home *** CD-ROM | disk | FTP | other *** search
- [rAPTOR]'s Crackme 1
- --------------------
- Tools Used:
- Softice
-
- ---
- Protection:
- A simple code protection
-
- ---
- Ok, first of all, get the crackme ;), you can get it (and many others) from
- http://crackmes.cjb.net
- Load up the crackme, enter a junk serial and set a breakpoint on Hmemcpy
- now press the Validate button to check the serial, when softice break, go on
- until you come here:
-
- :0042F6E9 B850174300 MOV EAX,00431750
- :0042F6EE E8B143FDFF CALL 00403AA4
- :0042F6F3 8B1550174300 MOV EDX,[00431750] ; EDX = offset of our entered serial
- :0042F6F9 8A541AFF MOV DL,[EBX+EDX-01] ; DL = asc value of serial[i]
- :0042F6FD 80F210 XOR DL,10 ; dl = dl xor 10h
- :0042F700 885418FF MOV [EBX+EAX-01],DL
- :0042F704 43 INC EBX
- :0042F705 4E DEC ESI
- :0042F706 75E1 JNZ 0042F7E9 ; is all char's xor'ed? no, then jump
-
- that's all the important code, which simply means that each char of the serial we
- entered is XOR'ed by 16(10h). but we need to know one more thing, what is it we should
- XOR with?! well, step down until you come here
-
- :0042F708 A150174300 MOV EAX,[00431750] ; eax = offset of our junk serial
- :0042F70D 8B1548174300 MOV EDX,[00431748] ; edx = offset of our valid serial (XOR'ed)
-
- so do a "d edx" and you'll see KbQ@D_BM and that's simply the thing we should xor with..
-
- 4B 62 51 40 44 5F 42 4D (KbQ@D_BM)
- XOR
- 10 10 10 10 10 10 10 10
- -----------------------------------
- 5B 72 41 50 54 4F 52 5D ([rAPTOR])
-
- so the valid serial is [rAPTOR] not so hard eh?
- ---
- /Klefz - http://klefz.cjb.net
