Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Newbie Crackme #0

starzboy
starzboy
in CrackMe

Featured Replies

Posted

find the correct pass for the crackme !

no brute forcing is allowed !

http://d.turboupload.com/d/533559/crackme_0.rar.html

PS : Please do not post you answer here [only one pass] let others try their luck too !

Thankyou

It was easier then what i thought :P

You know binary ;)

Edited by yamraaj

  • Author

good !

and why do you ask .... ? !

This doesnt look so easy for me. These are my steps.

1) Opened in Peid looked for any sort of packaging.

2) Opened in Olly then ran the program to get background information.

3) I searched for all referenced strings and found the part where it says Access Granted and so on.

4) I follow in dissassembler then I am lost because I see nothing. All I see is a bunch of CALLS and MOV's and JMP's nothing else.

Help would be appreciated as I am trying to learn as I go.

@Hybr!d, tip: look at some constant just above string "CRACKME FOR NEWBIE #0 !"

good !

and why do you ask .... ? !

Sorry....that was just a lame tip :D

Hybr1d -

You know there are two possible outcomes after you type in the serial. Either you get the "Access Granted!" message or you get the "Access Denied!" one. So, at one point in the program, there has to be some kind of conditional jump to decide which one to go to, and the most common way to create a conditional jump is to have

 CMP x, y
JNZ (or JZ) address

Look around in the code for this...

Hope this helps

It was easier then what i thought :P

You know binary ;)

Yeh, it's the way to solution... :D

ALiEN.

Thanks for the Tips guys I got it :) .

The answer was right in front of me...Should of looked at the CMP and followed it through.

  • Author

i hope all of you like this crackme !

I AM LEARNING C++ AND WILL SOON BE MAKING MORE !

Regards starzboy !

Make more indeed... Make it abit harder next time for people like me :)

  • Author
Make more indeed... Make it abit harder next time for people like me :)

i am still learning and yes....ill try my best to make it harder !

Regards starzboy!

It was quite easy...Solved :P

  • 1 month later...

hmm im having trouble with this. i guess i need more tutorials ...

hmm im having trouble with this. i guess i need more tutorials ...

me, too... I know, that there is something in this Call: 0040146C ... but, I can't find the real password. I know, that I can only use numbers for the password. I think, starzboy has converted the number to HEX (my entered number, too) ... an checked them :blink: .

I'm trying :thumbsup: (Nice Crackme starzboy, I love it :yahoo: )

  • Author

hmmm....

this is how "Giga"....explains !

0040145D |. C74424 04 01000>MOV DWORD PTR SS:[ESP+4],1

00401465 |. C70424 60344400 MOV DWORD PTR SS:[ESP],crackme_.00443460

0040146C |. E8 0F540200 CALL crackme_.00426880

00401471 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; kernel32.7C816D58

00401474 |. 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4] <-------------------------------------------BP

00401477 |. 75 3A JNZ SHORT crackme_.004014B3

00401479 |. C74424 04 44004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "Access Granted !"

00401481 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

00401488 |. E8 E7AC0300 CALL crackme_.0043C174

0040148D |. C74424 04 44AF4>MOV DWORD PTR SS:[ESP+4],crackme_.0043AF>

00401495 |. 890424 MOV DWORD PTR SS:[ESP],EAX

00401498 |. E8 238C0200 CALL crackme_.0042A0C0

0040149D |. C74424 04 55004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "WELCOME !"

004014A5 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

004014AC |. E8 C3AC0300 CALL crackme_.0043C174

004014B1 |. EB 38 JMP SHORT crackme_.004014EB

and we will have something like this:

Stack SS:[0022FF74]=3C34EB12 <----------- Serial in hex format

EAX=00000037

and when convert this to Decimal the result is 1010101010

serial = 1010101010

  • 2 weeks later...

Yup, so true. Different from anything else, is the fact that C++ applications make use of the stack in 95% of the cases ;) No wonder people couldn't find any traces of clues just by looking at the strings :D

Works fast with Olly scripting ;)

  • 2 weeks later...

it was kind of hard for me cause im a bit of a noob ey :P

nice job tho, i found out eventually after a while :P

  • Author

i recomend that when you are going thro' a C++ app...you should know the details you entered in Hex so that whe you spot the info in hex you will kjnow that you are somewhere close !

Justa Tip....thats what i do !

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.