surpriser Posted July 9, 2008 Share Posted July 9, 2008 (edited) hithis is my first post in this forum!this crack me have nag message "Unregistered".patch it and put here.Warning: DONT CHANGE STRINGS!download and extract all files and then run crackme.bat file.for run this crackme you NEED DOT NET FRAMEWORK 2.0 or higher.Thanks a lotCrackMe_By_Surpriser_V1.zip Edited July 9, 2008 by surpriser Link to comment Share on other sites More sharing options...
n0p Posted July 10, 2008 Share Posted July 10, 2008 (edited) Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set? or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.sor just remove this entire code segment:IL_000a: /* 16 | */ ldc.i4.0IL_000b: /* 0A | */ stloc.0IL_000c: /* 06 | */ ldloc.0IL_000d: /* 2D | 0C */ brtrue.s IL_001bIL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */IL_0019: /* 2B | 0A */ br.s IL_0025Pretty simple crackme ;pAttached is a patch just swapping the brtrue.s with a brfalse.s.surpriser_crackme_1_NOP.zip Edited July 10, 2008 by n0p Link to comment Share on other sites More sharing options...
surpriser Posted July 10, 2008 Author Share Posted July 10, 2008 (edited) Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set? or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.sor just remove this entire code segment:IL_000a: /* 16 | */ ldc.i4.0IL_000b: /* 0A | */ stloc.0IL_000c: /* 06 | */ ldloc.0IL_000d: /* 2D | 0C */ brtrue.s IL_001bIL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */IL_0019: /* 2B | 0A */ br.s IL_0025Pretty simple crackme ;pAttached is a patch just swapping the brtrue.s with a brfalse.s.Hi!Verrrrrrrrrrrrrry Good!!!!!!can you say how open it in debuger and what debuger use for patch it?excuse me for my bad english! Edited July 10, 2008 by surpriser Link to comment Share on other sites More sharing options...
Hyperlisk Posted July 10, 2008 Share Posted July 10, 2008 (edited) You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. Maybe there's an easier way, but that's how I do .NET. Edited July 10, 2008 by Hyperlisk Link to comment Share on other sites More sharing options...
high6 Posted July 10, 2008 Share Posted July 10, 2008 You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. Maybe there's an easier way, but that's how I do .NET. http://sourceforge.net/projects/reflexil/ although with smartassembly obfuscated targets I use ida and a hex editor. Link to comment Share on other sites More sharing options...
jakeman Posted January 31, 2009 Share Posted January 31, 2009 Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set? or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.sor just remove this entire code segment:IL_000a: /* 16 | */ ldc.i4.0IL_000b: /* 0A | */ stloc.0IL_000c: /* 06 | */ ldloc.0IL_000d: /* 2D | 0C */ brtrue.s IL_001bIL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */IL_0019: /* 2B | 0A */ br.s IL_0025Pretty simple crackme ;pAttached is a patch just swapping the brtrue.s with a brfalse.s.Nice, very good jobI did something similar to that, and it worked. Link to comment Share on other sites More sharing options...
joekames Posted June 14, 2009 Share Posted June 14, 2009 (edited) easy crackme ^^"2D0C" changed to "2C0C" Edited June 14, 2009 by joekames Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now