Ank83's Pyramid
| Download pyramid_by_ank83.zip, 13 kb (password: crackmes.de) Browse contents of pyramid_by_ank83.zip Hi !
Difficulty: 2 - Needs a little brain (or luck) | Send a message to Ank83 » View profile of Ank83 » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| Ank83 Author 18. Dec 2005 | Does anyone have a solution for this crackme ? |
|---|---|
| konstAnt 20. Dec 2005 | That's a hang work man...???? Writing a solution for a crackme like this which has that many feature is a hanging up task.. :P |
| madlogik 20. Dec 2005 | If anyone is patient enough, I would like to know how to enable buttons like the check button here... (step1 ) thanks - madlogik(AT)gmail.com - |
| madlogik 20. Dec 2005 | ... how to find the ENABLE/DISABLE CONTROL .. ? I crtl+b to find Check I dont know witch one to (modify byte) from 00 to 01 to enable the button.. I dont really get the logic to find the right one.. thanks |
| deroko 20. Dec 2005 | open it VBdecompiler and locate manually what to enable in exe itself or use Window Enabler to enable buttons/forms... |
| Ank83 Author 20. Dec 2005 | Hint: REMEMBER this: Open a vb application in some HEX editor, and find the sting that is caption for that button, checkbox e.t.c. Go to the end of the caption, and start counting ! The 24th byte will be for for enableing that button ! Ex.: 59 6F 75 20 64 69 64 20 69 74 3F 3F 3F 0 0 0 4 F 8 0 7 C 8 0 A 6 F 0 9 7 7 0 1 0 8 0 {0} Y o u d i d i t ? ? ? 1 2 3 4 5 6 7 8 9 101112131415161718192021222324 0 - disabled and 1 - enabled |
| Absolom1 21. Dec 2005 | madlokik, for buttons once you have finded the label ("Check" in this case) you have to count eleven rows and edit the 00 you encountered there with a 01. This is only for Buttons... for Textbox, you have to change with FF, I think... but I´m not sure now... |
| konstAnt 21. Dec 2005 | Yah I've enabled the buton and enabled the button and perhaps found the first level password... But it doesn't show any other box??? |
| Ank83 Author 21. Dec 2005 | konstAnt here's some help ! Open the application in VBDecopmiler and from there make vpb pjocet and open it to see what is hidden(invisible) and what is the secret trick in level one ! |
| Ank83 Author 21. Dec 2005 | Does anyone passed stage one, yet ? Or do you need some help ? |
| konstAnt 22. Dec 2005 | Ooops Z...Z... Was sleeping that time |
| deroko 22. Dec 2005 | one q on s2... you check if 2nd button checked(1) if not __vbaEnd, and later you check for (0) unchacked, if checked __vbaEnd... i'm confused... 00406A44 if not 1 -> __vbaEnd and again: 00406E9C 66:83BD 38FFFFF>CMP WORD PTR [EBP-C8],0 00406EA4 0F94C3 SETE BL but this time for 0... if not 0(unchecked) ->> __vbaEnd |
| Ank83 Author 22. Dec 2005 | That is the part where you have to patch ! The thing is that that is the part to confuse you ! The code is checking a checkbox from stage 2 not from stage 1. Just patch it ! This was put here to confuse you ! This message will be deleted after two days so we dont show this hint to future cracker ! Have a nice day ! |
| Ank83 Author 22. Dec 2005 | In other word that is a NAG ! A msgBox that will always popup becase the condition of poping up will always be true ! |
| Ank83 Author 23. Dec 2005 | Any progress, anyone ? I think that the webmaster's should upgrade the level of difficulty of my crackme ?! A least 3th ! :) |
| windayjiang 24. Dec 2005 | QUOTE:Hint: REMEMBER this: Open a vb application in some HEX editor, and find the sting that is caption for that button, checkbox e.t.c. Go to the end of the caption, and start counting ! The 24th byte will be for for enableing that button ! Ex.: 59 6F 75 20 64 69 64 20 69 74 3F 3F 3F 0 0 0 4 F 8 0 7 C 8 0 A 6 F 0 9 7 7 0 1 0 8 0 {0} Y o u d i d i t ? ? ? 1 2 3 4 5 6 7 8 9 101112131415161718192021222324 0 - disabled and 1 - enabled I think it's not right like you said, I tested my app wrote with VB6.0: app1 button1 enable=true app2 button1 enable=false both same project, but save as two different app open them with WINHEX, it has 1300 places different and I try to use your way to enable the button, nothing done! why? |
| windayjiang 24. Dec 2005 | Yah, I tested it will done like this: Check 1 2 3 4 5 6 7 8 9 A B C .......... position C changed 01 can work, is that right? |
| Ank83 Author 24. Dec 2005 | Try patching the 24 bit (12th byte) in each of the application from 00 to 01 or from 01 to 00 ! You will see that if the button was enabled it becames disabled, or if the button was disabled than becames enabled ! Remember the 12th byte after the end of the caption of that button ! This is a case in all my written VB application, and all other that I try ! I dont know what should be the problem with yours ! I'm not 100 % sure that this is a case in all VB aplications, but I'm 100 % sure that this is the case is mine crackme ! :) |
| windayjiang 25. Dec 2005 | YES,I have already enable the OBJECT in stage1, but how can I type the "A0"? It always be a space. And if I edited in the dump, I can go to the stage2, it will tell me that something forget in stage1. I am sure I have already checked the checkbox. Anything else?:) |
| deroko 25. Dec 2005 | write dialog that will print 'A0'+serial+'A0' and c/p from dialog to crackme =) |
| Ank83 Author 25. Dec 2005 | This will be the last hint for level one ! A0 is ALT+255 ! |
| Ank83 Author 25. Dec 2005 | in other words that is character that is similar to space ! |
| konstAnt 26. Dec 2005 | Nop that's not ... :X Space means (space) in dump but it is something different.. |
| Ank83 Author 27. Dec 2005 | Any one at level 3 or 4 ? |
| konstAnt 28. Dec 2005 | I just passed level 1 :P |
| KLiZMA 28. Dec 2005 | Used: PE Explorer, PEiD, VBReFormer 1 step [Unpacking] Put this crackme in PE Explorer and save it :) Whatta FuN? This tool unpacked crackme from UPX to generic VB app. New filesize 53,248 kb. 2 step [Enable-Disable] Put unpacked shit in VBReFormer and change PyramidS1 - VB.Form: Check1 - VB.CheckBox Visible False to True Command1 - VB.CommandButton Enabled False to True Text1 - VB.TextBox Enabled False to True Save app. with changed parameters. 3 step [You are THE BEST CRACKER IN THE WORLD] Run cracked app., press Check button and see ........ Nice work! message?????? Thatz all???? What trick, fun, hard???? He-he :)) |
| Ank83 Author 28. Dec 2005 | Dear KLiZMA what you've seen is the bad boy message ! The app has 4 stages ! But you're pretty close to passing stage one ! You enabled everything, you check the checkbox, all you need is the valid pass ! Hint: Do some reading in the dsscusion above, and i think you will find the valid pass, and the way to get it ! Have a nice cracking day ! |
| Ank83 Author 28. Dec 2005 | Keep going ! If some one needs hints, dont be shy and ask me ! |
| windayjiang 29. Dec 2005 | i still can't solve the A0 problem,shit! |
| BlackHawk 29. Dec 2005 | i've unpacked , enabled all the thinks you can found in the 1st form but I still can't go trugh it... i can't use Olly because of the debugger protection, and i don't know how to disable it... ank83, i begin to hate you ^_^ |
| Ank83 Author 29. Dec 2005 | BlackHawk the OllyProtection is one of the most stupid protection that I can think of ! All you need to do in Olly is NOP the adress that is calling that protection ! NOP everything that is calling the procedure of OllyProtection ! It will work belive me ! Dont forget the hidden check box ! Have a nice day ! |
| BlackHawk 29. Dec 2005 | i've made visible the ceck box... now i'll wprk on the antidebugprotection... tnks |
| Ank83 Author 29. Dec 2005 | windayjianq A0 is in HEX, in DEC that is 160 ! Find the character that is assingn to 160 ! I wrote a VB app to help you: Private Sub Form_Load() Dim a As String a = Chr(160) Text1.Text = a End Sub In the textbox you will get a character that is similar to space, but it's NOT ! So you can copy/paste it ! And at last here is the serial in stage one: ALT+255+"Ank Rulz"+ALT+255 ! Please tell me that you understand me ! |
| HMX0101 29. Dec 2005 | the anti-ollydbg trick, check if ollydbg.exe is running, you can change the name and bypass this protection |
| Ank83 Author 29. Dec 2005 | That is one way ! And I think that that is the easyest way, Becase OllyProtection is a one procedure that is called from places all over the crackme, so if you alter that procedure, that string you solved the problem till the end of the crackme ! So open the crackme in Hex editor find the "OLLYDBG.EXE" string and change it to "OLLYDB1.EXE" ! HM0101 nice work ! |
| Ank83 Author 29. Dec 2005 | I think that the moderators should upgrade the difficulty level of this crackme, at least 3 ! :) |
| Ank83 Author 31. Dec 2005 | Happy New Year ! I hope you will crack my crackme in the next year ! :) |
| Ank83 Author 03. Jan 2006 | Waiting solution ! Does anyone work on this or you all gave up ? :P Come on people i will help as much as I can ! |
| EsKiMo 22. Jan 2006 | Just reached level 3! This is a very good crackme. It has lots tricks/code that need to be NOPed or patched to work in the right way. Good work Ank83 :) |
| Ank83 Author 22. Jan 2006 | Thanks EsKiMo ! If you need some help don't hasitate to write me. Regards Ank83 |
| HMX0101 24. Jan 2006 | the 2nd stage its a little harder, i can't get the correct combination of checkboxes, some hints? |
| hadicol 25. Jan 2006 | Check out the 7 vbaObjSet functions in a row. The function immediately after vbaObjSet actually checks if the box is selected. I had to check each box and see which function responded to see what order they were in. I am on stage 3, stuck on the key file... and for the success message, what button do you mean enabled? "Next Stage" is already enabled! Should I just guess where to patch it to? |
| hadicol 25. Jan 2006 | ok figured out keyfile (I was over-thinking it) now just need a magic patch? |
| Ank83 Author 26. Jan 2006 | To see in what order they are you can use VB6Decomiler. Generate a VB Project and you will see. I think that that is the easyer way. I uploaded a new version of this crackme to make the level 3 easyer. So now, when you press Next Stage you will get NAG message and exit. In the code I implemented a procedure that call's the next and final stage. All you have to do is call that function (adress). Sorry for the late respond. Regards Ank83 |
| HMX0101 15. Mar 2006 | I have the correct combination of checkboxes but i need the string that compare the serial in the clipboard. This is a easy one, thank you Ank83 for this crackme, the solution for this crackme is coming soon... |
| Ank83 Author 15. Mar 2006 | I think that the srerial include some special ascii characters (like. ATL+255 e.t.c.). It goes something like "CrAcKINg iS Co0L !", this is not the string, but it is similar to that. I will post it tomorow, becase I'm not home I don't have the source here. Best Regards Ank83 |
| Ank83 Author 15. Mar 2006 | HMX0101 did you found the string ? In case you did not found it, here it is: " CrAcking is ÿc0ol !" Regards Ank83 |
| l0calh0st 15. Mar 2006 | It seems Ank has to submit solution for his Crackme :) |
| Ank83 Author 15. Mar 2006 | It seems like that ! It was my first crackme, so I wanted to be solved. That is why I give so much help. :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.