home *** CD-ROM | disk | FTP | other *** search
/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / E_bliss / phox_crackme3.txt < prev    next >
Text File  |  2000-05-25  |  5KB  |  82 lines
  1. Phox Crackme 3
  2. --------------
  3.  
  4. This one wasn't so hard either,
  5. First off start the crackme and enter a junk serial, i entered '11223344'
  6. and set a breakpoint on MessageBoxA , press the OK button and you'll land
  7. here:
  8.  
  9. :0040122E  E852000000          CALL    USER32!MessageBoxA
  10. :00401233  33C0                XOR     EAX,EAX
  11. :00401235  5E                  POP     ESI
  12. :00401236  5F                  POP     EDI
  13. :00401237  5B                  POP     EBX
  14. :00401238  C9                  LEAVE
  15. :00401239  C21000              RET     0010
  16.  
  17. scroll up a bit and you'll see
  18.  
  19. :0040118B  837D1020            CMP     DWORD PTR [EBP+10],20        ; checks if the 'OK' button is pressed
  20. :0040118F  0F859E000000        JNZ     00401233                     ; jump if not
  21. :00401195  56                  PUSH    ESI
  22. :00401196  6898204000          PUSH    00402098
  23. :0040119B  FF354C204000        PUSH    DWORD PTR [0040204C]
  24. :004011A1  E8C7000000          CALL    USER32!GetWindowTextA        ; get our entered serial
  25. :004011A6  BB98204000          MOV     EBX,00402098                 ; EBX = our entered serial
  26. :004011AB  FF354C204000        PUSH    DWORD PTR [0040204C]
  27. :004011B1  E8C3000000          CALL    USER32!GetWindowTextLengthA  ; get the length of our entered serial
  28. :004011B6  8BF0                MOV     ESI,EAX                      ; ESI = length of our serial
  29. :004011B8  83FE12              CMP     ESI,12                       ; compare ESI with 12h (18)
  30. :004011BB  755F                JNZ     0040121C                     ; jump length isn't 18 chars
  31. :004011BD  803B46              CMP     BYTE PTR [EBX],46            ; checks if the first char we entered is an 'F'
  32. :004011C0  755A                JNZ     0040121C                     ; jump if not
  33. :004011C2  807B0169            CMP     BYTE PTR [EBX+01],69         ; second char 'i'
  34. :004011C6  7554                JNZ     0040121C                     ; jump if not
  35. :004011C8  807B0372            CMP     BYTE PTR [EBX+03],72         ; fourth char 'r'
  36. :004011CC  754E                JNZ     0040121C                     ; jump if not
  37. :004011CE  807B0465            CMP     BYTE PTR [EBX+04],65         ; fifth char 'e'
  38. :004011D2  7548                JNZ     0040121C                     ; jump if not
  39. :004011D4  807B0657            CMP     BYTE PTR [EBX+06],57         ; seventh char 'W'
  40. :004011D8  7542                JNZ     0040121C                     ; jump if not
  41. :004011DA  807B076F            CMP     BYTE PTR [EBX+07],6F         ; eigth char 'o'
  42. :004011DE  753C                JNZ     0040121C                     ; jump if not
  43. :004011E0  807B0872            CMP     BYTE PTR [EBX+08],72         ; nineth char 'r'
  44. :004011E4  7536                JNZ     0040121C                     ; jump if not
  45. :004011E6  807B0A78            CMP     BYTE PTR [EBX+0A],78         ; eleventh char 'x'
  46. :004011EA  7530                JNZ     0040121C                     ; jump if not
  47. :004011EC  807B0C53            CMP     BYTE PTR [EBX+0C],53         ; thirteenth char 'S'
  48. :004011F0  752A                JNZ     0040121C                     ; jump if not
  49. :004011F2  807B0D75            CMP     BYTE PTR [EBX+0D],75         ; fourteenth char 'u'
  50. :004011F6  7524                JNZ     0040121C                     ; jump if not
  51. :004011F8  807B1078            CMP     BYTE PTR [EBX+10],78         ; sixteenth char 'x'
  52. :004011FC  751E                JNZ     0040121C                     ; jump if not
  53. :004011FE  6A30                PUSH    30
  54. :00401200  687F204000          PUSH    0040207F
  55. :00401205  688B204000          PUSH    0040208B
  56. :0040120A  FF3548204000        PUSH    DWORD PTR [00402048]
  57. :00401210  E870000000          CALL    USER32!MessageBoxA           ; good cracker msg box
  58. :00401215  5E                  POP     ESI
  59. :00401216  5F                  POP     EDI
  60. :00401217  5B                  POP     EBX
  61. :00401218  C9                  LEAVE
  62. :00401219  C21000              RET     0010
  63. :0040121C  6A30                PUSH    30
  64. :0040121E  68C0204000          PUSH    004020C0
  65. :00401223  68D1204000          PUSH    004020D1
  66. :00401228  FF3548204000        PUSH    DWORD PTR [00402048]
  67. :0040122E  E852000000          CALL    USER32!MessageBoxA           ; bad cracker msg box
  68. :00401233  33C0                XOR     EAX,EAX
  69. :00401235  5E                  POP     ESI
  70. :00401236  5F                  POP     EDI
  71. :00401237  5B                  POP     EBX
  72. :00401238  C9                  LEAVE
  73. :00401239  C21000              RET     0010
  74.  
  75. ok, so now we know that it checks for
  76.  
  77. Fi*re*Wor*x*Su**x*
  78.  
  79. where the '*'s can be which char you like..
  80.  
  81. ---
  82. /Klefz