|
|
Code: | 5.1157,283,770,368Bytes
|
Hm.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Sun Feb 10, 2008 1:59 pm Post subject: |
|
|
Ok first thing this does is checks to see if your volume of the drive is the same as the hard coded one which 99.9% of the time for everyone it wont be. So you can patch that here:
Code: | 0040684A 50 PUSH EAX
0040684B 68 18364000 PUSH Copy_of_.00403618 ; UNICODE "1234129413"
00406850 FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
EAX contains your actual drive volume, so just patch the push of the hardcoded on to push EAX also:
Code: | 0040684A 50 PUSH EAX
0040684B 50 PUSH EAX
0040684C 90 NOP
0040684D 90 NOP
0040684E 90 NOP
0040684F 90 NOP
00406850 FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
This will bypass that check and load the form. You could also hook GetVolumeInformationA as that is what is being called. Which is being called here:
Code: | 004067A9 . 50 PUSH EAX
004067AA . E8 8DCBFFFF CALL Copy_of_.0040333C |
Next the password on the form. The annoying part with this one is that the program closes when you get the wrong password. Your drive information is pulled for the bytes it can hold and compared to the textbox here:
Code: | 004064BC . 50 PUSH EAX
004064BD . FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
Anyway the password looks to just be the capacity of your harddrive in bytes with 5.1 added to the front, and the word Bytes to the end without any spaces. So just open My Computer right click on your C:/ and write in:
5.1<total space (capacity)in bytes>Bytes
So for example my drive is currently:
Capacity: 60,003,381,248 bytes
So I would enter:
5.160,003,381,248Bytes
Then you get the congrats message.
_________________
- Retired. |
|
Back to top |
|
|
woodbine Grandmaster Cheater Reputation: 0
Joined: 28 Sep 2007 Posts: 899
|
Posted: Sun Feb 10, 2008 2:29 pm Post subject: |
|
|
Zand wrote: | Code: | 5.1157,283,770,368Bytes
|
Hm. |
Guess this Crackme is pretty big.
_________________
Funny Picture Of The Week:
|
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Mon Feb 11, 2008 1:05 am Post subject: |
|
|
Well the password must be
OS Version & Capacity.
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
xMurtaghx I post too much Reputation: 1
Joined: 13 Apr 2008 Posts: 3611 Location: Gayville, South Dakota, 57031, United States of America
|
Posted: Mon Apr 14, 2008 5:52 pm Post subject: |
|
|
that code is old im sure
_________________
Scania- Lvl 117 DK✔
WE WILL MISS GMS!
|
|
Back to top |
|
|
HolyBlah Master Cheater Reputation: 2
Joined: 24 Aug 2007 Posts: 446
|
Posted: Tue Apr 15, 2008 3:40 am Post subject: |
|
|
That topic is old, so stop bump it.
|
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Tue Apr 15, 2008 3:44 am Post subject: |
|
|
xMurtaghx wrote: | that code is old im sure |
hmm i was surprised when my topic was replied by another person newly..
so i tried to read and you said : strange crackme and this .. ---...
anyone can i rep- him??...
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Tue Apr 15, 2008 5:23 am Post subject: |
|
|
Wiccaan wrote: | Buggy wrote: | xMurtaghx wrote: | that code is old im sure |
hmm i was surprised when my topic was replied by another person newly..
so i tried to read and you said : strange crackme and this .. ---...
anyone can i rep- him??... |
Hes banned anyway for spamming, so just ignore him. |
ah-ha! Red card means banned, right?? and he spammed in a lot of section ... LOL
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Tue Apr 15, 2008 9:43 am Post subject: |
|
|
Yeah, the red box under someones name/avatar means they are banned.
_________________
- Retired. |
|
Back to top |
|
|
|