If
you are fresh newbie and you are just starting to learn how to
crack this crackme is jts for you ! But if you have already some
knowledge about cracking i advice you that you rather find some more
difficult taks then this crackme. As you could notice the file is
packed with ASp 2.11 by Pe-Pack 1.0 and UPx but there is no need to unpack
it. Why? Because we can crack it just with the Softice.I used 4.05 but
anyone version of it will also do it.SO this crackme is for any newbies
who would like to practice serial fishing. Ok enought talk let's
start:
******************************************************************************************************************************************************************************
1: Task to the
serial
******************************************************************************************************************************************************************************
:: Solution FOr Task One : | |
Open
crackme write you name i did mine NeO'X'QuiCk for key i had 5393C000 and
for serial i Wrote 123123. Then open the Softice by pressing CTRL+D i set
a break on HMEMCPY.Who BPX HmemCpy and press Enter!Then exit the softice
by the same press as you entered.Press Ok in crackme.Softice should break
Press F11 once (go to return address) and F12 * 11 times (to return to
function where it was called) you should he right here:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0167:00456EA2 E87DDBFCFF CALL 00424A24 0167:00456EA7 8B45FC MOV
EAX,[EBP-04] 0167:00456EAA E801CCFAFF CALL
00403AB0
/**Get the lenght of
your name and moves into eax **/ 0167:00456EAF 83F804 CMP
EAX,04
/**Compares you lenght of the name with 4 if it bigger you pass Small msg
mine lenght of the name is B(hex) which is 11 in dec **/ 0167:00456EB2
7D13 JGE 00456EC7 0167:00456EB4 A108954500 MOV EAX,[00459508]
0167:00456EB9 8B00 MOV EAX,[EAX] 0167:00456EBB E80869FEFF CALL 0043D7C8
0167:00456EC0 BB01000000 MOV EBX,00000001 0167:00456EC5 EB15 JMP 00456EDC
0167:00456EC7 83FB25 CMP
EBX,25
/**Here compare our
lenght of serial if it's longer then 25
letters you get wrong msg**/ 0167:00456ECA 7D0E JGE 00456EDA
0167:00456ECC 83C332 ADD EBX,32 0167:00456ECF 83C31E ADD EBX,1E
0167:00456ED2 83EB4F SUB EBX,4F 0167:00456ED5 83FB25 CMP EBX,25
0167:00456ED8 7CF2 JL 00456ECC 0167:00456EDA 33DB XOR EBX,EBX
0167:00456EDC 33C0 XOR EAX,EAX 0167:00456EDE 5A POP EDX 0167:00456EDF 59
POP ECX 0167:00456EE0 59 POP ECX 0167:00456EE1 648910 MOV FS:[EAX],EDX
0167:00456EE4 68F96E4500 PUSH 00456EF9 0167:00456EE9 8D45FC LEA
EAX,[EBP-04] 0167:00456EEC E843C9FAFF CALL 00403834 0167:00456EF1 C3 RET
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
So as you can
see our leght of the name must be longer the 5 letter and lenght of serial musnt be longer the
25 letters.Ok press F10 to trace further more and then should stop
here:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0167:00457403 4B
DEC EBX 0167:00457404 83EF31 SUB EDI,31 0167:00457407
81FF26020000 CMP EDI,00000226 0167:0045740D 7EED JLE 004573FC
0167:0045740F 03DF ADD EBX,EDI 0167:00457411 8D55F0 LEA
EDX,[EBP-10] 0167:00457414 8BC3 MOV EAX,EBX 0167:00457416
E82D04FBFF CALL 00407848 0167:0045741B 8B45F0 MOV EAX,[EBP-10]
0167:0045741E E88DC6FAFF CALL 00403AB0 0167:00457423 8345F803 ADD
DWORD PTR [EBP-08],03 0167:00457427 33DB XOR EBX,EBX 0167:00457429
8BFB MOV EDI,EBX 0167:0045742B 836DF802 SUB DWORD PTR [EBP-08],02
0167:0045742F 81FED30D0000 CMP ESI,00000DD3 0167:00457435 7C0D JL
00457444 0167:00457437 BE01000000 MOV ESI,00000001 0167:0045743C
81FED30D0000 CMP ESI,00000DD3 0167:00457442 7DF3 JGE 00457437
0167:00457444 817DF8D0070000 CMP DWORD PTR [EBP-08],000007D0
0167:0045744B 7C9D JL 004573EA 0167:0045744D E8AEFAFFFF CALL
00456F00 0167:00457452 8D55F4 LEA EDX,[EBP-0C] 0167:00457455 8B45FC
MOV EAX,[EBP-04] 0167:00457458 8B80C8020000 MOV EAX,[EAX+000002C8]
0167:0045745E E8C1D5FCFF CALL 00424A24 0167:00457463 8B45F4 MOV
EAX,[EBP-0C] 0167:00457466 8B55FC MOV EDX,[EBP-04] 0167:00457469
8B92F8020000 MOV EDX,[EDX+000002F8] 0167:0045746F E84CC7FAFF CALL
00403BC0
/**IMPORTANT**/ 0167:00457474 740E JZ
00457484
/**IMPORTANT**/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
So on a CALL do D EAX and you will get the
serial you wrote in that is in mine case 123123!But if you D EDX you will
get the real serial so mine was 1121'EXNO-1212678147-on'e00AZ8 So
write it in and you get the CORRECt msg the crackme cracked heh!Easy!
Special and biggest Thanks goes to Corbio who made my cracking skill become better ! To Nukem for helping to make a html and To Chordless for helping to learn about it.ANd to VATi who likes to pay with color and like to make good gfx !
Greetings:
XasX,Santmat,SEvando2000,Wishmaker,Acid_Cool_178, am4,Woody,SV,Bratch,Batilog,Code_Inside, to all members of TNT and TCA...and to all that i have forgotten!!
And of course to all crackme's writes and to all people that have helped me!
SOrry about grammer mistakes!!
NeO'X'QuiCK
© 2001 by
NeO'X'Quick |