Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / E_bliss / crackme4a_tut.txt < prev next >

Wrap

Text File | 2000-05-25 | 5KB | 81 lines

Solution for crackme4a made by n0p3x found at http://crackmes.cjb.net cracked by Wizzkid (this is not WhizKid !) Needed: SoftIce W32Dasm Hiew Notepad to view this txt file Brain power Well, this is my first tut I give out to everybody.. I only made some small ones for friends around :) Ok, so this crackme wants me to insert the correct cd... hmm... So, start the crackme and pass the nag so you get in that screen where you can press "re-test CD" Now we need a good breakpoint in SoftIce to break on .. since I don't really wanna use W32dasm I just try some out and start with a simple one like GetDriveTypeA. So, goto softice and type "bpx GetDriveTypeA" and exit again. Now press on "Re-Test CD" and plop, your in SoftIce ! let the fun begin :) So, now you see this: (I copy'd this out of the Disassembled file and removed much you won't see in SoftIce) * Reference To: KERNEL32.GetDriveTypeA, Ord:0000h <-- our break, where we start | :00401087 E884040000 Call 00401510 <\ :0040108C 8BC8 mov ecx, eax | :0040108E BBAE3E0F00 mov ebx, 000F3EAE | :00401093 90 nop | don't need this :00401094 40 inc eax | code :00401095 42 inc edx | :00401096 47 inc edi | :00401097 90 nop | :00401098 48 dec eax | :00401099 4A dec edx | :0040109A 4F dec edi | :0040109B 90 nop </ :0040109C 3BD9 cmp ebx, ecx <--- hmm.. a compare, that's something we need :) :0040109E 7525 jne 004010C5 <--- Jump If Equal ... stop here and type: :004010A0 6800100000 push 00001000 "d 00402098" now you will see in the mem :004010A5 6898204000 push 00402098 dump above in SoftIce the good msg when you :004010AA 6874204000 push 00402074 do insert the good cd. :004010AF 6A00 push 00000000 now still stay at the JNE and type: * Reference To: USER32.MessageBoxA, Ord:0000h "d 004020F3" now you see the msg if you did :004010B1 E86C040000 Call 00401522 not insert the correct cd ! :004010B6 68A2204000 push 004020A2 :004010BB 6A65 push 00000065 :004010BD 56 push esi * Reference To: USER32.SetDlgItemTextA, Ord:0000h :004010BE E859040000 Call 0040151C :004010C3 EB23 jmp 004010E8 :0040109E(C) :004010C5 6800100000 push 00001000 :004010CA 68F3204000 push 004020F3 :004010CF 68B6204000 push 004020B6 :004010D4 6A00 push 00000000 * Reference To: USER32.MessageBoxA, Ord:0000h Ok, so we know where the good msg is and where the bad msg is, now let's take a look again at the JNE. :0040109E 7525 jne 004010C5 As we could allready gues it will jump to :004010C5 6800100000 push 00001000 and this is the start of the bad msg ! Now press F10 again in SoftIce so you take the jump.. or not. As you see you take it, now go back and do it over again. When your on the JNE type in SoftIce type: "d eip=004010A0" This command will jump to 004010A0.. same if the cd is insert. Now press X to let it roll and you will see the good msg on your screen ! So now all we have to do is changing :0040109E 7525 jne 004010C5 9090 90 stands for NOP = No Operation. So now the jne ain't even there ! so it will always goto the good msg :) I hope I learned you guys something good with this and would like thank the whole of group DarkStar and as special: [darkie], Koronis, Blink_, Posic, Anderoid, all the guys in #cracking4newbies and Eternal Bliss for his great website at crackmes.cjb.net and R!SC for his great help to me and for being a good friend and his kick ass scripting programm to make loaders :))) And everybody else I forgot atm :P If you ever need me for anything you can mail me at Wizz.kid@cyberdude.com or contact me on Efnet in #DarkStar