Jump to content
Tuts 4 You

[Crack Me] (Nag Message)

surpriser

By surpriser
in CrackMe

 Share

Recommended Posts

surpriser

surpriser

Posted
Posted (edited)

hi

this is my first post in this forum!

this crack me have nag message "Unregistered".patch it and put here.

Warning: DONT CHANGE STRINGS!

download and extract all files and then run crackme.bat file.

for run this crackme you NEED DOT NET FRAMEWORK 2.0 or higher.

Thanks a lot

CrackMe_By_Surpriser_V1.zip

Edited by surpriser
n0p

n0p

Posted
Posted (edited)

Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b:  /* 0A   |				  */ stloc.0
IL_000c:  /* 06   |				  */ ldloc.0
IL_000d:  /* 2D   | 0C			   */ brtrue.s   IL_001b
IL_000f:  /* 72   | (70)000077	   */ ldstr	  "			Unregistered Version!		 \r\n" /* 70000077 */
IL_0014:  /* 28   | (0A)00001E	   */ call	   void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019:  /* 2B   | 0A			   */ br.s	   IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

surpriser_crackme_1_NOP.zip

Edited by n0p
surpriser

surpriser

Posted
  • Author
Posted (edited)
Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b:  /* 0A   |				  */ stloc.0
IL_000c:  /* 06   |				  */ ldloc.0
IL_000d:  /* 2D   | 0C			   */ brtrue.s   IL_001b
IL_000f:  /* 72   | (70)000077	   */ ldstr	  "			Unregistered Version!		 \r\n" /* 70000077 */
IL_0014:  /* 28   | (0A)00001E	   */ call	   void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019:  /* 2B   | 0A			   */ br.s	   IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

Hi!

Verrrrrrrrrrrrrry Good!!!!!!

can you say how open it in debuger and what debuger use for patch it?

excuse me for my bad english!

Edited by surpriser
Hyperlisk

Hyperlisk

Posted
Posted (edited)

You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. :)

Maybe there's an easier way, but that's how I do .NET.

Edited by Hyperlisk
high6

high6

Posted
Posted
You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. :)

Maybe there's an easier way, but that's how I do .NET.

http://sourceforge.net/projects/reflexil/

although with smartassembly obfuscated targets I use ida and a hex editor.

  • 6 months later...
jakeman

jakeman

Posted
Posted
Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b:  /* 0A   |				  */ stloc.0
IL_000c:  /* 06   |				  */ ldloc.0
IL_000d:  /* 2D   | 0C			   */ brtrue.s   IL_001b
IL_000f:  /* 72   | (70)000077	   */ ldstr	  "			Unregistered Version!		 \r\n" /* 70000077 */
IL_0014:  /* 28   | (0A)00001E	   */ call	   void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019:  /* 2B   | 0A			   */ br.s	   IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

Nice, very good job

I did something similar to that, and it worked.

  • 4 months later...
joekames

joekames

Posted
Posted (edited)

easy crackme ^^

"2D0C" changed to "2C0C"

Edited by joekames

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...