View previous topic :: View next topic |
Author |
Message |
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Thu Apr 10, 2008 2:23 pm Post subject: My crackme :) |
|
|
It has 3 stages, when you're done post a solution and a keygen.
Enjoy =)
Last edited by Sinok on Fri Apr 11, 2008 7:39 am; edited 1 time in total |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Thu Apr 10, 2008 7:28 pm Post subject: |
|
|
413050 is the main loop of the program. Every other call in the first sets of calls is a OllyDbg check, nop them out. (Using a custom olly so my window name isn't Ollydbg so it will never be found that way since you are only using FindWindow.)
This call is to the information on the crackme, nop it to remove the intro screen.
Code: | 00413073 E8 B4E0FFFF CALL Crackme.0041112C |
These calls are to the nag screens, nop to remove.
Code: | 0041307D E8 A4E1FFFF CALL Crackme.00411226 |
Code: | 004130A5 E8 7CE1FFFF CALL Crackme.00411226 |
After those nops it will just run the username/serial part. Will edit this post if/when I get the key part.
Edit: Step one
Username: Wiccaan
Serial: 1545364807
Break here to look at the compare:
Code: | 00412875 390D 94B14100 CMP DWORD PTR DS:[41B194],ECX |
DWORD PTR DS:[41B194] holds the real serial, ecx holds the inputted serial converted to hex. (I'm too lazy to make a keygen lol.)
Edit: Step 2
Some method as above, break here and look at the compare:
Code: | 00412FB7 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8] |
Number 1 is used to create number 2. My tested number:
Number 1: 25
Number 2: 212330
Edit: Attached patched exe that byasses the nags and such.
_________________
- Retired. |
|
Back to top |
|
|
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Fri Apr 11, 2008 7:38 am Post subject: |
|
|
You didn't find anything peculiar?
o.o
I uploaded the wrong version
Anyways, fixed now, try again, and this time try to keygen it and gimme some feedback too
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Fri Apr 11, 2008 9:15 pm Post subject: |
|
|
Sinok wrote: | You didn't find anything peculiar?
o.o
I uploaded the wrong version
Anyways, fixed now, try again, and this time try to keygen it and gimme some feedback too |
Peculiar? How so? I did what it told me to lol.
As for keygenning, I'm not much of a keygenner, but more of a patcher / bypasser :s I'll take a look at this one to find a single key again though.
Looks the same as before, but now the steps are different. Anyway, entrypoint callblock is setup the same way.
Calls in the block that call 4111B3 like below check for Olly, nop out to remove the checks.
Code: | 0041306E E8 40E1FFFF CALL Crackme.004111B3 |
Calls in the block that call 411226 like below are the nag screens, nop out to remove them.
Code: | 0041307D E8 A4E1FFFF CALL Crackme.00411226 |
Continuing, like before the compares and jumps in each check kinda ruin the 'security' in this.
Part 1 (Numerical password): 113470
Part 2 (Number 1 + Number 2): 25, 283103
Part 3 (Username + Serial): Wiccaan, 1545364807
Result: Good job Now write a keygen, then submit a solution.
Again, I'm not a keygenner :s
_________________
- Retired. |
|
Back to top |
|
|
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Fri Apr 11, 2008 11:14 pm Post subject: |
|
|
It's not much of a challenge getting the passwords, keygenning them is more intresting.
Anyways, good job =)
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Sat Apr 12, 2008 11:06 am Post subject: |
|
|
Well, you have to know how to get the serial so you can find the routine that creates the key.
I see some post a gen me that really isnt a genme if it has a single key and doesnt generate keys. Basically those are crackme or reverseme.
Because to gen something you rip the routine out and add it to your application so it returns a valid serial each time your app is run.
_________________
|
|
Back to top |
|
|
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Sun Apr 13, 2008 5:10 am Post subject: |
|
|
There's 2 parts that you can keygen, the first part is always the same password..
|
|
Back to top |
|
|
|