Eldad Eilam's Defender.exe
| Download Defender.zip, 12 kb (password: crackmes.de) Browse contents of Defender.zip This CrackMe is very very Special :)) . It has some very hard protections that will make your cracking sessions very enjoyable
Difficulty: 5 - Professional problem to solve | RatingVotes: 10 View profile of Eldad Eilam » |
Solutions
Solution by zairon, published 07. sep, 2005; download (36 kb), password: crackmes.de or browse.
zairon has rated this crackme as quite nice.
Discussion and comments
| code_inside 19. Aug 2005 | Nice CrackMe :) But at some point it uses the name and serial stuff to decrypt a piece of code and then runs this code. Do you need to guess (Bruteforce...) to what instructions it needs to be decrypted? Because I don't see another way around :) |
|---|---|
| Arilou 19. Aug 2005 | There is no need to bruteforce you just need to this here is an example key if you dont feel like thinking full name = Arilou serial = 3F12C03E1C9905E6 Very nice crackme Eldad :-) keep them coming! |
| TQN 20. Aug 2005 | Hi Arilou ! I test with your supply key, and defender say: "Sorry... Bad key, try again." |
| Arilou 20. Aug 2005 | Ahh yes TQN you are correct im really sorry forgot to provide my C Driver Volume Serial Number. 0xc40100b (just change your to this or change the global 406020 after the call to ZwQueryVolumeInformationFile) the call address is at 00401B6C (and if that does not help you the keys to the encrypted buffers are: 0xB14AC01A ; first buffer 0x8ED105C2 ; second buffer ) i think this is enough information ... nothing much left now 3 lines of code to keygen it (but try finding the keys to the encrypted buffer your self *WITHOUT bruteforce... |
| code_inside 20. Aug 2005 | Very nice Arilou :) I've also encountered that the CrackMe shows nothing except the string "Defender Version 1.0 ...", I think this is a little bug (But I haven't checked what's causing it). But I still don't see how it can be done without a little bruteforcing? Well, i'll just wait for a solution to show up ;) |
| Arilou 20. Aug 2005 | :) thank you code_inside Eldad is there a way to contact you ? email or something ? |
| lord_Phoenix 21. Aug 2005 | Great crackme ;) if someone liked it than try my second crackme - that's harder maybe and use this protection theme.. it's not ad =) |
| code_inside 08. Sep 2005 | Nice solution zairon, Now I understand it :) |
| deroko 09. Sep 2005 | yap really nice solution =) |
| Oorja-HalT 09. Sep 2005 | You have proved once again you are just like your avataar a mamoth cracker |
| zairon Moderator 09. Sep 2005 | Thank you my friends, too kind as usual. After submitting the solution I discovered that there is a full description of the crackme inside Eldad Eilam's book 'Reversing - Secrets of Reverse Engineering'. I'm reading it but I haven't noticed it until few days ago... it seems to be a good book. I suggest to read the solution made by the author :) |
| bLaCk-eye Moderator 09. Sep 2005 | I see everybody is kind with YOU when you are a moderator here, except me :) (i get kicked in me balls). Anyway very sweet solution by zairon ;) Take care and waiting for next crackme from out celebrity :) |
| deroko 13. Sep 2005 | I've got that book and Eldad wrote about 50 pages on reversing this crackme =) very interesting, but here is one my old macro if anybody finds this tehnique of writing crackmes or programs interesting: @sysenter macro syscall, parameters local __@@1, __@@2 push eax jmp __@@2 __@@1: mov eax, syscall mov edx, esp dw 340Fh ;sysenter 0F34h __@@2: call __@@1 add esp, (parameters*4) + 4 ; + 1 for dummy EIP endm |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.