downloadbrowsederoko's fishme or keygenme

Download crackme_driver.zip, 22 kb (password: crackmes.de)
Browse contents of crackme_driver.zip

Hello again, this time objective is not so hard, write keygen or just find correct username/serial for your name.

Crackme uses ring0.sys to check password, crackme.exe (user interface) is protected with my "updated" protector, if you are really bored you will reverse this protector and that is pointless b/c all of dirty work is in driver...

Difficulty is 2-3/10 if you have SoftICE, syser or maybe IDA (for static disassembling and analyzing)
8/10 if you don;t have any of these tools

Have fun =)

Difficulty: 3 - Getting harder
Platform: Windows 2000/XP only
Language: Assembler

Published: 08. Sep, 2005
Downloads: 1161

Rating

Votes: 5
Crackme is nothing special.

Rate this crackme:

Send a message to deroko »

View profile of deroko »

Solutions

Solution by thehyper, published 13. jul, 2006; download (32 kb), password: crackmes.de or browse.

thehyper has not rated this crackme yet.

Submit your solution »

Discussion and comments

Shism
14. Oct 2005		Doesn't run on my computer
bigboss1988
14. Oct 2005		it's work on SP2

i think it's very very rock :D i ill try to crack it ;)
deroko
Author
14. Oct 2005		jB solved it and wrote keygen =) so it is working and it is possible to crack it =)
Shism
14. Oct 2005		ok.. but it doesn't run on my computer.
code_inside
14. Oct 2005		Shism, you're running Win2K isn't it? ;)
If an EXE doesn't have an Import Table, it will NOT run on Win2K :)
HMX0101
14. Oct 2005		working on XP SP2
Shism
14. Oct 2005		running win xp sp1
deroko
Author
14. Oct 2005		heh, I wrote that protector on winxp sp1 so I don't know what is a problem, did you try to debug it or it won't start at all?
Shism
14. Oct 2005		won't start at all :(
Shism
14. Oct 2005		I think I know what might be the problem...but I'm not sure how to get rid of the protection driver installed on my computer
deroko
Author
14. Oct 2005		wait, how driver could be installed if program doesn't work on your machine, I really don't understand...
if you somehow terminated process(task mngr for example) and driver is still there just run progy again it will try to Open existing service and it will delete it at the end of crackme, and driver will be unloaded...
Shism
14. Oct 2005		no I have a protection driver on my system... not the program's driver.

Main Protty v.01a (test phase)

- Process Environment Block protection (currently 2 modules protection used)
- Structured Exception Handling protection
- Import section killing (currently main application only)
- Export section protection (currently 2 modules protection used)
- RtlEnterCrticialSection protecting (currently disabled)


I have no idea how to uninstall it sigh
deroko
Author
14. Oct 2005		heh, easiest way is to use wARK and unload drvier from there, or create small scm manager that will kill it, or delete key from registry and restart machine so it won't start at boot any more =))
Shism
22. Oct 2005		weird damnit I cant load your program... something must be wrong with my computer lol
bigboss1988
24. Oct 2005		when i made bpx loadlibraryA in soft-ice
and run crack me to know where's ring0 load ? and where's is je or jne to patch the driver ?

show me blue screen said "system protction '!!! and restart!!!

i think it's need command for ring0 or sysdebug programme
deroko
Author
24. Oct 2005		use
:driver ring0
command to see local dispatchers for driver and then you may set bpx on right one =) that's the easiest way to get good key, or use IDA as jB explained in his solution =)
jB_
24. Oct 2005		Here is my solution (Sep. 11th 2005):
http://jardinezchezjb.free.fr/Keygens/deroko-drivercrackme.zip
I am sorry, I didn't write a tutorial, that is why i didn't submit it here.
I disassembled the driver and removed the garbage code. The cleaned asm listing is in the zip file. Then the serial generation is easy to understand, there is really no difficulty.
bigboss1988
24. Oct 2005		Hi,

deroko,
i wanna know how do u know this protection had stolen byte?

jB,

i think ur keyGen have problem !!!

userName: bigboss1988
pass:

3521903379-2565468543-2565468543

when i click check (wrong paaword)?!!
deroko
Author
24. Oct 2005		what protection? crackme.exe from this crackme?

jB's keygen is working b/c it is exact same proc used in driver =)
jB_
24. Oct 2005		You're right, bigboss1988
I wrote (for the wsprintf parameters)
push serial3
push serial3
push serial1

instead of:
push serial3
push serial2
push serial1

Not very hard to correct it :)
Source updated on my site, thanks.
bigboss1988
25. Oct 2005		hi,
deroko,
http://crackmes.de/users/arthi/arthiscrackme1.02final/
i saw ur solution very nice u really good in reverse Eng ;)
how do u know this crack me have stolen byte?
thx man:)

jB,
ur solution and KeyGen very nice ;) submit ur solution;)
deroko
Author
25. Oct 2005		well just compare start of normal VB app and arthis-crackme and that's all =)
bigboss1988
26. Oct 2005		if what the app in C/C++? i saw protection like acprotect and svkp used stolen byte how can i discovering it ?

sry man for many question ;)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.