Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Let's crack crackme with Crackme3 (by CoSH)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Sun Feb 24, 2008 5:13 am    Post subject: Let's crack crackme with Crackme3 (by CoSH) Reply with quote

*I don't know who made exactly this but i think it is CoSH's crackme.*

Crackme 3 - http://buggy.ufree.kr/crackme3.exe

I felt fun when i solved it.
I think the maker of this crackme wanted to teach us about XOR Encryption.
well let's learn about XOR Encryption.
If there is a string , KOREA, how can we encrypt this to 1?

Like this :
xor K,1 -(1)
xor O,1 -(2)
xor R,1 -(3)
xor E,1 -(4)
xor A,1 -(5)

let's try (1)
First, you have to get ascii codes.
when we look at ascii codes, K is 4B in hexadecimal. and change it to binary-coded demical. then it will be 1001011. and we have to xor this.
so let's try!
1001011
xor 0000001 (in xor, when it will be one when one of two, but it will be 0 when two of two.)
---------
1001010 <----it will be like this. when we change in hexademical it will be 4A. when we find 4A in ascii codes, then it will be J, isn't it? then this string will be encrypted string, "K".
When we try to A then it will encrypted like JNQD@.
We have to decrypt it because we encrypted it.
so we can do like this : Xor JNQD@ with 1.
i think you have inkling, 1 will be a value of KEY. KEY needs when we encrypted and decrypt. Finally let's try decrypt.
xor J,1
xor N,1
xor Q,1
xor D,1
xor @,1
J will be 4A in hexademical when we find in ascii codes. and when we change to binary-coded demical it will be 1001010.
and let's xor it.
1001010
xor 0000001
--------
1001011 <----------when we change it to hexademical it will be 4B and when we find in ascii codes it will be K.
When we do it to @, it will be KOREA again. This was an algorithm of XOR Encryption.
I runned(?) or ran? OllyDbg to solve a crackme.
and you can find code like this
and i put my 2nd nickname "plus" and you have to put your name.

Code:

0040156B  |. E8 28030000    CALL <JMP.&MFC42.#858>   <----I set break point here
00401570  |. 33C0           XOR EAX,EAX --|
00401572  |. 33DB           XOR EBX,EBX   |  initialize to use registers
00401574  |. 33C9           XOR ECX,ECX --|
00401576     B9 01000000    MOV ECX,1   <---------- what will be this? think.
0040157B  |. 33D2           XOR EDX,EDX --exactly initializing
0040157D  |. 8B45 E4        MOV EAX,DWORD PTR SS:[EBP-1C] <--- This will save name in EAX.and Buggy will save in EAX.
00401580  |> 8A18           /MOV BL,BYTE PTR DS:[EAX]  <----- IT commands "save eax in hexademical in BL.
00401582  |. 32D9           |XOR BL,CL <------------ THIS will encrypt and cl will be key.
00401584  |. 8818           |MOV BYTE PTR DS:[EAX],BL <--------- save encrypted string in EAX.
00401586  |. 41             |INC ECX   <--------------- Point: increase key,ecx.
00401587  |. 40             |INC EAX   <--------------- it increases to get name.
00401588  |. 8038 00        |CMP BYTE PTR DS:[EAX],0    it checks encryption status.
0040158B  |.^75 F3          \JNZ SHORT crackme3.00401580 when it didn't finish it will encrypt again


let's see down, you know you've saw that.
but this part is decryption part.
it decrypts encrypted string.
it is really same as encryption except for MOV ECX,0A.

Code:
0040158D  |. 33C0           XOR EAX,EAX
0040158F  |. 33DB           XOR EBX,EBX
00401591  |. 33C9           XOR ECX,ECX
00401593  |. B9 0A000000    MOV ECX,0A
00401598  |. 33D2           XOR EDX,EDX
0040159A  |. 8B45 F0        MOV EAX,DWORD PTR SS:[EBP-10]
0040159D  |> 8A18           /MOV BL,BYTE PTR DS:[EAX]
0040159F  |. 32D9           |XOR BL,CL
004015A1  |. 8818           |MOV BYTE PTR DS:[EAX],BL
004015A3  |. 41             |INC ECX
004015A4  |. 40             |INC EAX
004015A5  |. 8038 00        |CMP BYTE PTR DS:[EAX],0
004015A8  |.^75 F3          \JNZ SHORT crackme3.0040159D

This crackme adds encryption keys with name of chars. and plus will 4. and it increases from 1.
and exactly the serial number's encryption key will increases with serial number's chars. it increases from 0A.

and you can get serial of plus like this :
change hexademical plus and xor p to 1, l to 2 , u to 3, s to 4 and change hexademical to alphabets
you have to change hexdemical XORed plus and xor XORed p to 0A, XORed l to 0B, XORed u to 0C, XORed s to 0D and change XORed string hexademical to alphabets

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites