downloadbrowseDevoney's HideWindow

Download CrackMe_#4.zip, 162 kb (password: crackmes.de)
Browse contents of CrackMe_#4.zip

CrackMe #4 - By Devoney

Name: HideWindow
Difficulty: 2 (on a scale of 1 to 10)
Executable: MainApp.exe
Goal: Unlock the menu item "Hide Window" by filling in the right password
Security: Password protected


Additional Information:
I have made this crackme because I am trying to get the hang of C/C++.
It is compiled by a standard BloodShed Dev-C++ installation.
I have rated this crackme as 2 (scale 1:10) because it easy but it uses one trick concerned the reading of the password - thats a hint ;) -
If you dont know about GetDlgItemInt then this is still doable for you ;) If you do know about it, then you will find the trick quiete easily.


About Patching:
I dont care if you patch -Try http://www.crackmes.de/users/devoney/crackme_3.0/ if you like to patch ;) -
But if you patch you will not learn how this one is solved properly by yourself ;) and you will not discover the trick by yourself.


Your Reward:
The last time I posted a crackme the reward where chills down your spine if you looked up the location in the message at the end.
This time your reward is the possibility to use a functional application.


Goodluck, have fun and mail me with questions/solutions/greetings etc.
Devoney (klerkdemike@hotmail.com)

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows
Language: C/C++

Published: 01. Jan, 2009
Downloads: 379

Rating

Votes: 3
Crackme is boring.

Rate this crackme:

Send a message to Devoney »

View profile of Devoney »

Solutions

Solution by shellwolf, published 05. jan, 2009; download (1 kb), password: crackmes.de or browse.

shellwolf has rated this crackme as nothing special.

Submit your solution »

Discussion and comments

Predator
04. Jan 2009		I think you have do a mistake
/*40160B*/ MOV DWORD PTR SS:[EBP-4], EAX
/*40160E*/ CMP DWORD PTR DS:[406144], 34EA090
/*401618*/ JNZ SHORT MainApp.00401651
/*40161A*/ CMP DWORD PTR SS:[EBP-4], 15B8
/*401621*/ JNZ SHORT MainApp.00401651

first you put in [EBP-4] the serial that must be dec of 34EA090
next at offset 40161A you read [EBP-4] and must be 15B8
but the serial is always 34EA090

Predator
shellwolf
05. Jan 2009		it is a trick .....not a mistake
simonzack
Moderator
13. Jan 2009		Just why...
couldn't you say it weren't simply a fake algo :(
i spend time looking everywhere for the real algo until i looked at the answer to realize it wasn't fake after all...
Devoney
Author
13. Jan 2009		Hopefully that makes this one original, yet simple.
g4hsean
14. Jan 2009		if you want to patch then, change MOV DWORD PTR SS:[ESP+8],1 to MOV DWORD PTR SS:[ESP+8],0

004014E6 |. E8 15190000 CALL <JMP.&USER32.GetMenu>
004014EB |. 83EC 04 SUB ESP,4
004014EE C74424 08 0000>MOV DWORD PTR SS:[ESP+8],0
004014F6 |. C74424 04 6D00>MOV DWORD PTR SS:[ESP+4],6D
004014FE |. 890424 MOV DWORD PTR SS:[ESP],EAX
00401501 |. E8 0A190000 CALL <JMP.&USER32.EnableMenuItem>

else if you like fishing, then the solution made is the solution i got too. Theres also a third way to patch the prog too, but ill leave that up to an unskilled reverser.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.