home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
tc3.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
3KB
|
93 lines
Terminal Cilla's
Tutorial#3
[Target Infos:]
[Name :] CrackMe 2
[Author:] Brad Soblesky
[Type :] Name - Serial
[Where :] http://crackmes.cjb.net
[Needed Tools:]
SoftIce
[Our Aim:]
Find a valid serial
-----------------------------------------------------------------------------
Hi Reader.
I'm sorry for all grammatical and orthographic errors.
Today we deal with "CrackMe2" by 'Brad Soblesky'.
At first of all study the Crackme.
We got two input-boxes and one check-button.
Let's enter a name and a dummy serial.
I used:
Name: Terminal Cilla
Code: 2244668800
Click the 'Check'-button and we get our assumed error-message.
("Incorrect!!, try again.")
Now it's time for us to play with SoftIce.
I assume that you already configured your SoftIce and
that you are basicly down with SI - otherwise stop reading
and take a "SoftIce4Newbies - Tutorial".
Still here?
OK;)
Fire up SoftIce and set a breakpoint on 'hmcpy' (<bpx hmemcpy>).
Return to our CrackMe with F5.
Hit the 'Check'-button and we get back to SI.
Hit F5 once again, since we got two input-boxes.
Disable the breakpoint with <bd 0>.
For now on press:
1 * F11
8 * F12
Now you should be in the code from our CrackMe.
Trace down with F10 and you will pass the checking
about our name-length (must be >5). In order to
get faster to our main-routine you can type
<g 00401627> or simply step until you come here:
:00401627 E852070000 Call 00401D7E -> here we should land
:0040162C 83C40C add esp, 0000000C
:0040162F 8D4DDC lea ecx, dword ptr [ebp-24]
:00401632 E879020000 call 004018B0
:00401637 50 push eax -> pushes the valid code
:00401638 8D4DE8 lea ecx, dword ptr [ebp-18]
:0040163B E880020000 call 004018C0
:00401640 85C0 test eax, eax
:00401642 0F85FF000000 jne 00401747 ->Jump to Error-message
if eax <>0.
Trace further until ':00401642'. On the way check the
'eax - register'. It will contain our valid serial.
At ':00401642' we check 'edx'(<d edx>) and 'ecx'(<d ecx>)
and we see our fake - serial in 'edx' and the valid serial
once again, but this time in 'ecx'.
In my case it's: 3610542334 .
Write down the needed serial and clear all breakpoints
using <bc *>.
Back to the CrackMe we enter our values and earn the
"Correct!!, way to go"-message.
Well, our job is done!
Thx4Readin'
-----------------------------------------------------------------------------
-=I'm still a newbie - So I can only get better!=-
(c) Terminal Cilla (april 1999)
________________________
| Be sure to visit: |
| http://crackmez.cjb.net|
| & |
| http://crackmes.cjb.net|
|________________________|