abcd's Li'l crackme
| Download crackme2.zip, 128 kb (password: crackmes.de) Browse contents of crackme2.zip Simple command prompt crackme
Difficulty: 2 - Needs a little brain (or luck) | RatingWaiting for at least 3 votes View profile of abcd » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| DigitalAcid 28. Nov 2007 | Patching it is easy, are we allowed to do that ? =) |
|---|---|
| abcd Author 28. Nov 2007 | No patching allowed :) |
| Devoney 02. Dec 2007 | What do you mean by assembler language. It looks like this one is not coded with a C compiler or an asm compiler.... In which language is it really created and which compiler is used then? |
| xylitol 02. Dec 2007 | crackMe crash on my computer |
| Devoney 03. Dec 2007 | At one point I am in a loop. It checks the following lines for a byte 2C hex. 0022FD40 |7C90EE00 ntdll.7C90EE00 0022FD44 |7C96E0F8 ntdll.7C96E0F8 It looks like there are ntdll function stored at these memory adresses. What is the point of that to be checking that for 2C in hex? When one of those bytes is not 2C hex the next line is skipped: 00401695 . C745 E0 010000>MOV DWORD PTR SS:[EBP-20],1 and when this line is skipped the following line jumps over the goodboy message, exiting the program. 004016DB . 837D E0 00 CMP DWORD PTR SS:[EBP-20],0 004016DF 0F85 C0030000 JNZ crackme2.00401AA5 I can only make one thing out of this, that is that a ntdll function in the version of my dll files needs to contain a byte 2chex at its function calling address. Is this supposed to be like that? what has this to do with the registry value and cracking the application? I did not patch anything. I have looked in my ntdll file and there are no functions at the specified addresses... Could you give me a hint on this one? Thanks, Devoney |
| abcd Author 04. Dec 2007 | @xylitol run it from command prompt,it should run fine... @Devoney you are nearly there...just a little bit more... |
| Devoney 04. Dec 2007 | ok, from the memory stack address 0022FD40 to 0022FD47 the bytes are only filled when I debug the program using OllyDbg. When I output the data with a messagebox outside the debugger the bytes are empty. Is this a debug trick? and when these bytes are empty line 401695 is skipped, so the jump to 401AA5, skipping the goodboy message, is taken. Do I miss a part here? I definitely need a hint ;) |
| myitweb 24. Dec 2007 | One question: what's crackmes means? |
| abcd Author 25. Dec 2007 | @myitweb...just a name to indiacte that it's gotta be reversed.... @Devoney...any luck yet?? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.