Newbie Crackme #0

[starzboy]

find the correct pass for the crackme !

no brute forcing is allowed !

http://d.turboupload.com/d/533559/crackme_0.rar.html

PS : Please do not post you answer here [only one pass] let others try their luck too !

Thankyou

[yamraaj]

It was easier then what i thought

You know binary

Edited April 22, 2006 by yamraaj

[starzboy]

good !

and why do you ask .... ? !

[Hybr!d]

This doesnt look so easy for me. These are my steps.

1) Opened in Peid looked for any sort of packaging.

2) Opened in Olly then ran the program to get background information.

3) I searched for all referenced strings and found the part where it says Access Granted and so on.

4) I follow in dissassembler then I am lost because I see nothing. All I see is a bunch of CALLS and MOV's and JMP's nothing else.

Help would be appreciated as I am trying to learn as I go.

[The Old Pirate]

@Hybr!d, tip: look at some constant just above string "CRACKME FOR NEWBIE #0 !"

[yamraaj]

good !

and why do you ask .... ? !

Sorry....that was just a lame tip

[Guest Tundra]

Hybr1d -

You know there are two possible outcomes after you type in the serial. Either you get the "Access Granted!" message or you get the "Access Denied!" one. So, at one point in the program, there has to be some kind of conditional jump to decide which one to go to, and the most common way to create a conditional jump is to have

 CMP x, y
JNZ (or JZ) address

Look around in the code for this...

Hope this helps

[ALiEN]

It was easier then what i thought

You know binary

Yeh, it's the way to solution...

ALiEN.

[Hybr!d]

Thanks for the Tips guys I got it .

The answer was right in front of me...Should of looked at the CMP and followed it through.

[starzboy]

i hope all of you like this crackme !

I AM LEARNING C++ AND WILL SOON BE MAKING MORE !

Regards starzboy !

[Hybr!d]

Make more indeed... Make it abit harder next time for people like me

[starzboy]

Make more indeed... Make it abit harder next time for people like me

i am still learning and yes....ill try my best to make it harder !

Regards starzboy!

[futureproof]

It was quite easy...Solved

[Guest Findme]

hmm im having trouble with this. i guess i need more tutorials ...

[Guest linkin]

hmm im having trouble with this. i guess i need more tutorials ...

me, too... I know, that there is something in this Call: 0040146C ... but, I can't find the real password. I know, that I can only use numbers for the password. I think, starzboy has converted the number to HEX (my entered number, too) ... an checked them .

I'm trying (Nice Crackme starzboy, I love it )

[starzboy]

hmmm....

this is how "Giga"....explains !

0040145D |. C74424 04 01000>MOV DWORD PTR SS:[ESP+4],1

00401465 |. C70424 60344400 MOV DWORD PTR SS:[ESP],crackme_.00443460

0040146C |. E8 0F540200 CALL crackme_.00426880

00401471 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; kernel32.7C816D58

00401474 |. 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4] <-------------------------------------------BP

00401477 |. 75 3A JNZ SHORT crackme_.004014B3

00401479 |. C74424 04 44004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "Access Granted !"

00401481 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

00401488 |. E8 E7AC0300 CALL crackme_.0043C174

0040148D |. C74424 04 44AF4>MOV DWORD PTR SS:[ESP+4],crackme_.0043AF>

00401495 |. 890424 MOV DWORD PTR SS:[ESP],EAX

00401498 |. E8 238C0200 CALL crackme_.0042A0C0

0040149D |. C74424 04 55004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "WELCOME !"

004014A5 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

004014AC |. E8 C3AC0300 CALL crackme_.0043C174

004014B1 |. EB 38 JMP SHORT crackme_.004014EB

and we will have something like this:

Stack SS:[0022FF74]=3C34EB12 <----------- Serial in hex format

EAX=00000037

and when convert this to Decimal the result is 1010101010

serial = 1010101010

[SunBeam]

Yup, so true. Different from anything else, is the fact that C++ applications make use of the stack in 95% of the cases No wonder people couldn't find any traces of clues just by looking at the strings

Works fast with Olly scripting

[Guest slavaa]

it was kind of hard for me cause im a bit of a noob ey

nice job tho, i found out eventually after a while

[starzboy]

i recomend that when you are going thro' a C++ app...you should know the details you entered in Hex so that whe you spot the info in hex you will kjnow that you are somewhere close !

Justa Tip....thats what i do !