Jump to content
Tuts 4 You

[crackme] Here Is A Challenge For All, Have Fun


Recommended Posts

Here is a challenge for all.

Some time ago, I coded an (freeware for medical purposes) application which was never cracked. Too stupid, not worth bothering or too difficult ?!? Dunno ... but I hope you'll tell me. BTW, a registration scheme was only implemented to keep track of people's use (free registration). To comply with forum rules, I have grabbed the registration scheme and made a ReverseMe from it. Everything is allowed : serialfishing, patching, brute forcing ... the ultimate goal is a keygen.

The only nag in the real stuff is when clicking the "Register" button. This reverseMe has more to make it easier. :^ Each time an action is required, the registration scheme is rerun internally to decide on acting or not. It's clear that killing the nags and About Box is NOT helping.

BTW, in a valid solution, the goodboys are shown. If you have a solution, please explain in a couple of words. I'm leaving on vacation right now, I'll have a look when returning.

I built some useless code around the reverseme to make it the normal size of the software.

ReverseMe is not packed nor encrypted, but I doubt it's easy.

Have fun



Link to comment

you could have done tht without replying here as it is understood that everybody will do it when they have time.

Edited by GEEK
Link to comment
you could have done tht without replying here as it is understood that everybody will do it when they have time.


But I think It's polite to post a reply.

After we read a post, It' OK to give a response.

Everyone has his own way.

I think It's out of topic.So we should stop discuss here.


Edited by winndy
Link to comment

To Lena :

It wasn't a Nice CrackMe ( by my idea ) !

It seem you have written this CrackMe by an AutorunMaker/AutoIt Or ....

and you haven't written by C++ (MFC).

Cracking these files are a little more than easy ! but nags and unregistered labels can be removed easily.

( Success ... Registration SuccessFull ... Thanks for your support !!!! )

Edited by SUB Z3R0
Link to comment
  • 2 weeks later...

Just back from vacation ... . Thanks for trying this SUB_Z3RO and all the others.

... nags and unregistered labels can be removed easily.
Sure they can, but this doesn't register the application.


Success ... Registration SuccessFull ... Thanks for your support !!!! )
The "goodboys" you found are diversion code : these are never used, not in unregistered nor in registered.

I believe it is virtually impossible without more hints though :

Hints :

1. For the application to be registered, it must say "REGISTERED" on the registration window. Again though, the obvious "REGISTERED" text in the strings is NOT used and is diversion code too, seek elsewhere !

2. This "reverseme" is in fact part of an application which has twenty (20 !) checks and doublechecks. If any of these fail, you are sent in the woods to go play with Robin Hood. In this case, the real serial is never calculated (only a diversion serial is calculated). BTW, assume anything by "checks and doublechecks", ie if the length of a certain part of the serial is wrong --> go see Robin in the woods.

3. This reverseme is part of a real application : at startup, it verifies for "was I previously registered or not ?". If it was registered before, the registration scheme is not shown in the real application. BTW, the reverseme shows the goodboy at startup when registered before (because there is no "application" here).

4. Anybody found the ring0 debugger checks (find them all !) ? --> else go see Robin :o

5. Anybody found the ring3 debugger checks (find them all !) ? --> else go see Robin :o

6. Anybody found the anti-tracing ? --> else go see Robin :o

7. ALL detecting is silent : if anything suspicious is detected --> go see Robin :o

8. Expect some more tricks, hehe, probably these being the most important factor of faillure of all :^

It should be a walk in the park with this info ? Or not ?



Link to comment
Holy crap woman, that is nuts! I'll take a look, but i dn;'t see a point! :P what is it coded with?
Hehe, yeah, I know. Just call it "overkill" but it was kind of fun to code all the protecting.
Link to comment
And it was for a freeware app correct?


I fear I amused myself more with the protection then with the app itself.

Let's blame reversing for that :^

Link to comment

That's really tough, at least for me...

I encountered several debugger detection tricks, waitforsingleobject and the winice.dat check :)

but all in all very good...

Im close to what looks like the serial check routine, and i found several places to circumvent the bad boys, but no good boy in sight...

Link to comment

@KillBoy : good work so far. Don't give up.

@npad69 : do you mean to code this registration scheme in a dll to be called by "a third-party-program" and sell the library for that purpose ? It could be done in very little time but I decided long ago to stick with reversing.... :^

BTW, this protection is not unbreakable but can easily be made many times harder !

Link to comment
  • 11 months later...
  • 1 year later...

Hey.. I just found this reverseme about an hour ago...

I'm a newbie, and I'm almost finished with your tuts.. Thanks lena..

I'm trying with this one...

Currently I've only managed to change the "Not registered :=)" to another message I make up, in the nags :P


Possible spoiler: http://www.treesoft.dk/RCE/ReverseMe_Morten_Hot_xD_p2.PNG

I'm getting closer!

I won't look at your solution, before I give up!

PS: I'm a fast learner...

Edited by MulleDK19
Link to comment

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...