[Crackme] Simple Crackme 2014 level 1 of 3 (vb6)

[RDGMax]

Hello my friends

 

Here a simple crackme made in vb6 

 

Goal: Try to get the correct serial number.. 

 

Difficulty: [5] of 10

 

 

RDG Simple Crackme 2014.rar

[Dreamer]

its not work on win 7

[RDGMax]

Tested xp windows 7 - 8 - 10

[Dreamer]

its required net framework 4

[RDGMax]

vb6 bro.. No .net

[xSRTsect]

Does your crackme run under a xp machine x86, or is it some sort of anti vm check?

[RDGMax]

Yes..VM supported.. include stupid crc method this version.. if you edit the binary it will not run..

[RDGMax]

I will to remove some anti debugger method .. will be more easy..

[xSRTsect]

I sware I didn't edit the binary.. It just doesn't run inside the vm.

Edited October 13, 2014 by xSRTsect

[RDGMax]

Updated..Removed some anti debugger method..

RDG Simple Crackme 2014 Updated.rar

[h4sh3m]

Hi

 

for run under debugger and bypass crc check just don't allow call _vbaend function (serial check procedure has reference to this function after incorrect serial msgbox )

 

nice crackme but probably used vb anti crack on it !

[RDGMax]

You are a machine . h4sh3m

 

Crc protection is a joke.. very very easy to evade

[RDGMax]

Serial Sample:

 

Username: RDGMax

 

 

Password:

 

E96C0077801EB2307F6DE0A3BA32400C6FB3F44A5277FD4564321578F9F38FE260001589C6358C9158C2E1FD205FC08038EEBC3D91DF48B5719EAD9FAB3582664F742F80EB999B579B1CD85BEF9458B9

[RDGMax]

Easy mode .. how to generate a valid serial number

 

Serial.swf

[xSRTsect]

Seriously what the f.uck is with the swf file? How can that be of any use?

 

Anyway - if anyone is in trouble with the antidebugging here are a few tricks to bypass it. Patch the following data:

 

01134544       C785 40FFFFFF 00000000         MOV DWORD PTR SS:[EBP-C0],0

0113454E       90                             NOP

0113454F       90                             NOP

01134550       90                             NOP

01134551       90                             NOP

01134552       90                             NOP

01134553       90                             NOP

01134554       90                             NOP

01134555       90                             NOP

01134556       90                             NOP

01134557   |.  68 9E451301                    PUSH 0113459E

0113455C   \.  EB 14                          JMP SHORT 01134572
0111F0ED      /EB 1C                          JMP SHORT 0111F10B

0111F0EF   |. |53                             PUSH EBX

0111F0F0   |. |68 9C581101                    PUSH 0111589C
0111F166      /EB 06                          JMP SHORT 0111F16E

0111F168   |. |FF15 3C101001                  CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>]             ;  MSVBVM60.__vbaEnd

0111F16E   |> \8B45 08                        MOV EAX,DWORD PTR SS:[EBP+8]

 

However I really can't bypass the integrity check at startup - anyone had this issue too? Ultimately, the packer seems to create a new process and writte memory into that process using WriteProcessMemory api and then resume the state using Resumethread, that seems to fail with great misery for a modified file.

Edited October 18, 2014 by xSRTsect

[Dxer]

Down it,THANCK YOU.