CrackMe® Practices for Newbies ~ Moderated

Princess's Tread
Friday, 29-Jan-99 15:08:40
    206.248.47.42 writes:

    PC-cRACK Me #4 þ cODE bY THE_q


    The program has no entry box. What it requires is a reg file called crkme4.dat and I suspect when it has that with the required information the program will be accessible.

    Start out with checking for the file needed.
    We cannot use filemon because as soon as we open up crackme4 it closes filemon therefore we can use Win-eXpose-IO which will give us the file it is looking for namely crackme4.dat

    It will also tell us it is looking for 48 bytes.

    Open softice and bpx readfile, Ctrl-D, then open our program Softice pops at the first screen which is not important. F5 several times to get to the second screen and then F11 once to get to our program.
    Here is where we arrive

    * Reference To: KERNEL32.ReadFile, Ord:0000h
    |
    :00401044 E892080000 Call 004018DB
    :00401049 FF3533204000 push dword ptr [00402033]

    * Reference To: KERNEL32.CloseHandle, Ord:0000h
    |
    :0040104F E8A5080000 Call 004018F9
    :00401054 833D3720400030 cmp dword ptr [00402037], 00000030 < == length of characters in crackme4.dat file
    :0040105B B800000000 mov eax, 00000000
    :00401060 7240 jb 004010A2


    There is a loop from 401120 to 4011B7 that checks every character from the crackme4.dat file.

    From what I have noticed there does not seem to be any compares but a mathematical formula based on what is in the file that will register the file as being correct.

    That is how far I have come so far.

    Princess


    Princess


Message thread:

Princess's Tread (Princess) (29-Jan-99 15:08:40)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.