| View previous topic :: View next topic |
| Author |
Message |
Buggy
Advanced Cheater
 Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
 Posted: Sun Feb 10, 2008 4:46 am Post subject: easy crackme |
 |
|
i didn't add any anti debugging thing.
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
 |
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Sun Feb 10, 2008 5:44 am Post subject: |
|
|
| Code: | 5.1157,283,770,368Bytes
|
Hm. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Feb 10, 2008 1:59 pm Post subject: |
|
|
Ok first thing this does is checks to see if your volume of the drive is the same as the hard coded one which 99.9% of the time for everyone it wont be. So you can patch that here:
| Code: | 0040684A 50 PUSH EAX
0040684B 68 18364000 PUSH Copy_of_.00403618 ; UNICODE "1234129413"
00406850 FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
EAX contains your actual drive volume, so just patch the push of the hardcoded on to push EAX also:
| Code: | 0040684A 50 PUSH EAX
0040684B 50 PUSH EAX
0040684C 90 NOP
0040684D 90 NOP
0040684E 90 NOP
0040684F 90 NOP
00406850 FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
This will bypass that check and load the form. You could also hook GetVolumeInformationA as that is what is being called. Which is being called here:
| Code: | 004067A9 . 50 PUSH EAX
004067AA . E8 8DCBFFFF CALL Copy_of_.0040333C |
Next the password on the form. The annoying part with this one is that the program closes when you get the wrong password. Your drive information is pulled for the bytes it can hold and compared to the textbox here:
| Code: | 004064BC . 50 PUSH EAX
004064BD . FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp |
Anyway the password looks to just be the capacity of your harddrive in bytes with 5.1 added to the front, and the word Bytes to the end without any spaces. So just open My Computer right click on your C:/ and write in:
5.1<total space (capacity)in bytes>Bytes
So for example my drive is currently:
Capacity: 60,003,381,248 bytes
So I would enter:
5.160,003,381,248Bytes
Then you get the congrats message.
_________________
- Retired. |
|
| Back to top |
|
|
woodbine
Grandmaster Cheater
 Reputation: 0
Joined: 28 Sep 2007
Posts: 899
|
| Posted: Sun Feb 10, 2008 2:29 pm Post subject: |
|
|
| Zand wrote: | | Code: | 5.1157,283,770,368Bytes
|
Hm. |
Guess this Crackme is pretty big.
_________________
Funny Picture Of The Week:
 |
|
| Back to top |
|
|
Buggy
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
| Posted: Mon Feb 11, 2008 1:05 am Post subject: |
|
|
Well the password must be
OS Version & Capacity.
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
|
xMurtaghx
I post too much
 Reputation: 1
Joined: 13 Apr 2008
Posts: 3611
Location: Gayville, South Dakota, 57031, United States of America
|
| Posted: Mon Apr 14, 2008 5:52 pm Post subject: |
|
|
that code is old im sure
_________________
Scania- Lvl 117 DK✔
WE WILL MISS GMS!
 |
|
| Back to top |
|
|
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Tue Apr 15, 2008 3:40 am Post subject: |
|
|
| That topic is old, so stop bump it. |
|
| Back to top |
|
|
Buggy
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
| Posted: Tue Apr 15, 2008 3:44 am Post subject: |
|
|
| xMurtaghx wrote: | | that code is old im sure |
hmm i was surprised when my topic was replied by another person newly..
so i tried to read and you said : strange crackme and this .. ---...
anyone can i rep- him??...
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
Buggy
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
| Posted: Tue Apr 15, 2008 5:23 am Post subject: |
|
|
| Wiccaan wrote: | | Buggy wrote: | | xMurtaghx wrote: | | that code is old im sure |
hmm i was surprised when my topic was replied by another person newly..
so i tried to read and you said : strange crackme and this .. ---...
anyone can i rep- him??... |
Hes banned anyway for spamming, so just ignore him.  |
ah-ha! Red card means banned, right?? and he spammed in a lot of section ... LOL
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Apr 15, 2008 9:43 am Post subject: |
|
|
Yeah, the red box under someones name/avatar means they are banned.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
