Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Simple Crackme

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%

PostPosted: Thu Jul 31, 2008 2:34 am    Post subject: Reply with quote

Break on __vbaStrCmp for the serials; patch: 0x00403416 - NOP it
Back to top
View user's profile Send private message
athiwatc
Advanced Cheater
Reputation: 0

Joined: 22 Sep 2007
Posts: 58

PostPosted: Thu Jul 31, 2008 4:06 am    Post subject: Reply with quote

This is very easy.

I change 00403467 To JPE SHORT 0040341E that's it ^ ^ have a nice day
Back to top
View user's profile Send private message
&Vage
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Jul 2008
Posts: 1053

PostPosted: Thu Jul 31, 2008 11:01 am    Post subject: Reply with quote

I might be wrong, I know nothing at cracking Rolling Eyes

This is not a crackme, it's a keygen

Routine:
Code:

004032D0   > 55             PUSH EBP
004032D1   . 8BEC           MOV EBP,ESP
004032D3   . 83EC 0C        SUB ESP,0C
004032D6   . 68 56114000    PUSH <JMP.&MSVBVM60.__vbaExceptHandler>  ;  SE handler installation
004032DB   . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
004032E1   . 50             PUSH EAX
004032E2   . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
004032E9   . 81EC BC000000  SUB ESP,0BC
004032EF   . 53             PUSH EBX
004032F0   . 56             PUSH ESI
004032F1   . 57             PUSH EDI
004032F2   . 8965 F4        MOV DWORD PTR SS:[EBP-C],ESP
004032F5   . C745 F8 081140>MOV DWORD PTR SS:[EBP-8],Crack_me.004011>
004032FC   . 33DB           XOR EBX,EBX
004032FE   . 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
00403301   . 8B7D 08        MOV EDI,DWORD PTR SS:[EBP+8]
00403304   . 57             PUSH EDI
00403305   . 8B07           MOV EAX,DWORD PTR DS:[EDI]
00403307   . FF50 04        CALL DWORD PTR DS:[EAX+4]
0040330A   . 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
0040330D   . 57             PUSH EDI
0040330E   . 895D DC        MOV DWORD PTR SS:[EBP-24],EBX
00403311   . 895D D8        MOV DWORD PTR SS:[EBP-28],EBX
00403314   . 8919           MOV DWORD PTR DS:[ECX],EBX
00403316   . 8B17           MOV EDX,DWORD PTR DS:[EDI]
00403318   . 895D D4        MOV DWORD PTR SS:[EBP-2C],EBX
0040331B   . 895D D0        MOV DWORD PTR SS:[EBP-30],EBX
0040331E   . 895D CC        MOV DWORD PTR SS:[EBP-34],EBX
00403321   . 895D BC        MOV DWORD PTR SS:[EBP-44],EBX
00403324   . 895D AC        MOV DWORD PTR SS:[EBP-54],EBX
00403327   . 895D 9C        MOV DWORD PTR SS:[EBP-64],EBX
0040332A   . 895D 8C        MOV DWORD PTR SS:[EBP-74],EBX
0040332D   . 899D 7CFFFFFF  MOV DWORD PTR SS:[EBP-84],EBX
00403333   . FF92 1C030000  CALL DWORD PTR DS:[EDX+31C]
00403339   . 50             PUSH EAX
0040333A   . 8D45 D0        LEA EAX,DWORD PTR SS:[EBP-30]
0040333D   . 50             PUSH EAX
0040333E   . FF15 44104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;  MSVBVM60.__vbaObjSet
00403344   . 8BF0           MOV ESI,EAX
00403346   . 8D55 D8        LEA EDX,DWORD PTR SS:[EBP-28]
00403349   . 52             PUSH EDX
0040334A   . 56             PUSH ESI
0040334B   . 8B0E           MOV ECX,DWORD PTR DS:[ESI]
0040334D   . FF91 A0000000  CALL DWORD PTR DS:[ECX+A0]
00403353   . 3BC3           CMP EAX,EBX
00403355   . DBE2           FCLEX
00403357   . 7D 12          JGE SHORT Crack_me.0040336B
00403359   . 68 A0000000    PUSH 0A0
0040335E   . 68 0C1B4000    PUSH Crack_me.00401B0C
00403363   . 56             PUSH ESI
00403364   . 50             PUSH EAX
00403365   . FF15 30104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
0040336B   > 8B07           MOV EAX,DWORD PTR DS:[EDI]
0040336D   . 57             PUSH EDI
0040336E   . FF90 20030000  CALL DWORD PTR DS:[EAX+320]
00403374   . 8D4D CC        LEA ECX,DWORD PTR SS:[EBP-34]
00403377   . 50             PUSH EAX
00403378   . 51             PUSH ECX
00403379   . FF15 44104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;  MSVBVM60.__vbaObjSet
0040337F   . 8BF0           MOV ESI,EAX
00403381   . 8D45 D4        LEA EAX,DWORD PTR SS:[EBP-2C]
00403384   . 50             PUSH EAX
00403385   . 56             PUSH ESI
00403386   . 8B16           MOV EDX,DWORD PTR DS:[ESI]
00403388   . FF92 A0000000  CALL DWORD PTR DS:[EDX+A0]
0040338E   . 3BC3           CMP EAX,EBX
00403390   . DBE2           FCLEX
00403392   . 7D 12          JGE SHORT Crack_me.004033A6
00403394   . 68 A0000000    PUSH 0A0
00403399   . 68 0C1B4000    PUSH Crack_me.00401B0C
0040339E   . 56             PUSH ESI
0040339F   . 50             PUSH EAX
004033A0   . FF15 30104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
004033A6   > 8B4D D4        MOV ECX,DWORD PTR SS:[EBP-2C]
004033A9   . 8B57 38        MOV EDX,DWORD PTR DS:[EDI+38]
004033AC   . 51             PUSH ECX
004033AD   . 52             PUSH EDX


This checks the textbox1
Code:

004033AE   . FF15 68104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;  MSVBVM60.__vbaStrCmp
004033B4   . 8B4F 34        MOV ECX,DWORD PTR DS:[EDI+34]
004033B7   . 8BF0           MOV ESI,EAX
004033B9   . 8B45 D8        MOV EAX,DWORD PTR SS:[EBP-28]
004033BC   . F7DE           NEG ESI
004033BE   . 1BF6           SBB ESI,ESI
004033C0   . 50             PUSH EAX
004033C1   . 46             INC ESI
004033C2   . 51             PUSH ECX
004033C3   . F7DE           NEG ESI


This checks the textbox2
Code:

004033C5   . FF15 68104000  CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;  MSVBVM60.__vbaStrCmp
004033CB   . F7D8           NEG EAX
004033CD   . 1BC0           SBB EAX,EAX
004033CF   . 8D55 D4        LEA EDX,DWORD PTR SS:[EBP-2C]
004033D2   . 40             INC EAX
004033D3   . 52             PUSH EDX
004033D4   . F7D8           NEG EAX
004033D6   . 23F0           AND ESI,EAX
004033D8   . 8D45 D8        LEA EAX,DWORD PTR SS:[EBP-28]
004033DB   . 50             PUSH EAX
004033DC   . 6A 02          PUSH 2


This checks the value of whatever you did in the last checking routine

Code:

00403401   . 66:3BF3        CMP SI,BX


Basically I'm not good with 16 byte registers.... I can tell you that
Code:

004033B4   . 8B4F 34        MOV ECX,DWORD PTR DS:[EDI+34]
004033B7   . 8BF0           MOV ESI,EAX
004033B9   . 8B45 D8        MOV EAX,DWORD PTR SS:[EBP-28]
004033BC   . F7DE           NEG ESI
004033BE   . 1BF6           SBB ESI,ESI
004033C0   . 50             PUSH EAX
004033C1   . 46             INC ESI
004033C2   . 51             PUSH ECX
004033C3   . F7DE           NEG ESI

This part intrigues me. This sets the value for the register SI. Register BX must be 0 O_O...

Anyways....
John Doe
59kp6 66io
Back to top
View user's profile Send private message
sponge
I'm a spammer
Reputation: 1

Joined: 07 Nov 2006
Posts: 6009

PostPosted: Thu Jul 31, 2008 11:49 am    Post subject: Reply with quote

It's key phishing.
_________________
Back to top
View user's profile Send private message
athiwatc
Advanced Cheater
Reputation: 0

Joined: 22 Sep 2007
Posts: 58

PostPosted: Thu Jul 31, 2008 11:40 pm    Post subject: Reply with quote

Lol he did not ask for patch

You know no one is going to sit there an hour and start decrypting your code??

Its very long and its always change so there will be no text serial and you need to make a keygen which I will not ^ ^(In the real world in this case patch will work best!!! Guess So Am Still A NOOB)
Back to top
View user's profile Send private message
athiwatc
Advanced Cheater
Reputation: 0

Joined: 22 Sep 2007
Posts: 58

PostPosted: Fri Aug 01, 2008 12:13 am    Post subject: Reply with quote

You also a noob ^ ^
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Fri Aug 01, 2008 3:19 am    Post subject: Reply with quote

well, that was easy.

just breakpoint 004033B7 and you'll find the first part of your serial in ECX and the second in EDX.

vbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpadfadfaafd
Back to top
View user's profile Send private message
rapion124
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Mar 2007
Posts: 1095

PostPosted: Fri Aug 08, 2008 7:43 am    Post subject: Reply with quote

In the real world, keygens > patches. What if the program does an integrity check on itself? The modified byte(s) would be detectable.
Back to top
View user's profile Send private message
lolOkayBailolOkayBailolOk
Master Cheater
Reputation: 1

Joined: 23 Jun 2007
Posts: 307

PostPosted: Fri Aug 08, 2008 1:49 pm    Post subject: Reply with quote

slovach wrote:
well, that was easy.

just breakpoint 004033B7 and you'll find the first part of your serial in ECX and the second in EDX.

vbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpadfadfaafd


Uhh sorry but I am a noob in crackme ollying, how did you get to the address 004033B7 in conclusion that ECX and EDX would hold the values?
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Fri Aug 08, 2008 1:57 pm    Post subject: Reply with quote

ColdBlade wrote:
slovach wrote:
well, that was easy.

just breakpoint 004033B7 and you'll find the first part of your serial in ECX and the second in EDX.

vbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpvbastrcmpadfadfaafd


Uhh sorry but I am a noob in crackme ollying, how did you get to the address 004033B7 in conclusion that ECX and EDX would hold the values?


just breakpoint vbastrcmp and follow it.
Back to top
View user's profile Send private message
Overload
Master Cheater
Reputation: 0

Joined: 08 Feb 2008
Posts: 293

PostPosted: Sat Aug 09, 2008 2:20 pm    Post subject: Reply with quote

Name: Overload
Serial 1: 182fs
Serial 2: 455pw6


Piece of cake.

_________________
Blog

Quote:
Rhys says:
you can be my maid
Rhys says:
ill buy you a french maid outfit
Tyler says:
Sounds good
Rhys says:
ill hold you to that
Back to top
View user's profile Send private message MSN Messenger
iBot
Cheater
Reputation: 0

Joined: 12 Sep 2007
Posts: 42

PostPosted: Sun Aug 24, 2008 7:10 pm    Post subject: Reply with quote

Ill try it
Back to top
View user's profile Send private message
zeroc0de
Cheater
Reputation: 0

Joined: 31 Aug 2008
Posts: 32

PostPosted: Tue Sep 02, 2008 8:00 pm    Post subject: Reply with quote

rapion124 wrote:
In the real world, keygens > patches. What if the program does an integrity check on itself? The modified byte(s) would be detectable.


Then you just patch the integrity check.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites