Jump to content
Tuts 4 You

[crackme] Hard Core Poly Protection ( it's Very Hard to CRACK )


Recommended Posts

Hi every body.

This is the Nested Poly Protection. They Mixed . ;)

Write a tutorial ,If Crack it.


Don't try to find Password Just Patch it. B)


Link to comment
Share on other sites

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

Pretty ugly patch by me... Should be more checks for the right place in the execryptor VM.

There are easier ways.. but I at least wanted not too patch the delphi compare..

Or feed the correct password from the beginning.

As for a tut, check the end of the entrypoint procedure.. There's my code.. bp it and check it..

A well should work the first time :) don't try it too often.. it might/will crash.. :)

Type anything you want it should always say you pass..

And the pw of course is: nima.nikjoo@gmail.com

Checking for the 3 parts of the email and finally the email as a whole..



Edited by quosego
Link to comment
Share on other sites

Thank you .

is there any MUP about Solving Poly/Obfu ?

This is My Crackme but i can't Crack it ! ( i need Paper or MUP , Please :help )

Link to comment
Share on other sites

To begin with you know the solution just by looking at delphi strings.. Therefore you can simply code something at the start of the check to feed the correct answer.. (though not a very skilful solution) Also the first three checks use the standard delhpi compare and are for each poly the same.. Both the second and third are obvious the obfu is simple and the solution obvious, eg nop the jumps.

For the execryptor ones you of course gotta deal with something a lot more complex.. You can't just nop a jump..

You can however feed the execryptor obfu the correct value when exitting the delphi compare function when being in the second check. This has to be done with great care (when doing this is execryptor code and not in delphi code) since execryptor uses certain instructions multiple times..

You cannot do this for the 4th last check since the delphi compare is not used.. You can however once again hook certain instuction in the execryptor VM/obfu and feed them the correct values. (for instance the one I used had the correct value in edx and the wrong one in eax.. Simply creating something that checks for the correct time (which I did very generically resulting in an ugly patch ;) ) and then patching the execryptor VM at that time (move edx into eax) will solve it..

Also you could just patch the delphi compare to always exit with a true value passing the first three checks. And code a message box over the last function that says "you pass". Since you can deduce what the function must do.

The most elegant one imho is the patching of the execryptor code and the other poly conditonal jumps.. Since in real life this usually the only way.. (defenitely not always.)


Edited by quosego
Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • 3 weeks later...
Unpacking VM is Private in crackers world , try your self

very bad answer.

when u asked for guidance, some gave you,


it might be your doom to do so with the others.

atleast, show them the meaning of what being sayed..

or this "world" is just for those like you who would like to keep getting, but not share at all, some solidated world for the Elite :yucky:

on the other hand,it might be that, your tutorials will just reflect another side of that attitude which would not make them of any meaning

at all.


Edited by anonim
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...