Aenox's CrackMe4rd
| Download CrackMe4rd.zip, 16 kb (password: crackmes.de) Browse contents of CrackMe4rd.zip Nag and button activation timer. Shouldn't be too hard (or easy!)."
Difficulty: 2 - Needs a little brain (or luck) | RatingWaiting for at least 3 votes View profile of Aenox » |
Solutions
Solution by red477, published 20. jun, 2005; download (23 kb), password: crackmes.de or browse.
red477 has not rated this crackme yet.
Discussion and comments
| Aenox Author 08. Jun 2005 | This was fun to try and crack myself. I didn't follow any anti-cracking guides but still tried some protection. Please post your observations or even if you only manage to correctly remove the first nag. |
|---|---|
| pxor 08. Jun 2005 | it was too easy to remove nag just breaking it on messageboxa and patch 1 byte :/ these same with timer validation proc of activation code looks nasty ;p (its good :D) name -> registration code is too easy but its good that u put that in another thread :o there was also some fake calls :D keep trying :P |
| Aenox Author 09. Jun 2005 | Only patching 1 byte to remove the nag will stop the program functioning in other ways... |
| Oorja-HalT 22. Jun 2005 | I think the solution for this crackme is incomplete without mentioning why a breakpoint is set on 4012F0. |
| red477 22. Jun 2005 | Sorry for that,I'd ever thought i did not have to explain everything very very clearly.And the most important,I am a very newbie,so plz forgive me for my mistakes. I set a breakpoint there just that the ollydbg told me that it is the ThreadFunction there: 00401593 . 68 F0124000 push CrackMe4.004012F0 ; |ThreadFunction = CrackMe4.004012F0<-the keygen funtion!? I think it must be useful.so...you can say that I cracked it just not by the little brain but by the little luck. :) Again I feel sorry for any defects that are in my solution. ==================== sorry for my english...:( |
| Oorja-HalT 22. Jun 2005 | You need'nt be that appologetic. BTW did you notice the sleep call just after the create thread (of equal priority : pointer to thread function at 4012F0). After that Sleep is called at parameter passed for sleep is 0. And if you look at the explanation for winapi sleep you would find "A value of zero causes the thread to relinquish the remainder of its time slice to any other thread of equal priority that is ready to run. If there are no other threads of equal priority ready to run, the function returns immediately, and the thread continues execution." So what sleep does is to direct the control flow to 4012F0 which have the algo to check user input" It was a clever way to conceal and execute the serial verification |
| donjoe145 18. Aug 2005 | I cracked in like 4-5 min. it was real fun in response to Aenox for the nag i just nop'd 4016AC-4016B0 and 401745-401749, i found those calls with ida's XREF and patched with olly, to Aenox do those patches stop the programming in functioning in others ways? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.