CrackMe® Practices for Newbies
PROJECT 8: Conquer by MisterE

Some details for task 2 (don't read unless u're done with task 1)
Friday, 19-Mar-99 01:05:26

    OK, I assume that the u have finished task 1, which is actually *very* easy.
    For task 2, it's very very tricky :)
    After tracing some time and couldn't get it to break anywhere, I looked through the disassembly and noticed that clicking on "OK" will bring us to 'bad' MessageBox straightaway. Hmm..puzzling isn't it ;). Look further below, there's a CreateFileA call. Ahah! A keyfile+serial protection! And the filename is 1.123. Look further, a call to _lread. This call returns the number of bytes read from the file, that is, the size of the file. And it's being compared with 14h, meaning our file 1.123 is 20 bytes (14h) long. So, create one with 20 00h inside (or any other values you like, as long as file is 20 bytes)
    OK, now, start tracing. Enter name/serial, bpx on CreateFileA or lread, trace further, and you'll see that some calculation onto the read data, and final result in eax. This value is saved somewhere. Then SendDlgItemMessage to get your serial. The serial you entered is converted to hex value and stored in eax. And this value is compared to the one we got from the previous result from the keyfile. There, you found your serial ;).

    ytc_


Message thread:

ytc's thread (ytc_) (17-Mar-99 03:37:32)

Back to main board