Posted October 13, 201410 yr Hello my friends Here a simple crackme made in vb6 Goal: Try to get the correct serial number.. Difficulty: [5] of 10 RDG Simple Crackme 2014.rar
October 13, 201410 yr Does your crackme run under a xp machine x86, or is it some sort of anti vm check?
October 13, 201410 yr Author Yes..VM supported.. include stupid crc method this version.. if you edit the binary it will not run..
October 13, 201410 yr I sware I didn't edit the binary.. It just doesn't run inside the vm. Edited October 13, 201410 yr by xSRTsect
October 13, 201410 yr Author Updated..Removed some anti debugger method..RDG Simple Crackme 2014 Updated.rar
October 14, 201410 yr Hi for run under debugger and bypass crc check just don't allow call _vbaend function (serial check procedure has reference to this function after incorrect serial msgbox ) nice crackme but probably used vb anti crack on it !
October 14, 201410 yr Author You are a machine . h4sh3m Crc protection is a joke.. very very easy to evade
October 14, 201410 yr Author Serial Sample: Username: RDGMax Password: E96C0077801EB2307F6DE0A3BA32400C6FB3F44A5277FD4564321578F9F38FE260001589C6358C9158C2E1FD205FC08038EEBC3D91DF48B5719EAD9FAB3582664F742F80EB999B579B1CD85BEF9458B9
October 18, 201410 yr Seriously what the f.uck is with the swf file? How can that be of any use? Anyway - if anyone is in trouble with the antidebugging here are a few tricks to bypass it. Patch the following data: 01134544 C785 40FFFFFF 00000000 MOV DWORD PTR SS:[EBP-C0],0 0113454E 90 NOP 0113454F 90 NOP 01134550 90 NOP 01134551 90 NOP 01134552 90 NOP 01134553 90 NOP 01134554 90 NOP 01134555 90 NOP 01134556 90 NOP 01134557 |. 68 9E451301 PUSH 0113459E 0113455C \. EB 14 JMP SHORT 01134572 0111F0ED /EB 1C JMP SHORT 0111F10B 0111F0EF |. |53 PUSH EBX 0111F0F0 |. |68 9C581101 PUSH 0111589C 0111F166 /EB 06 JMP SHORT 0111F16E 0111F168 |. |FF15 3C101001 CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>] ; MSVBVM60.__vbaEnd 0111F16E |> \8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] However I really can't bypass the integrity check at startup - anyone had this issue too? Ultimately, the packer seems to create a new process and writte memory into that process using WriteProcessMemory api and then resume the state using Resumethread, that seems to fail with great misery for a modified file. Edited October 18, 201410 yr by xSRTsect
Create an account or sign in to comment