downloadbrowseDaXXoR 101's FreakDropper Series #1

Download FreakDropper_v0.9a.zip, 2 kb (password: crackmes.de)
Browse contents of FreakDropper_v0.9a.zip

Packed with my own monster :: FreakDropper v0.9a

Note: almost all crackers will get a validation error running this exe, that is because it checks for installations of cracking tools as well as if they are running.

Difficulty: 7 - Very hard
Platform: Windows
Language: Assembler

Published: 20. Aug, 2005
Downloads: 990

Rating

Votes: 8
Crackme is boring.

Rate this crackme:

Send a message to DaXXoR 101 »

View profile of DaXXoR 101 »

Solutions

Solution by _HellDashX_, published 22. aug, 2005; download (13 kb), password: crackmes.de or browse.

_HellDashX_ has rated this crackme as quite nice.

Solution by deroko, published 22. aug, 2005; download (7 kb), password: crackmes.de or browse.

deroko has rated this crackme as awesome.

Submit your solution »

Discussion and comments

deroko
20. Aug 2005
very very nice =)
So objetive is only to dump it?
deroko
20. Aug 2005
yah, got it, submitted solution + dumped file =)
Knight
20. Aug 2005
Deroko, what unpacked exe should do? I unpacked it but it seems it does nothing useful.
deroko
20. Aug 2005
it just prints message(dialog):
This exe is protected with: FreakDropper Version 0.9a...
_HellDashX_
20. Aug 2005
I unpacked it but the crackme have a little problem, the user32 imports dont works, :(
Because it, the crackme dont show any dialog as deroko said, i try it without debbuging and dont show anything too, :(
Perhaps is a bug? I use Windows XP SP2
deroko
20. Aug 2005
I have winxp sp2, and it works fine =)

have no idea what is causing problems =(
_HellDashX_
20. Aug 2005
Weird, sometimes works, sometimes dont work...well, i will submit my solution, :)
code_inside
20. Aug 2005
At offset 00401002 it tries to call (I think) GetModuleHandleA, but the offset to this API is hardcoded in the .exe, and so are some other API's... :)
TQN
21. Aug 2005
I patched two string: "software\uCF2000" and "software\UInC", and on my machine, XP SP1, it does not show anythings. Seem it open explorer.exe process, read 5 bytes at 0x4A80B6.
Sorry if I wrong !
Knight
22. Aug 2005
I think there's a bug in protector. That program doesn't run on my machine. Somekind problems with imports. I see that deroko's dump have DialogBoxIndirectParamA, when for me it points to nowhere (not really, somewhere near CreateIconFromResource). And it's probably not dumping problem since even original file doesn't runs properly (at first i thought that it maybe detects some of my tools, but after cleaning registry nothing have changed).
I'm using WinXP sp2 with newest updates.
deroko
22. Aug 2005
well it has fixed imports from user32, actually hardcoded addresses so it might cause a problem =( I have sp2 too, but no latest updates =)
_HellDashX_
22. Aug 2005
Yes, in my first dump, it dont work, but i need fix the user32 imports by hand, :(

Now, works perfect. I am using Windows XP SP2 with the las t updates too
Knight
22. Aug 2005
Deroko, the problem is not in your dump, it works fine. Problem is in packer itself, since i can't run protected file (nor dump done by myself). When i run it, simply nothing happens (at very begining i thought that it might be because it detects some tools in my system, and now i know it's because mess with IT).
I just want to say that DaXXor 101 should fix his packer/protector compatibility issues in future versions. BTW DaXXor will u share your packer with public?
deroko
22. Aug 2005
yap I know, all user32 apis are hardcoded in packer =)
When I said fixed I meant hardcoded =) Well english isn't my native language =)
DaXXoR 101
Author
22. Aug 2005
Good Solutions :)
Sorry about the hardcoded API bug. I have fixed it for the next version. As for sharing the protector with the public, it is not a normal protector. It is actually a set of tools that will crypt and split the sections of an exe and put them in an .asm file with decryption and protection code. So really it is a way of protecting an exe manually. I will probably write a tutorial on how to do that, but not share the programs themselves. In the next crackme I will include the source code for the previous packed exe.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.