downloadbrowsecyclops's NTS-Crackme10

Download NTS-Crackme10.zip, 22 kb (password: crackmes.de)
Browse contents of NTS-Crackme10.zip

NTS(Newbie Cracking Series)-Crackme10

Regards,
Cyclo

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows 2000/XP only
Language: C/C++

Published: 23. Dec, 2006
Downloads: 1036

Rating

Votes: 6
Crackme is nothing special.

Rate this crackme:

Send a message to cyclops »

View profile of cyclops »

Solutions

Solution by TheColonial, published 08. mar, 2007; download (247 kb), password: crackmes.de or browse.

TheColonial has rated this crackme as nothing special.

Submit your solution »

Discussion and comments

Ank83
24. Dec 2006
WOW.
What a nice way to write a book about cracking. All the work will be done by others :)))
10 point for creativity.

Best Regards
Ank83
cyclops
Moderator
24. Dec 2006
Thanx Ank, hope u enjoi the crackmes....

Happy X-Mas to all.....

Regards,
Cyclo
hardcoder
24. Dec 2006
You cannot miss judge this crack me, this is not that easy that you mentioned in the readme.. Really very good crackme I'd rate this 2. I enjoyed playing with it...
RDTSC,and initial exception trick is interesting... KeyGen is toooo simple........
Keep it up man,
regards
DaBookshah
25. Dec 2006
Even though the section beginning with
004010D9 . 64:A1 30000000 MOV EAX,DWORD PTR FS:[30]
004010DF . 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]

stands out pretty obviously, and I bypassed it, I don't understand it :(. Can someone enlighted me?
Bswap
25. Dec 2006
Good Crackme I like it ! ;)
Zaphod
05. Jan 2007
Cyclops, I have found the correct serial for my name ( and also written a keygen ), but I had to activate the HideDebugger-plugin to do it.
Without the HideDebugger I can't. I think that's because I don't know what these MFC42-functions do. Do you know where to find a list of the functions and some documentation?
The only thing I know about MFC is that it means Microsoft Foundation Classes, but that doesn't help much...
l0calh0st
08. Jan 2007
No Zaphod....Theseare WinAPI calls that are preenting you from debugging.....

Hint : Check in string references.....and there is exceptions trick too and another one which you have to find :P
Zaphod
08. Jan 2007
I don't know how the OutputDebugString-trick works, but I can bypass it by changing two bytes.
But there is still the IsDebuggerPresent-thing that gives me problems. It it not enough to nop it out. Hmmm...
cyclops
Moderator
08. Jan 2007
U can by pass it by changing the je/jne to jmp or change the return value of the call..
cyclops
Moderator
08. Jan 2007
OutputDebugString exploits the format string of the ollydbg.some thing like this printf(str);.if u give str as format strings like %s it wil fetch args frm stack nd try to get strings from arbitrary locations. This creates the exception
Zaphod
08. Jan 2007
Cyclops, I did try changing je to jne, but the program still exits. There must be one more trick connected to this?

What I don't understand about the OutputDebugString is that the ApiHelp says that the string is output to the debugger and displayed. Displayed where? I changed %s%s%s... to A,0 and it works. But I don't know where the A would be displayed.
Zaphod
08. Jan 2007
Okay, now I found it! It has to do with the FS:[18] stuff - what that means, however, I don't know :(
TheColonial
02. Mar 2007
Hi all. I've submitted a solution, hopefully it'll get through moderation soon. I only used IDA to solve it, and had no issues getting round the debugger check. It would have been harder had it actually constantly run on a separate thread, but thankfully once on startup made it very easy!

For more info, read the solution :) I would apprecicate any feedback.
ARCHANGEL
03. Mar 2007
TheColonial, you are really cool reverser if you could do that, well done:)
Ox87k
03. Mar 2007
ARCHANGEL: where is the problem!? anti-debug part?
For a keygen, just attach to the process :P
TheColonial
05. Mar 2007
ARCHANGEL: Solution is now available.

0x87k: Isn't the purpose of this entire website to learn and share your solutions? Just "attaching" to the process is hardly going to help others learn.

Thanks guys.
Ox87k
05. Mar 2007
TheColonial: surely about this site but my comment wasn't a critic but just a little hint for a quick method to keygenning it. This crackme is level2 and then if someone try it, that suppose (maybe) that he isn't a very very very newbie, right? So, i told you another method to solve it. Nothing more.. Please sorry if my post has given a wrong impression.
TheColonial
05. Mar 2007
0x87k: No need to apologise :) I didn't mean to be rude either. I was just making a point. You're right, your comment does give newbies a hint.

Cheers :)
TheColonial
08. Mar 2007
Hi All. Zairon has informed me that my keygen crashes when he runs it. The reason is that the MS VC++ libraries that come with Visual studio 2005 SP1 need to be installed. You can download these redistributables from here:

http://www.microsoft.com/download/NTS-Crackme10.zips/details.aspx?familyid=32BC1BEE-A3F9-4C13-9C99-220B62A191EE&displaylang=en

I am sorry, but I don't want to include those in the zip file.

Cheers
T.C.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.