home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
phox_crackme3.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
5KB
|
82 lines
Phox Crackme 3
--------------
This one wasn't so hard either,
First off start the crackme and enter a junk serial, i entered '11223344'
and set a breakpoint on MessageBoxA , press the OK button and you'll land
here:
:0040122E E852000000 CALL USER32!MessageBoxA
:00401233 33C0 XOR EAX,EAX
:00401235 5E POP ESI
:00401236 5F POP EDI
:00401237 5B POP EBX
:00401238 C9 LEAVE
:00401239 C21000 RET 0010
scroll up a bit and you'll see
:0040118B 837D1020 CMP DWORD PTR [EBP+10],20 ; checks if the 'OK' button is pressed
:0040118F 0F859E000000 JNZ 00401233 ; jump if not
:00401195 56 PUSH ESI
:00401196 6898204000 PUSH 00402098
:0040119B FF354C204000 PUSH DWORD PTR [0040204C]
:004011A1 E8C7000000 CALL USER32!GetWindowTextA ; get our entered serial
:004011A6 BB98204000 MOV EBX,00402098 ; EBX = our entered serial
:004011AB FF354C204000 PUSH DWORD PTR [0040204C]
:004011B1 E8C3000000 CALL USER32!GetWindowTextLengthA ; get the length of our entered serial
:004011B6 8BF0 MOV ESI,EAX ; ESI = length of our serial
:004011B8 83FE12 CMP ESI,12 ; compare ESI with 12h (18)
:004011BB 755F JNZ 0040121C ; jump length isn't 18 chars
:004011BD 803B46 CMP BYTE PTR [EBX],46 ; checks if the first char we entered is an 'F'
:004011C0 755A JNZ 0040121C ; jump if not
:004011C2 807B0169 CMP BYTE PTR [EBX+01],69 ; second char 'i'
:004011C6 7554 JNZ 0040121C ; jump if not
:004011C8 807B0372 CMP BYTE PTR [EBX+03],72 ; fourth char 'r'
:004011CC 754E JNZ 0040121C ; jump if not
:004011CE 807B0465 CMP BYTE PTR [EBX+04],65 ; fifth char 'e'
:004011D2 7548 JNZ 0040121C ; jump if not
:004011D4 807B0657 CMP BYTE PTR [EBX+06],57 ; seventh char 'W'
:004011D8 7542 JNZ 0040121C ; jump if not
:004011DA 807B076F CMP BYTE PTR [EBX+07],6F ; eigth char 'o'
:004011DE 753C JNZ 0040121C ; jump if not
:004011E0 807B0872 CMP BYTE PTR [EBX+08],72 ; nineth char 'r'
:004011E4 7536 JNZ 0040121C ; jump if not
:004011E6 807B0A78 CMP BYTE PTR [EBX+0A],78 ; eleventh char 'x'
:004011EA 7530 JNZ 0040121C ; jump if not
:004011EC 807B0C53 CMP BYTE PTR [EBX+0C],53 ; thirteenth char 'S'
:004011F0 752A JNZ 0040121C ; jump if not
:004011F2 807B0D75 CMP BYTE PTR [EBX+0D],75 ; fourteenth char 'u'
:004011F6 7524 JNZ 0040121C ; jump if not
:004011F8 807B1078 CMP BYTE PTR [EBX+10],78 ; sixteenth char 'x'
:004011FC 751E JNZ 0040121C ; jump if not
:004011FE 6A30 PUSH 30
:00401200 687F204000 PUSH 0040207F
:00401205 688B204000 PUSH 0040208B
:0040120A FF3548204000 PUSH DWORD PTR [00402048]
:00401210 E870000000 CALL USER32!MessageBoxA ; good cracker msg box
:00401215 5E POP ESI
:00401216 5F POP EDI
:00401217 5B POP EBX
:00401218 C9 LEAVE
:00401219 C21000 RET 0010
:0040121C 6A30 PUSH 30
:0040121E 68C0204000 PUSH 004020C0
:00401223 68D1204000 PUSH 004020D1
:00401228 FF3548204000 PUSH DWORD PTR [00402048]
:0040122E E852000000 CALL USER32!MessageBoxA ; bad cracker msg box
:00401233 33C0 XOR EAX,EAX
:00401235 5E POP ESI
:00401236 5F POP EDI
:00401237 5B POP EBX
:00401238 C9 LEAVE
:00401239 C21000 RET 0010
ok, so now we know that it checks for
Fi*re*Wor*x*Su**x*
where the '*'s can be which char you like..
---
/Klefz