| FireWorx CrackMe 5 Solution Tutorial |
Essay Author: SiG
Introduction:
Simply a code Hard Coded into the exe but where is the ok button? This protection validates the code in real time so there is no need to press any buttons. Until you enter the right code the program does nothing, although when you do enter the correct code the program will produce a congratulations message. All you will need for this crack is trusty SoftIce and a descent cracking sense.
The Essay:
Start by entering a dummy serial into the textbox and opening SoftIce. Ctrl+d. For this crack we will be using Hmemcpy. Hmemcpy is a standard function found in the KERNEL (a windows system file) it is used to copy strings from one location to another. In this case the program uses it to copy your entered code to memory where it is compared with the actual code. So in SoftIce type BPX HMEMCPY. Now switch back to windows, you will notice that you are thrown straight back into SoftIce. This program continuosly makes a lot of calls using the Hmemcpy function. What you need to do is press F12 until the line at the bottom of the screen reads the name of the Crackme exe. You are now inside the CrackMe code. Once done we need to search memory for the dummy code that we entered. In SoftIce type s 0 l ffffffff 'code you entered'. This will find in memory where our code is, mine was found at 0030:007B39C8 so to set a breakpoint on that memory address we type in SoftIce BPX 0030:007B39C8 R, or wherever your code appeared. SoftIce will now break when that address is read from, hopefully just before a compare routine. Press F5 to exit SoftIce. You land straight back at a piece of code that should look similar to this:
| :00403B85 | mov ecx, [esi] | moves entered code to ECX |
| :00403B87 | mov ebx, [edi] | moves real code to EBX |
| :00403B89 | cmp ecx, ebx | compares ECX to EBX |
| :00403B8B | jnz 00403BE5 | jump if not equal |
By doing a D ESI in the above code you will see the code that you entered, yet if you do a D EDI then you will see the correct code which just happens to be the word 'Regcode', (without the quotations of course). Enter the word Regcode into the textbox watching the uppercase on the 'R' and you will be presented with a messagebox 'Cracked'.
Conclusion:
I hope that my blabbering on has taught you something that will help you or at least shown you how to defeat this CrackMe. Any questions please forward to sigmental@yahoo.com