BUBlic's MyVM #1
| Download MyVM_#1_KeygenMe_by_BUBlic.zip, 35 kb (password: crackmes.de) Browse contents of MyVM_#1_KeygenMe_by_BUBlic.zip The name says it all - it's a VM.
Difficulty: 7 - Very hard | RatingVotes: 4 View profile of BUBlic » |
Solutions
Solution by waganono, published 09. aug, 2007; download (73 kb), password: crackmes.de or browse.
waganono has rated this crackme as quite nice.
Solution by KernelJ, published 07. aug, 2007; download (59 kb), password: crackmes.de or browse.
KernelJ has rated this crackme as quite nice.
Discussion and comments
| opcode0x90 26. Jul 2007 | The serial procedure is not in VM, kinda defeats the purpose of VM. |
|---|---|
| BUBlic Author 26. Jul 2007 | The serial procedure IS in the VM. Of course it's not difficult to patch it, but this is not your task. |
| KernelJ 27. Jul 2007 | I found a line where you overflow one of your blocks of allocated memory by a whole DWORD! A 0xABABABAB dies every time it eats your serial lol. I'm not entirely sure what effect... if any... that has on, well... anything... though... Let's just call it a mistake... |
| KernelJ 27. Jul 2007 | Another comment - does this crackme ever release ANY of the memory it receives. Definitely not all of it anyway... I wonder if it's possible to check your serial enough times to stop the thing working |
| BUBlic Author 28. Jul 2007 | Sorry for those little mistakes (due to the nature of allocating memory the effects aren't noticeable on my system, but could be fatal on an other). If any/none name/serial combination (see about) works then just patch: 004015C7 |. 68 00080000 PUSH 800 to: 004015C7 |. 68 00080000 PUSH 7FC Thx KernelJ, those four bytes which could be overwritten are the most important ones. |
| KernelJ 28. Jul 2007 | The effects weren't noticable to me either, but I knew I could make it noticable. So jammed the enter key held down on the serial checking button and the following error box (therefore filling up my RAM bit by bit) for about 50 mins roughly and then when I came back to the computer I stopped it, and when I clicked back on OllyDbg it took a few seconds to activate because it had to load everything again that was cached in virtual memory! Also I found that even though usually memory was coming from 0x08000000 or 0x0A000000 ranges now it was coming from 0x15000000. And checking memory dumps between this and 0x0A000000 the whole lot was filled with the same rubbish. So definitely memory leakage there... That patch is not critical, but recommended. I don't see any reason why it would break any of the serial checking so don't worry about it. |
| waganono 07. Aug 2007 | I just keygen this one, great work BUBlic! I'll send you my disassembler & keygen as soon as possible. |
| Ox87k 07. Aug 2007 | @waganono: Another solution will be good (i think) for all of us. KernelJ did a great job with his solution but another one is good! |
| saitob 07. Aug 2007 | Quote from 'About': "Maybe there are still skilled reversers, who are able to keygen this one and will do so, but I don't think there will be a solution. /Quote This is a great example wichg shows that thing's don't allways end up as expected! Great work BUBlic and KernelJ. |
| BUBlic Author 07. Aug 2007 | Indeed, the "and will do so" is actually the part of the sentence with the most weight (since before submitting I let some reversers, who are actually really skilled take a look at that; some said they could but the actually have to little free time atm.). And the same way, I suppose, it is at my Security Pow -2 keygenme, to write which I had to study all the algorithm description papers first (since it's a unusual algo), so I to break it ppl, actually, have to do same. Howev, you've exceeded all of my expectations, great job, really! |
| waganono 07. Aug 2007 | @BUBlic I'll just send you my work to your @. I'm writing a short tutorial now. The VM is well coded and provides good functionalities, i really appreciate your work. |
| KernelJ 07. Aug 2007 | [quote]some said they could but the actually have to little free time atm[/quote] lol so what you're really saying is that I had too much time on my hands. Maybe true... I did like the way your VM worked mostly. I think my main criticism at this point was how you handled the LEA value scaling (or didn't handle). The way the actual bytecode itself was coded seemed very odd to me. Extremely inefficient compared to what was possible. Whether this was just an attempt to make it harder to reverse I'm not entirely sure... Anyway, I have gained some valuable experience from completing this keygenme. So thankyou! And also thanks all for your comments on my solution. |
| waganono 08. Aug 2007 | @BUBlic I just have sent my solution to mods. @KernelJ I have read your tutorial and i see we don't have the same way to solve it, so I complete your explanations. You made good work, really. You seems to be a "still skilled reverser" :) |
| KernelJ 10. Aug 2007 | Well I may as well read yours... Hmm, what on Earth is a 'kind of' MD5?? |
| waganono 11. Aug 2007 | Just cause of 4 classic cstes (+pad) : 67452301, EFCDAB89,98BADCFE,10325476. Do you have noticed them? Or maybe it is a well kwnow algorithm, hash? Do you know? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.