Jump to content
Tuts 4 You

Newbie Crackme #0


starzboy

Recommended Posts

find the correct pass for the crackme !

no brute forcing is allowed !

http://d.turboupload.com/d/533559/crackme_0.rar.html

PS : Please do not post you answer here [only one pass] let others try their luck too !

Thankyou

Link to comment

This doesnt look so easy for me. These are my steps.

1) Opened in Peid looked for any sort of packaging.

2) Opened in Olly then ran the program to get background information.

3) I searched for all referenced strings and found the part where it says Access Granted and so on.

4) I follow in dissassembler then I am lost because I see nothing. All I see is a bunch of CALLS and MOV's and JMP's nothing else.

Help would be appreciated as I am trying to learn as I go.

Link to comment
Guest Tundra

Hybr1d -

You know there are two possible outcomes after you type in the serial. Either you get the "Access Granted!" message or you get the "Access Denied!" one. So, at one point in the program, there has to be some kind of conditional jump to decide which one to go to, and the most common way to create a conditional jump is to have

 CMP x, y
JNZ (or JZ) address

Look around in the code for this...

Hope this helps

Link to comment
Make more indeed... Make it abit harder next time for people like me :)

i am still learning and yes....ill try my best to make it harder !

Regards starzboy!

Link to comment
  • 1 month later...
Guest linkin
hmm im having trouble with this. i guess i need more tutorials ...

me, too... I know, that there is something in this Call: 0040146C ... but, I can't find the real password. I know, that I can only use numbers for the password. I think, starzboy has converted the number to HEX (my entered number, too) ... an checked them :blink: .

I'm trying :thumbsup: (Nice Crackme starzboy, I love it :yahoo: )

Link to comment

hmmm....

this is how "Giga"....explains !

0040145D |. C74424 04 01000>MOV DWORD PTR SS:[ESP+4],1

00401465 |. C70424 60344400 MOV DWORD PTR SS:[ESP],crackme_.00443460

0040146C |. E8 0F540200 CALL crackme_.00426880

00401471 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; kernel32.7C816D58

00401474 |. 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4] <-------------------------------------------BP

00401477 |. 75 3A JNZ SHORT crackme_.004014B3

00401479 |. C74424 04 44004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "Access Granted !"

00401481 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

00401488 |. E8 E7AC0300 CALL crackme_.0043C174

0040148D |. C74424 04 44AF4>MOV DWORD PTR SS:[ESP+4],crackme_.0043AF>

00401495 |. 890424 MOV DWORD PTR SS:[ESP],EAX

00401498 |. E8 238C0200 CALL crackme_.0042A0C0

0040149D |. C74424 04 55004>MOV DWORD PTR SS:[ESP+4],crackme_.004400>; ASCII "WELCOME !"

004014A5 |. C70424 C0334400 MOV DWORD PTR SS:[ESP],crackme_.004433C0

004014AC |. E8 C3AC0300 CALL crackme_.0043C174

004014B1 |. EB 38 JMP SHORT crackme_.004014EB

and we will have something like this:

Stack SS:[0022FF74]=3C34EB12 <----------- Serial in hex format

EAX=00000037

and when convert this to Decimal the result is 1010101010

serial = 1010101010

Link to comment
  • 2 weeks later...

Yup, so true. Different from anything else, is the fact that C++ applications make use of the stack in 95% of the cases ;) No wonder people couldn't find any traces of clues just by looking at the strings :D

Works fast with Olly scripting ;)

Link to comment
  • 2 weeks later...

i recomend that when you are going thro' a C++ app...you should know the details you entered in Hex so that whe you spot the info in hex you will kjnow that you are somewhere close !

Justa Tip....thats what i do !

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...