CrackMe® Practices for Newbies ~ Moderated

Re: Re: Re: Re: Re: Simple solution
Wednesday, 03-Feb-99 16:39:12
    206.248.47.46 writes:

    Hi Joseph

    OK. 10h , 11h Right we are talking about the same thing.
    I agree and disagree with you and here are why.

    Since the program checks for a zero-generated key something will need to be in that byte otherwise we will need to alter 4010AB

    I am bypassing the routine not in the sense that I jump over it
    When I NOP 401207 I cause eax = 1 therefore pass the comparison.
    Therefore regardless of what key is generated elsewhere at the second pass at call 401116 and the call at 4011C1, it will not be used, because whether the CMP at 401205 is good or not it will not jump. So the key is not used.
    Whether it generates a serial or not it will pass, therefore the routine becomes invalid and equal to not being used (therefore bypassed)
    I went over your analysis as you mentioned, I had briefly run through it but not read it before.
    We are actually doing the same thing (Step7)
    You added another 16 bytes and put your name in hex at location 402072
    When you push that location at 4010CC you are pushing your unencrypted name into the "cracked by" box (I know it does not push directly but it amounts to that.) So any manipulation of the key generated name above is useless as you do not use it .

    Ps Your analysis is somewhat difficult to follow in places
    Ex: in step 7 after the .dat file listing

    Change 00401038 from 30 to 40 (should be 00401037)
    Change location 004010CD from 4B to 72 (should be 004010CC)

    But aside from that, Great job

    Regards
    Princess


    Princess


Message thread:

Princess's Tread (Princess) (29-Jan-99 15:08:40)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.