DrPepUr's DrPepUr #5
| Download DrPepUr5.zip, 14 kb (password: crackmes.de) Browse contents of DrPepUr5.zip There are no rules all solutions ar valid as long as it runs registered and all options are unlocked. Patch, Keygen, Loader, Bruteforce just whatever you gotta do.
Difficulty: 1 - Very easy, for newbies | Send a message to DrPepUr » View profile of DrPepUr » |
Solutions
Solution by DigitalAcid, published 09. jun, 2008; download (130 kb), password: crackmes.de or browse.
DigitalAcid has rated this crackme as awesome.
Solution by costy, published 27. apr, 2008; download (225 kb), password: crackmes.de or browse.
costy has rated this crackme as quite nice.
Discussion and comments
| yaleond 07. Apr 2008 | if serial.length == 1 success! if serial.length == 2 the app cant open! |
|---|---|
| DrPepUr Author 07. Apr 2008 | That is a bug in the program, It says registered but no options are unlocked, still shows unregistered in the about box. |
| yudi 18. Apr 2008 | i get the right result, but there is a bug ! first run eax=0 then second run eax=0A registered !!! three checks : 1.bp 00401316 don`t patched at first run !!! 2.bp 004011FB 3.bp 0040128E after second run patched the pro and enabled all function! after saving the pro will not run at all !!! *** bug*** |
| DigitalAcid 18. Apr 2008 | Well, if you patched and saved to file, it will be patched at first run =). Maybe a loader would work. |
| DrPepUr Author 19. Apr 2008 | If you patch it correctly it will run.......Hint....There is an CRC check |
| costy 26. Apr 2008 | I submitted a solution I hope it will be accepted. The crackme copy itself in the TEMP directory and the executes its copy with ShellExecuteA. The copy does the crc check so just remove the call to ShellExecuteA. |
| DrPepUr Author 28. Apr 2008 | @costy: I looked over your solution, there are much easier ways to do it. But you missed a few things, na valid license type is shown,"[Registered]" was not one of them. The check-boxes have been enabled but not checked. Instead of using a resource editor to enable them, you should have found where and how, and why they were enabled. If this were a "real" app making cosmetic changes would be simply that....You would have the look, but functions maybe even hidden functions would not be enabled. As for your question about making changes directly from olly all you have to do it hit the spacebar where you want to assemble, make your changes right click and copy to executable. It is much easier than a hex editor. |
| costy 13. May 2008 | OK I had a look. I understood that this routine enables and check the checkboxes. I have to execute this one to check the boxes. And I made some changes to it becouse it doesn't work correctly for same reason. I could check all checkboxes with resource editor but you are right this is a better way. 004045B1 /$ 55 PUSH EBP 004045B2 |. 8BEC MOV EBP,ESP 004045B4 |. 837D 0C 01 CMP DWORD PTR SS:[EBP+C],1 004045B8 |. 73 02 JNB SHORT DrPepUr5.004045BC 004045BA |. EB 41 JMP SHORT DrPepUr5.004045FD 004045BC |> C745 10 BC0200>MOV DWORD PTR SS:[EBP+10],2BC 004045C3 |. BF 00000000 MOV EDI,0 004045C8 |> FF75 10 /PUSH DWORD PTR SS:[EBP+10] ; /ControlID 004045CB |. FF75 08 |PUSH DWORD PTR SS:[EBP+8] ; |hWnd 004045CE |. E8 7D010000 |CALL <JMP.&user32.GetDlgItem> ; \GetDlgItem 004045D3 |. A3 C0734000 |MOV DWORD PTR DS:[4073C0],EAX 004045D8 |. 6A 00 |PUSH 0 ; /lParam = 0 004045DA |. 6A 01 |PUSH 1 ; |wParam = 1 004045DC |. 68 F1000000 |PUSH 0F1 ; |Message = BM_SETCHECK 004045E1 |. 50 |PUSH EAX ; |hWnd 004045E2 |. E8 8D010000 |CALL <JMP.&user32.SendMessageA> ; \SendMessageA 004045E7 |. A1 C0734000 |MOV EAX,DWORD PTR DS:[4073C0] 004045EC |. 6A 01 |PUSH 1 ; /Enable = TRUE 004045EE |. 50 |PUSH EAX ; |hWnd => NULL 004045EF |. E8 50010000 |CALL <JMP.&user32.EnableWindow> ; \EnableWindow 004045F4 |. FF45 10 |INC DWORD PTR SS:[EBP+10] 004045F7 |. 47 |INC EDI 004045F8 |. 3B7D 0C |CMP EDI,DWORD PTR SS:[EBP+C] 004045FB |.^75 CB \JNZ SHORT DrPepUr5.004045C8 004045FD |> C9 LEAVE 004045FE \. C2 0C00 RETN 0C |
| DigitalAcid 19. May 2008 | I looked at this crackme again, and i think there are several License Types. I only found 1 so far. I patched it with Olly and got a Newbie License and only 2 checkboxes that were enabled :). I will try some more, but this is a hard one without patching, imo. |
| DigitalAcid 03. Jun 2008 | I found a valid key for the Newbie License :P. I tried reversing the algorithm, but it's not so easy, at least not for me. Quite nice algorithm ;). It's a shame this one isn't keygenned yet. If I could, I would do it =). |
| DigitalAcid 10. Jun 2008 | Updated my solution. It includes a short overview on how to reverse the algorithm and has valid keys for all License Types. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.