" Quequero´s Crackme "


This tutorial is coming from...
ReFleXZ '99
Url: Http://ReFleXZ99.cjb.net
Email: ReFleXZ@fcmail.com

 
 
About the essay...
Written by:
DnNuke

Date:18th June 1999
Program name: Querquero´s CrackMe
Program type: ASM
Program location: Here
Program filename: N/A
Program size: 11KB

Tools required:
SoftIce v3.**

Difficult level:
Easy (  )  Medium (   )  Hard (    )  Pro (    )
 


 
 
Introduction...
"The Mask" is a crackme coded entirely in assembly and it's very easy, 
the program wants a serial, a key file and then...a surprise, you must 
discover the secret ;)) !!!!!!
Good work cracker!!!!!

   RULEZZZZZ!!!!

Patching is absolutely NOT ALLOWED and you needen't to disassemble. The file 
is also packed with a stupid exe-packer only for prevent disassembling  ;)
I'll publish the first GOOD solution of this crackme on my site in english in
tool's section and in italian in the UIC's section (Italian University of Crackers)
good luck!!!!
Quequero


 
 
About the protection...
As We Red, 
A Serial, Keyfile, And A Suprise?
Type Of Color On Essay 
-->White. Never Had It Before =)

 
The Essay...
Ok cRACKERS, Hope Your Up For Some XOR:ing...!

First Goto The CrackMe, 
Enter:
1133557799 
Open Sice "bpx hmemcpy"
Press "Check"

Sice Breaks. 
Press F11 Once, And Then F12 7 Times
Then Do A F10 
See The 
Cmp EAX, 0C
Well That´s The Cmp Of Our Password Lenght.
? 0C = 12
Cool 12 Chars It Is..
Let´s Keep On Going..
Untill
****:004013A6   CALL...
Go In That Call.  Why? Because It´s The Last Call B4 The Error Message.

In The Call You´ll See See A Check Routine.
XOR   ECX, ECX
MOV  AL, [YOUR PASS] first the 1:st char, then the 2:nd.....
MOV  DL, [A LINE FROM THE PROGAM]
XOR  AL, DL   --  XOR´S THE DU..!
CMP AL, [A NOTHER LINE FROM THE CRACKME]
JNZ .....

So What You Do Here Is This..

At Mov Dl,....
Do A (D ecx+004022FB)
You See The u?..... Stuff.?
Well It´s XOR:ed With Out Serial! You Can See The Codes On The Left Side.. 

At CMP AL,...

Do (D ecx+004022EF)
Now You See What The Results Of The XOR Has To Be...
So Let´s Reverse It aLL...!
 

Hope You Wrote The Codes Down..

20 76 C8 1E B4 90 C3 7D AD 2C CA 72
-------------------------------------------  xor
75 3F 8B  41 D2 FF B118  DB 49  B8 52
 

Now You Do It Somewhere... I Did It And I Did Not Write Down The Numbers.. But The Code Is:  UIC......   Nah, I Wont Ruin "THE FUN" Of The CrackMe.. =)

Ok After The Right Password Is Pressed It Says "Still Unregistered"  WHAT?!?!?!?
Oh It Must Be The KeyFile He Talked About..
Ok Let´s Use Filemon. 4 It..
 

Ah See a mask.key?  
I Do..!!
Create One..
Now In Sice Do BPX MessageBoxA!
F11
You Get "GOOD CRACKER!!"  HeH I Know!
Then Back In Sice..
Trace A Bit Down To.
****:0040144E

XOR ECX, ECX  = ECX -0
MOV ESI...
MOV EDI...
MOV AL, ECX+00402252 XOR#1 B.S. TO AL
MOV AH, [YOUR PASS]  PASS TO AH
MOV DL, ECX+EDI    XOR#2 B.S. TO DL
XOR AH, DL
CMP AH, DL

Well Let´s Do The Same Thing Here...
At MOV AL, ECX....
Do (D ecx+00402252)
Then You See The Codes..  [To the Left]

At MOV DL, ECX+EDI
Do (D ecx+edi)
Second Codes.
Let´s Reverse Them!!!

65 A4 B5 89 12 58 9F FF FB ED 55 21 A8 7B CE E5 18 97 45 3A 12 37 77 EE 58
---------------------------------------------------------------------------------------   XOR
3F 3F D7 ED 67 34 F3 9E 97 72 61 0F 86 55 AC 9C 38 C6 30 5F 63 42 12 9C 73

How I Know The Leangth Of This??
Well At ****: 00401471 CMP ECX, 19
Do ? 19
And You Get 25!

Now Were Done!!!
Let´s Check UIC....
"Good Cracker!!!"  heh I Still Know That =)
But What??


"Still Unregistered"
OH NO!!!!
 

Ok Be Patient Nuke.. Don´t blow Up Any-Thing.!
- I Have To Take A Walk... BRB.
 
 

Ah I´m Back.! That Was Nice..
Ok Let´s Fuck It Up !!!
So This Is The Suprise Then Hu!!

Let´s try Filemon Again And See What He Tells Us.

Oh Do You See A "mask.exe"
Hah The CrackMe Is Called "The Mask.exe"
That Means 2:nd KeyFile..

Ok Let´s Do It Fast..
At ****: 004012C0 You See

MOV  AL, ECX+0040227F
MOV  AH, [YER PASS]
MOV  DL, ECX+EDI
XOR  AH, AL
CMP  AH, DL
JNZ
...

I Hope I Don´t Have To Tell Ya What To Do Here...
But AnyWay Remember This..
1# The mask.exe Will Only Work Once! You Have To Restart The Crackme So That It Can Pass A JNZ..
2# A Nother Complicated Thing!! Damn You Quequero.! =)
In The ;Mask.exe There Has To Be "Wait Let Me Count.." 177 spaces Or SomeThing Between The Start Of The File And The PassWord..
Try, And If It Ain´t  177 You Can See At The  MOV AH, [YER PASS] That The "G" Starts Where It Should...

If You Got Stuck Somewhere Plz Mail Me...

Hope You´ve Learned Something From This Tutor..  I Know I Did.. - Never Do XOR CrackMes Again!!

Bye For Now 
// DnNuke'99 [ReFleXZ]   And Soon My Page Will Be Up =) Lotsa Cool GFX!! Come And See.!   DnNuke.cjb.net


 
 
Final Notes...
:...;HALL OF FRIENDS;....:
Bjanes - DONT GIVE UP MAN, WE NEED YA!!!
MiZ  ---- One Of The BEST Friend I´ve Got On The Net.

Other People I Like =)     P.S I´m Not Gay!

VisionZ, R!SC, NOOS, Hac, AB4DS, Acid Burn, Cyber Blade, Klefz, Carpathia, Yoshi, DiABLO, Night_Mastah,  Volatilit,  T4D, Jeff   mmmmmm BEER,.....
---> 4 Being So Good Friends To Me.

The Sandman, tkC, Eternal Bliss, TORN@DO  ----> For Their Cracking Tuts... 

                                       ....And All Otherz Fellow Crackers That Knows We....

And Don´t Forget To Visit Me At #ReFleXZ99, #Cracking4Newbies On Efnet

 
 
Disclaimer...
This tutorial is written for EDUCATIONAL purposes only.
So if you want to use the program after its trial period ends please BUY IT!
Support shareware (and its authors), this is our learning tool!

ReFleXZ is not responsible for any damage caused with this essay or any of its parts.
So everything what you're doing and 'experimenting' is on your own responsibile!

Also, in this tutorial you'll not find any serial numbers, so try to search
elsewhere under Cracks and Warez.

Copyright © 1999-2000 By ReFleXZ '99
All Rights Reserved