DaXXoR 101's KeygenMe #3
| Download Keygenme_Daxxor.zip, 9 kb (password: crackmes.de) Browse contents of Keygenme_Daxxor.zip Keygen it & disable the nag. Not quite as easy as it sounds.
Difficulty: 1 - Very easy, for newbies | Send a message to DaXXoR 101 » View profile of DaXXoR 101 » |
Solutions
Solution by l0calh0st, published 31. mar, 2006; download (17 kb), password: crackmes.de or browse.
l0calh0st has not rated this crackme yet.
Solution by Vohligh, published 16. apr, 2005; download (2 kb), password: crackmes.de or browse.
Vohligh has not rated this crackme yet.
Solution by K-Res, published 16. apr, 2005; download (47 kb), password: crackmes.de or browse.
K-Res has not rated this crackme yet.
The submission of solutions is closed.
Discussion and comments
| code_inside 30. Apr 2005 | A little comment on the solutions. Instead of NOP'ing those whole procedures you can just patch the first instruction "6A10 - push 10" to a "EB11 - jmp 0040104F" at offset 00402083 :) |
|---|---|
| _RoS_128 21. Jun 2008 | That was cool -- I learned a lot. Thanks DaXXoR! |
| ayeyen 17. Sep 2008 | That memory trick was super clever. |
| lanzaa 10. Aug 2009 | Easy, cool little memory trick. |
| shan75 07. Jan 2010 | MOV DWORD PTR DS:[403C64],JMP.&user32.GetWindowTextA> SUB DWORD PTR DS:[403C64],9 PUSH 1FF CMP EBX,1 JNZ SHORT crackme.00401241 PUSH crackme.00403054 PUSH DWORD PTR DS:[40304C] JMP SHORT crackme.0040124C PUSH crackme.00403654 PUSH DWORD PTR DS:[403050] CMP EBX,1 JE SHORT crackme.00401258 confusing about this piece of code please help me.. |
| SimpleData 03. Feb 2010 | That WriteProcessMemory trick was nice. |
| mem0rex 08. Oct 2010 | http://www.virustotal.com/file-scan/report.html?id=efc41119337f4a366c506d566a47d593396ed562ee487994e95f566347a2723f-1284647894 |
| AkaBkn 19. Oct 2010 | yhea: this was my first try in reverse engineering. cool! learned a lot and managed to write a keygen. but the submission is closed... :( |
| AkaBkn 19. Oct 2010 | ahh. forgot that -> AkaBkn:@N-CLKY]-QZU |
| jxzhxch 09. Dec 2010 | Easy,trick was nice. |
| wibf 16. Mar 2011 | nudge screen was tricky nice job man |
| yo-mismo 23. Mar 2011 | simple but nice crackme |
| newcracker88 27. Sep 2012 | please help me this is my first crackme |
| w1ck3dg0ph3r 17. Oct 2012 | A little addition to the comment on the solutions =) Its not enough to patch EB11 @ 00402083, cause it would not pass the checksum test later. So my solution is: 00402083 <- EB 11 ; Let the memory trick patch for us 00401636 <- 40 ; Fix checksum after patching |
| kalkunipraed 09. Apr 2013 | This was the first keygenMe-CrackMe I have ever solve - it was fun and I learned a lot. Thanks! |
| lykaner 17. Sep 2013 | I've a question on patching the nag: My 1st solution were the following patches (similar to l0calh0st IIRC): 0040103C EB 11 JMP SHORTcrackme.0040104F 004014DC 6A 00 PUSH 0 0040163A EB 07 JMP SHORT crackme.00401643 But if I overwrite 00401037 until 0040104E with NOPs instead of the first to patches and correct 0040163A as I've written, the program crashes if I click on "Check". Could somebody explain what I've overseen, please? |
| lykaner 18. Sep 2013 | Never mind, I've found my failure: In the procedure stating at 00401477 you can see that the process id is copied to 00403C80. The procedure starting at 004015B3 checks if the program was patched. At 004015C2 it calls the address located at 00403C80. But if 00401477 is never called 00403C80 consists of zeros. Therefore you have to overwrite the call of 004015B3 at 00401449 with NOPs. |
| cracker_bug 14. Jun 2014 | good crackme ! Made a python script to keygen it : http://pastebin.com/CCjxW3VK |
| aldeid 06. Dec 2015 | My detailed solution here: https://www.aldeid.com/wiki/Solution-DaXXoR-101-KeygenMe-3 |
| Twelfthnight 16. Feb, 17:47 | I finally solved this crackme as a college student! This is my first attempt on reverse-engineering, feelsgoodman. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.