| View previous topic :: View next topic |
| Author |
Message |
coder sal
Master Cheater
 Reputation: 0
Joined: 11 May 2007
Posts: 304
|
 Posted: Thu May 22, 2008 7:58 pm Post subject: Fun CrackMe Version 1 |
 |
|
Assignments:
- Find the "good boy" message.
- Patch the crackme.
- Crack the CrackMe (get password, don't have to open, that's for next step)
- Patch the timer so it doesn't close the program and post a pic of you cracking it
- Find hidden messages that were made to confuse you
Difficulty: Medium (No Encryption, so easy medium lol oxymoron)
If all the steps of this crackme are done correctly and as I asked, I will make a second version with more fun, lolz. If not I will release the source to show the hidden secrets and everything, then I will move on and make the second version. Also if you like I will reward you once all assignments are done (You will see what the reward is later).
Download
Last edited by coder sal on Fri May 23, 2008 5:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Fri May 23, 2008 1:38 am Post subject: |
|
|
PW: first box + "wxcdrrrr SalllFun Crackme V1 by Coder Sal ©HackGym+EhaUltra-made with VB6~no timer"
Timer patch:
Change 004025D0 to retn
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri May 23, 2008 6:34 am Post subject: |
|
|
Timer Patch
Open prog in a hex editor, scan for FA (hex byte). FA is the timer interval which can be found via a VB decompiler.
| Code: | Begin VB.Timer Timer2
Interval = 250
Left = 0
Top = 360
End |
I use HxD, result of the byte is found here:
| Code: | 00001600 00 44 00 46 03 FF 01 1F 00 00 00 04 06 00 54 69
00001610 6D 65 72 32 00 0B 03 FA 00 00 00 07 00 00 00 00 |
Edit the FA byte to 00 to disable the timer. (Sets interval to 0 so it never ticks.)
Find The Goodboy Message
| Code: | | 00402323 . BA B41F4000 MOV EDX,Fun_Crac.00401FB4 ; UNICODE "Good job for solving this crackme!" |
When you input the correct password, you do not see this msg though. Instead, you see:
| Code: | | 004024D9 . C785 74FFFFFF>MOV DWORD PTR SS:[EBP-8C],Fun_Crac.00402>; UNICODE "!~~~!" |
Patch the Crackme
| Code: | | 004024B4 . /0F84 80000000 JE Fun_Crac.0040253A |
Patch the compare to not jump.
Crack the Crackme
Password is:
Text1.Text + "wxcdrrrr SalllFun Crackme V1 by Coder Sal ©HackGym+EhaUltra-made with VB6"
Hidden Messages
- wxcd
- rrrr
- Salll
- And the 'Good job for solving this crackme!'
_________________
- Retired. |
|
| Back to top |
|
|
coder sal
Master Cheater
Reputation: 0
Joined: 11 May 2007
Posts: 304
|
| Posted: Fri May 23, 2008 2:19 pm Post subject: |
|
|
@Wiccaan Wow nice you got everything except one hidden message! I guess I'll give it away.... The hidden message was the caption on label1 it was "Fail." making you think that's a bad boy message.
The reward is +rep! You deserve one 
Edit: By the way "Good job for solving this crackme!" was the fake good boy message to confuse you, "!~~~!" was the real good boy message.
---------
I made another thread for V2, I wanted to keep this thread, I didn't want to mix up the versions, they are completely different from each other, not like trainers, that's why I didn't edit the post to release V2. I hope you like Version 2!
|
|
| Back to top |
|
|
Danielb
Cheater
![]() Reputation: 0
Joined: 22 Jul 2007
Posts: 30
|
| Posted: Sat May 24, 2008 10:50 pm Post subject: |
|
|
Text strings referenced in Fun_Crac:.text, item 96
Address=00402323
Disassembly=MOV EDX,00401FB4
Text string=UNICODE "Good job for solving this crackme!"
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
