Jump to content
Tuts 4 You

[Crack Me] (Nag Message)


surpriser

Recommended Posts

hi

this is my first post in this forum!

this crack me have nag message "Unregistered".patch it and put here.

Warning: DONT CHANGE STRINGS!

download and extract all files and then run crackme.bat file.

for run this crackme you NEED DOT NET FRAMEWORK 2.0 or higher.

Thanks a lot

CrackMe_By_Surpriser_V1.zip

Edited by surpriser
Link to comment
Share on other sites

Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b: /* 0A | */ stloc.0
IL_000c: /* 06 | */ ldloc.0
IL_000d: /* 2D | 0C */ brtrue.s IL_001b
IL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */
IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019: /* 2B | 0A */ br.s IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

surpriser_crackme_1_NOP.zip

Edited by n0p
Link to comment
Share on other sites

Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b: /* 0A | */ stloc.0
IL_000c: /* 06 | */ ldloc.0
IL_000d: /* 2D | 0C */ brtrue.s IL_001b
IL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */
IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019: /* 2B | 0A */ br.s IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

Hi!

Verrrrrrrrrrrrrry Good!!!!!!

can you say how open it in debuger and what debuger use for patch it?

excuse me for my bad english!

Edited by surpriser
Link to comment
Share on other sites

You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. :)

Maybe there's an easier way, but that's how I do .NET.

Edited by Hyperlisk
Link to comment
Share on other sites

You can view the Intermediate Language (IL) with .NET Reflector by Lutz Roeder. Then you can use The Interactive Disassembler Pro (IDA Pro) to find the location in the file that you want to patch. Finally, you can just use a hex editor to change the bytes. :)

Maybe there's an easier way, but that's how I do .NET.

http://sourceforge.net/projects/reflexil/

although with smartassembly obfuscated targets I use ida and a hex editor.

Link to comment
Share on other sites

  • 6 months later...
Patch the brtrue.s to a brfalse.s in CrackMe.Module1's void Main() and you're set?

or remove the code that loads the 0 value onto the stack and replace the brtrue.s with a br.s

or just remove this entire code segment:

IL_000a:  /* 16   |				  */ ldc.i4.0
IL_000b: /* 0A | */ stloc.0
IL_000c: /* 06 | */ ldloc.0
IL_000d: /* 2D | 0C */ brtrue.s IL_001b
IL_000f: /* 72 | (70)000077 */ ldstr " Unregistered Version! \r\n" /* 70000077 */
IL_0014: /* 28 | (0A)00001E */ call void [mscorlib/*23000001*/]System.Console/*01000018*/::Write(string) /* 0A00001E */
IL_0019: /* 2B | 0A */ br.s IL_0025

Pretty simple crackme ;p

Attached is a patch just swapping the brtrue.s with a brfalse.s.

Nice, very good job

I did something similar to that, and it worked.

Link to comment
Share on other sites

  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...