CrackMe® Practices for Newbies
PROJECT 8: Conquer by MisterE

TASK 2
Thursday, 18-Mar-99 04:48:00

    Ok, still haven't found the check for the serial yet, but have found something strange.

    When you press 'Cancel' in task 2, the module 'CreateFileA' is called, as readonly, which in effect looks for and opens a file called 1.123 in the current working directory. Then 20 bytes are read to location :00403634.

    401B05 PUSH 004031BF <------FILENAME"1.123"
    401B0A CALL 'CreateFileA'

    401B0F PUSH 0014 <----LENGTH to read (hex)
    401B11 PUSH 00403634 <----- loc to read to
    401B16 PUSH EAX <--------FILE handle
    401B17 CALL '_lread'
    then some calc's

    I made a file 20 bytes long called 1.123, and ran it again. The data that is read is used for some
    calculation that is looped through 5 times, before spitting me out of s'ice.

    I have absolutely no idea yet if this has any relevance for this or any of the other levels, but it is very intriguing



    Sherwood


Message thread:

Sherwood's thread TASK 1 (Sherwood) (18-Mar-99 00:47:51)

Back to main board