| View previous topic :: View next topic |
| Author |
Message |
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
 Posted: Tue May 03, 2016 3:29 pm Post subject: Crackme behaviour |
 |
|
Hello,
By trying to crack/register a dozen of programs, I've noticed that their behaviour differs :
First, I tried to set breakpoints on getDlgItemText and such (or searched for referenced strings), and then followed the code that gets executed when you click "register" with random registration details till I found a serie of checks (compares) and conditional jumps where the program jumps to the part that displays "Invalid serial" (jump taken), or to "registration successful" (it never gets there with wrong registration details), I patched the jump, and tried registering again, and here, noticed that :
1- All the programs show the "registration successful" message.
2- Some of them became correctly registered, even when I click "about", it shows "Registered to Redouane"
3- Some of them became correctly registered, but still kept displaying "Unregistered trial version" in the about window, no features were disabled.
4- Some of them weren't at all registered, I still had the "register option", and the extra features were still disabled.
(?) I want to understand how the 3/4 things work, is there any common practice that software developers use to do that?
(?) Also, are there any tips on how to understand the assembly code that checks if the key is valid or not? It's most of the time very difficult to keep track of things when you find many function calls, jumps, and various operations.
(?) What if I have a valid username + serial key, will it make it easier to understand the key generation code?
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue May 03, 2016 3:46 pm Post subject: |
|
|
Go through Lena151's tutorials.
Targets are like chess games, pretty much always different. Some may perform multiple checks while others may not. Sometimes, additional work may be required to 'clean up' your work. If additional flags aren't being set properly, your software may work, but still say unregistered. Sometimes, it's just a matter of changing the text to whatever you want. Having the serial key may help, but if you don't understanding what you're seeing in assembly, or know where various checks are being performed and/or how to find them, then that additional help may be useless to you.
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Tue May 03, 2016 5:53 pm Post subject: |
|
|
| ++METHOS wrote: | Go through Lena151's tutorials.
Targets are like chess games, pretty much always different. Some may perform multiple checks while others may not. Sometimes, additional work may be required to 'clean up' your work. If additional flags aren't being set properly, your software may work, but still say unregistered. Sometimes, it's just a matter of changing the text to whatever you want. Having the serial key may help, but if you don't understanding what you're seeing in assembly, or know where various checks are being performed and/or how to find them, then that additional help may be useless to you. |
Thanks, I'll try them.
you mean these? : https://tuts4you.com/download.php?list.17
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue May 03, 2016 6:36 pm Post subject: |
|
|
| Yep.
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed May 04, 2016 7:41 am Post subject: |
|
|
| I read that article a few years back. Although the point is obvious, and a matter of semantics more than anything else, I think the suggestion to disregard the Lena tutorials is wrong. Even as an RE purist, there are still things that can be learned. Most people just want to be able to crack programs at the end of the day. I don't think there are many people that can offer any legitimate justification for discrediting the Lena tutorials. I've yet to see any better over the years for cracking software.
|
|
| Back to top |
|
|
Redouane
Master Cheater
![]() Reputation: 3
Joined: 05 Sep 2013
Posts: 363
Location: Algeria
|
| Posted: Wed May 04, 2016 4:24 pm Post subject: |
|
|
| STN wrote: | http://reversewithme.blogspot.com/2012/10/why-lena151-tutorials-wont-teach-you.html
Lena is ANEL  |
Didn't knew that it was possible to give back a C file that when compiled, matches a given binary bit by bit (lol)
I've already solved some crackmes on tuts4you and root-me.org, some were more difficult than others, but I've never tried Lena151's tutorials, I'll try them.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Wed May 04, 2016 8:39 pm Post subject: |
|
|
I wouldn't say her tutorials are bad or not good for beginners. They are just not relevant to today's applications and protections. For the things made during the time of those tutorials, they were well suited. Protections at that time were basically UPX and PECompact. The most 'advanced' thing was SecuROM and even then at that time, bypassing it was as easy as resetting the debug port of the process. They had a valid place in the RE timeline, but yes, now they are a bit stale.
To me, people are just judging them in a bad way, comparing them to what we have today in terms of protections. It'd be better if they recommended something else vs. just saying they are horrible / shit. Let the tutorials have their place in the RE timeline of when they were fully relevant. There is no reason to make them seem like a waste of effort.
_________________
- Retired. |
|
| Back to top |
|
|
zm0d
Master Cheater
 Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Tue May 24, 2016 5:32 am Post subject: |
|
|
| atom0s wrote: | | Let the tutorials have their place in the RE timeline |
So, do you know a better RE tutorial for todays challenges? Prefered in combination with IDA.
|
|
| Back to top |
|
|
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Tue May 24, 2016 11:37 am Post subject: |
|
|
| zm0d wrote: | | atom0s wrote: | | Let the tutorials have their place in the RE timeline |
So, do you know a better RE tutorial for todays challenges? Prefered in combination with IDA. |
Here's a good article I found somewhere around the website linked above.
http://beginners.re/RE4B-EN.pdf
_________________
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Wed May 25, 2016 11:39 am Post subject: |
|
|
| zm0d wrote: | | atom0s wrote: | | Let the tutorials have their place in the RE timeline |
So, do you know a better RE tutorial for todays challenges? Prefered in combination with IDA. |
What people should do is look for tutorials on how to use the tools themselves and not reversing tutorials in general. Learning how to use IDA / OllyDbg / etc. properly is must more beneficial than just looking up 'How To Unpack Themida v1.2.3.4' tutorials that teach you little and do nothing to teach you how to use the tools.
Getting to understand how things like IDA work is much better to learn so you can get the logical sense of how to use the tool on your own on any target. Focusing on 1 protector is not going to help you learn anything about the tools.
I can't really reference anything "good" in terms of this since I already know how to use the tools so I don't look up tutorials for them. But any type of video or book that specifically focuses on the tool and not a target is what I would recommend. There are various books that cover IDA specifically.
_________________
- Retired. |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Wed May 25, 2016 12:10 pm Post subject: |
|
|
| atom0s wrote: | | zm0d wrote: | | atom0s wrote: | | Let the tutorials have their place in the RE timeline |
So, do you know a better RE tutorial for todays challenges? Prefered in combination with IDA. |
What people should do is look for tutorials on how to use the tools themselves and not reversing tutorials in general. Learning how to use IDA / OllyDbg / etc. properly is must more beneficial than just looking up 'How To Unpack Themida v1.2.3.4' tutorials that teach you little and do nothing to teach you how to use the tools.
Getting to understand how things like IDA work is much better to learn so you can get the logical sense of how to use the tool on your own on any target. Focusing on 1 protector is not going to help you learn anything about the tools.
I can't really reference anything "good" in terms of this since I already know how to use the tools so I don't look up tutorials for them. But any type of video or book that specifically focuses on the tool and not a target is what I would recommend. There are various books that cover IDA specifically. |
The tools are important, sure, but I think it's much better to learn about the architecture you are working with first. There's not really much IDA can do if you can't understand what's happening at the lowest level of your machine, how specific instructions behave and/or the calling methods.
_________________
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed May 25, 2016 1:26 pm Post subject: |
|
|
| Whether you place importance on the tools, the language or anything else, like most things, it's really a matter of being able to understand the why and not just the how. And although a lot of the tutorials out there do not primarily focus on those things, they do cover those things to a point that you can hopefully start to understand them over time, with experience.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Wed May 25, 2016 2:00 pm Post subject: |
|
|
| mgostIH wrote: | | atom0s wrote: | | zm0d wrote: | | atom0s wrote: | | Let the tutorials have their place in the RE timeline |
So, do you know a better RE tutorial for todays challenges? Prefered in combination with IDA. |
What people should do is look for tutorials on how to use the tools themselves and not reversing tutorials in general. Learning how to use IDA / OllyDbg / etc. properly is must more beneficial than just looking up 'How To Unpack Themida v1.2.3.4' tutorials that teach you little and do nothing to teach you how to use the tools.
Getting to understand how things like IDA work is much better to learn so you can get the logical sense of how to use the tool on your own on any target. Focusing on 1 protector is not going to help you learn anything about the tools.
I can't really reference anything "good" in terms of this since I already know how to use the tools so I don't look up tutorials for them. But any type of video or book that specifically focuses on the tool and not a target is what I would recommend. There are various books that cover IDA specifically. |
The tools are important, sure, but I think it's much better to learn about the architecture you are working with first. There's not really much IDA can do if you can't understand what's happening at the lowest level of your machine, how specific instructions behave and/or the calling methods. |
Architecture wasn't the point of this discussion.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
