View previous topic :: View next topic |
Author |
Message |
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Sat Jan 05, 2008 10:18 pm Post subject: Upgraded VB6 Crackme :) |
|
|
it'll be more difficult than previous version (actually previous version was really easy....... )
And good work
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8521 Location: 127.0.0.1
|
Posted: Sun Jan 06, 2008 12:24 am Post subject: |
|
|
Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.
Password: ID10Tcracker
This one was a little more tricky, but, again not too hard.
_________________
- Retired. |
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Sun Jan 06, 2008 12:27 am Post subject: |
|
|
Wiccaan wrote: | Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.
Password: ID10Tcracker
This one was a little more tricky, but, again not too hard. |
You changed BeingDebugged value to 0 to bypass IsDebuggerPresent ??
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
Cx Master Cheater Reputation: 0
Joined: 27 Jul 2007 Posts: 367
|
Posted: Sun Jan 06, 2008 10:17 am Post subject: |
|
|
Buggy wrote: | Wiccaan wrote: | Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.
Password: ID10Tcracker
This one was a little more tricky, but, again not too hard. |
You changed BeingDebugged value to 0 to bypass IsDebuggerPresent ?? |
...
There's like a million things you could have done.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Sun Jan 06, 2008 11:27 am Post subject: |
|
|
uhh
anti anti plugins?
and lol wtf no vbastrcmp =(
harder then the first 1. indeed.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8521 Location: 127.0.0.1
|
Posted: Sun Jan 06, 2008 3:47 pm Post subject: |
|
|
x0r wrote: | Cx wrote: | There's like a million things you could have done. |
1. Change PEB.BeingDebugged to 0
2. Hook IsDebuggerPresent
Close to a million! |
Open 2 is what I did. Well, what my Olly plugin did lol..
haha01haha01 wrote: | and lol wtf no vbastrcmp =(
harder then the first 1. indeed. |
Do a little more research on what VB uses to compare variables other then strcmp. There are a few. The one in this case was __vbaVarTstEq.
If you look just before this call you will see a million strcat calls as well, making me assume he did something that either is a loop to mid a certain string, or just did
Code: | Dim blah as String
blah = "I" + "D" + "1" + "0" + "T" + "c" + "r" + "a" + "c" + "k" + "e" + "r" |
_________________
- Retired. |
|
Back to top |
|
|
coder sal Master Cheater Reputation: 0
Joined: 11 May 2007 Posts: 304
|
Posted: Mon Feb 04, 2008 6:56 pm Post subject: |
|
|
Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested.
|
|
Back to top |
|
|
Cx Master Cheater Reputation: 0
Joined: 27 Jul 2007 Posts: 367
|
Posted: Mon Feb 04, 2008 8:17 pm Post subject: |
|
|
x0r wrote: | Cx wrote: | There's like a million things you could have done. |
1. Change PEB.BeingDebugged to 0
2. Hook IsDebuggerPresent
Close to a million! |
Of course a million is an exaggeration.
Those are the two logical things, but there are plenty more.
NOP out the check, change the return value check (so that it will continue if PEB.BeingDebugged is 1), use an anti-IsDebuggerPresent Olly plugin...............
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8521 Location: 127.0.0.1
|
Posted: Tue Feb 05, 2008 12:18 am Post subject: |
|
|
Code: | mov eax, dword ptr fs:[0x18]
mov eax, dword ptr ds:[eax+0x30]
mov byte ptr ds:[eax+0x2], 0x0 |
_________________
- Retired. |
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Tue Feb 05, 2008 8:32 am Post subject: |
|
|
coder sal wrote: | Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested. |
cracking this is the same as i told u, but instead breakpointing __vbaStrCmp u should BP __vbaStrCheckEq or something like that.
oh, and u need to bypass isdbg. (which is way easier then cracking the software itself)
|
|
Back to top |
|
|
Flyte Peanuts!!!! Reputation: 6
Joined: 19 Apr 2006 Posts: 1887 Location: Canada
|
Posted: Tue Feb 05, 2008 5:29 pm Post subject: |
|
|
Wiccaan wrote: | Code: | mov eax, dword ptr fs:[0x18]
mov eax, dword ptr ds:[eax+0x30]
mov byte ptr ds:[eax+0x2], 0x0 |
|
Code: | mov eax, [FS:30h]
mov byte [eax+2], 0 |
|
|
Back to top |
|
|
coder sal Master Cheater Reputation: 0
Joined: 11 May 2007 Posts: 304
|
Posted: Tue Feb 05, 2008 6:35 pm Post subject: |
|
|
haha01haha01 wrote: | coder sal wrote: | Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested. |
cracking this is the same as i told u, but instead breakpointing __vbaStrCmp u should BP __vbaStrCheckEq or something like that.
oh, and u need to bypass isdbg. (which is way easier then cracking the software itself) |
Forget it I asked for a video because its confusing. The VBASTRCMP thing I tried and didn't work same for the new one. I do it wrong, explain to me for 5 hours I won't get it, I need to see someone actually doing it. If you can make a tiny video and just upload it to tinypic. If you can't then whatever, thanks for helping anyway. DON'T TRY to explain it to me with words, I just feel stupider every time.
|
|
Back to top |
|
|
|