Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[crackme] #2 EaSy BuT HaRd

Sp1d3rZ
Sp1d3rZ
in CrackMe

Featured Replies

Posted

V.EASY? CrackME #2 BUT HARD ;)

Protected with nBinder v5.5

Protection: Find Correct Serial

Compression: MAX

Cryptography: Enabled

NoTe: If Any First Person DiD iT? *MAKE TUT* I will give U Mod Rank on my SITE.

SO? Be Hurry! eNjOy!

CrackME__2.rar

This nBinder sucks, you don't need the password to get it to unpack its self just force a couple of jumps and it decompresses to %temp% dir. However the password is stored in the app via CRC32 checksum which can be brute forced and or reversed. I guess it would be ok for binding stuff together but as far as protection you would be better off using UPX.

From their website :crazy:

* Can encrypt files to make it almost impossible ot extract them using hack methods.

* Password Protection for the output file to restrict access to the binded files. Strong password protection: the password is not stored in the output file, only a hash check is. You can add a password for RUN or/and Unpack.

Price: 89 USD single user license, 199 USD company license

:omg:

Valid Passwords:

SJa6f
N8cFwA
3zda4C
0F NvG
mF9mcH

CrackME__2_Unpacked.rar

Doc

  • Author

OH MY GOD ;) REALLY GREAT WORK. THNX ALOT DrPepUr.

REG ON MY Site. I will give u Moderator Rank. Again THNX

MY WEB: 

www.SpiderzBB.com

But PLZ Share some Tricks. What Bruteforce do u use? Ap0x exe bruteforce?

Edited by Sp1d3rZ

Um, code one? Get a CRC32 lib and code a basic bruteforcer to find any possible passes.

I could add CRC to the SnD Reverser Tool bruteforce list I guess if it would be useful.......

It amazes me that companies (and certain individuals) have the cheek to charge shocking prices for packers, crypters and binders that are absolutely useless. Unfortunately people do fall for these "marketing" bluffs. It just goes to prove it is worth having a little bit of knowledge in RCE...

Ted.

In my eyes, every company which sells non-free applications should have a somewhat reverse engineer in their team.

He may not be a reverser only, but maybe besides his/her programming activities.

Too bad a lot of people will never come up with their knowledge in this area.

greetz

  • Author

I check CRC32 to ASCII Brute Froce tool by UFO.

But confused :( Bcoz CrackME #2.exe CRC32 is B96C1E38. And UFO Bruter Show Result i^mcw

Its not correct pass. Can u please explain DrPepUr. Where u can find correct CRC32 hash in exe?

Its not the crc of the file its self it is a value that is stored inside the app.....if you set a BP on GetDlgItemTextA you should break after entering the password where as followed by a call which computes the crc32 of the password entered, result will be in EAX and gets compared to the value in ESI the value in ESI is the crc32 of the correct password and that is the value needed for bruteforcing.

Doc

Indeed, i was doubt with the eax and esi value and i wasn't thought that is a correct serial, lol B)

China/中国

post-41139-1227785788_thumb.png

China.rar

Edited by by:70

@by:70

lol, what do you mean!!!

Send a message

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.