Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Crackme (pack)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
joonas905
Advanced Cheater
Reputation: 0

Joined: 02 Jan 2008
Posts: 62

PostPosted: Wed Jan 30, 2008 5:35 am    Post subject: Crackme (pack) Reply with quote

Just serial fish all app in pack.
I can tell you that it's easy Smile
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Wed Jan 30, 2008 9:26 am    Post subject: Reply with quote

Quote:
A-Squared
Found nothing
AntiVir
Found HEUR/Crypted
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found Trojan-Downloader.Win32.Banload.F
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found MalwareScope.Trojan-Spy.BZub.2



The crackme imports wsock32 for what ever reason. Sorry but I don't trust these.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 955
Location: Why do you care?

PostPosted: Wed Jan 30, 2008 6:47 pm    Post subject: Reply with quote

Especially coming from a user with 4 posts.

Usually, I'm not one to judge a person by their post count, but this is a little strange.

_________________
Wiccaan wrote:

Oh jeez, watchout I'm a bias person! Locked.


Auto Assembly Tuts:
In Depth Tutorial on AA
Extended
Back to top
View user's profile Send private message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Sat Feb 02, 2008 1:51 am    Post subject: Reply with quote

[quote="Wiccaan"]
Quote:



The crackme imports wsock32 for what ever reason. Sorry but I don't trust these.





What should I do when I open this before Crying or Very sad Crying or Very sad ?/

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Feb 02, 2008 12:28 pm    Post subject: Reply with quote

[quote="Buggy"]
Wiccaan wrote:
Quote:



The crackme imports wsock32 for what ever reason. Sorry but I don't trust these.





What should I do when I open this before Crying or Very sad Crying or Very sad ?/


I can't say for sure if the file is infected or not, or if it connects to the internet as part of the crackme like some have done in previous things. I just simply don't trust this coming from someone with no reputation on the forums. (No not the rep +/- crap, I mean a serious rep like knowing how the person is, what they do, etc.)

Along with that, 4 posts and posting something like this is a bit suspicious.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Sun Feb 03, 2008 6:40 am    Post subject: Reply with quote

lol, crackme invoking ws2?
LOL. from all the viruses i saw, this one is the cheapest.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Sun Feb 03, 2008 9:27 am    Post subject: Reply with quote

well i tried to know where it connects but V3IS07 couldn't catch it .... Crying or Very sad
and i want to know what he protected with.

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sun Feb 03, 2008 12:05 pm    Post subject: Reply with quote

Based on some external signatures for PEiD, I came up with:
UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser * Sing.By.hot_UNP *

Although with some others it came up with 2.93 (EXE_LZMA) so I used an automatic unpacker (VMUnpacker ftw >.>)

Afterward:
Microsoft Visual C++ 6.0

And nice to see after being unpacked, the main exe for the crackme has a resource section named PHP whch is what I'd assume is being used for the winsock connections inside this section is:

- BAMBALAM_GETINI.PHP
- BAMBALAM_INIT.PHP
- CRACK-ME.php
- EXTENSIONS
- MAIN
- PHP_WINBINDER.DLL
- WB_GENERIC.INC.PHP
- WB_RESOURCE.INC.PHP
- WB_WINDOWS.INC.PHP
- WINBINDER.PHP

The PHP files are encrypted/encoded so posting them would be useless. They use mmcache_load or Turck MMCache for PHP. Attached the files below if you want to look at them.

Since after actually looking into the crack-me I would say it probably isn't doing anything other then extracting those resources somewhere and using winsock to load them. I still can't say for sure that its safe cause I'm not opening it but yea, thats what I got from above.

The other files don't show up as anything in PEiD and VMUnpacker but they are very very easy to manually unpack (they are a modded version of UPX it looks like.) Anyway, at the start of loading one in Olly hit F8 once, and notice ESP changes, then you should know what to do for the rest. Dump the debugged proc when you get the OEP and check them again. They are written in Delphi.

Fishme1.exe is based on your computers hardware ID.

For my computer the serial is:
45565554060584

When entered the text changes to: Yes. You have entered a correct serial!
And the button greys out and says "Registered!"



Anyway, I did a little digging into this one and figured out how the key is generated for what your serial is compared to, it's based on the user name of the system thats currently logged in. So I dug some more to see how it's computed and figured out you split each character of the string then add the current position to it, then reverse the string back and forth for each character.

I made a quick VB program to pull this and do the same thing:



Code:
Option Explicit

'##################################################################################################################################################
'#
'# Get Environment Variable Function
'#
'#     Obtains system environment variable value.
'#
'##################################################################################################################################################
Private Declare Function GetEnvironmentVariable Lib "kernel32" Alias "GetEnvironmentVariableA" (ByVal lpName As String, ByVal lpBuffer As String, ByVal nSize As Long) As Long

Private Function GetEnvVar(sName As String) As String
    GetEnvVar = String(255, 0)
    GetEnvironmentVariable sName, GetEnvVar, Len(GetEnvVar)
    If InStr(1, GetEnvVar, Chr$(0)) > 0 Then GetEnvVar = Left$(GetEnvVar, InStr(1, GetEnvVar, Chr$(0)) - 1)
End Function
'##################################################################################################################################################


'##################################################################################################################################################
'#
'# Generate Key Code Function
'#
'#    Generates the user key code based on their current
'#    user name that is logged into the syste.
'#
'##################################################################################################################################################
Public Function GenerateKeyCode(strName As String) As String
    Dim strKey      As String
    Dim x           As Long
    For x = 0 To Len(strName) - 1
        strKey = StrReverse(strKey) & Asc(Mid(strName, x + 1, 1)) + (x + 1)
    Next x
    GenerateKeyCode = StrReverse(strKey)
End Function
'##################################################################################################################################################


Private Sub Form_Load()

    '//
    '// Obtain Current Username
    '//
    Dim strUserName As String
    strUserName = GetEnvVar("USERNAME")
    Text1.Text = strUserName
   
    '//
    '// Get KeyCode To Compare Username To
    '//
    Dim strKeyCode As String
    strKeyCode = GenerateKeyCode(strUserName)
    Text2.Text = strKeyCode

End Sub


Dug some more cause I was going to try to keygen it but yea.. I saw a ton of float instructions for the method of the actual serial generation from the key and just said fuck that >.>

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
joonas905
Advanced Cheater
Reputation: 0

Joined: 02 Jan 2008
Posts: 62

PostPosted: Thu Feb 14, 2008 1:17 pm    Post subject: Reply with quote

Yeah, all those Crack/Fish-mes were UPXed which makes some antivir progs suspicious, but I promise that there is no virus/trojan or nothing like that.
Oh, one crackme connects to internet just because that way you can directly receive it's source code Smile and the program is really written in PHP (PEiD thinks it's Visual C++ 6.0). Smile

I understand if you don't trust me,
but that's OK, cause I'm still new in here Smile
Back to top
View user's profile Send private message
The Test
How do I cheat?
Reputation: 0

Joined: 01 Mar 2008
Posts: 3
Location: Australia

PostPosted: Sun Mar 02, 2008 12:53 am    Post subject: Reply with quote

So what exactly can I do with it?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites