Hello my friends

 

Here a simple crackme made in vb6 

 

Goal: Try to get the correct serial number.. 

 

Difficulty: [5] of 10

 

 

RDG Simple Crackme 2014.rar

its not work on win 7

Tested xp windows 7 - 8 - 10

its required net framework 4

vb6 bro.. No .net

Does your crackme run under a xp machine x86, or is it some sort of anti vm check?

Yes..VM supported.. include stupid crc method this version.. if you edit the binary it will not run..

I will to remove some anti debugger method .. will be more easy..

I sware I didn't edit the binary.. It just doesn't run inside the vm.

Edited October 13, 201410 yr by xSRTsect

Updated..Removed some anti debugger method..

RDG Simple Crackme 2014 Updated.rar

Hi

 

for run under debugger and bypass crc check just don't allow call _vbaend function (serial check procedure has reference to this function after incorrect serial msgbox )

 

nice crackme but probably used vb anti crack on it !

You are a machine . h4sh3m

 

Crc protection is a joke.. very very easy to evade

Serial Sample:

 

Username: RDGMax

 

 

Password:

 

E96C0077801EB2307F6DE0A3BA32400C6FB3F44A5277FD4564321578F9F38FE260001589C6358C9158C2E1FD205FC08038EEBC3D91DF48B5719EAD9FAB3582664F742F80EB999B579B1CD85BEF9458B9

Easy mode .. how to generate a valid serial number

 

Serial.swf

Seriously what the f.uck is with the swf file? How can that be of any use?

 

Anyway - if anyone is in trouble with the antidebugging here are a few tricks to bypass it. Patch the following data:

 

01134544       C785 40FFFFFF 00000000         MOV DWORD PTR SS:[EBP-C0],0

0113454E       90                             NOP

0113454F       90                             NOP

01134550       90                             NOP

01134551       90                             NOP

01134552       90                             NOP

01134553       90                             NOP

01134554       90                             NOP

01134555       90                             NOP

01134556       90                             NOP

01134557   |.  68 9E451301                    PUSH 0113459E

0113455C   \.  EB 14                          JMP SHORT 01134572
0111F0ED      /EB 1C                          JMP SHORT 0111F10B

0111F0EF   |. |53                             PUSH EBX

0111F0F0   |. |68 9C581101                    PUSH 0111589C
0111F166      /EB 06                          JMP SHORT 0111F16E

0111F168   |. |FF15 3C101001                  CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>]             ;  MSVBVM60.__vbaEnd

0111F16E   |> \8B45 08                        MOV EAX,DWORD PTR SS:[EBP+8]

 

However I really can't bypass the integrity check at startup - anyone had this issue too? Ultimately, the packer seems to create a new process and writte memory into that process using WriteProcessMemory api and then resume the state using Resumethread, that seems to fail with great misery for a modified file.

Edited October 18, 201410 yr by xSRTsect

Down it,THANCK YOU.