geeko's Picasso
| Download ownapi.zip, 207 kb (password: crackmes.de) Browse contents of ownapi.zip The proggy explains itself
Difficulty: 2 - Needs a little brain (or luck) | RatingWaiting for at least 3 votes View profile of geeko » |
Solutions
Solution by Zaphod, published 07. nov, 2006; download (100 kb), password: crackmes.de or browse.
Zaphod has rated this crackme as quite nice.
Discussion and comments
| geeko Author 04. Sep 2006 | tip: window is white |
|---|---|
| geeko Author 05. Sep 2006 | write a tutorial |
| BaKaE 05. Sep 2006 | i got a question 1. did you really use "TButton" if yes: how did you hide the button-ressource my ressource-editor don't show the TButton-ressource only TImage |
| geeko Author 05. Sep 2006 | There is no tbutton resource as known from Delphi |
| l0calh0st 05. Sep 2006 | i think it uses the form.keydown events......Not sure though...found the way to patch but didn't got where it actually reads the entered serial |
| EvOlUtIoN 05. Sep 2006 | very good crackme! |
| geeko Author 06. Sep 2006 | 127.0.0.1, u are close, but I didn't use keydown. How and where did u find the patch? I'd like to know. Well, it could be said that I never read the serial entered :-) , but... I check it somehow. how? Does the patch resolves both SAVE (good boy message) and EXIT? how? |
| l0calh0st 06. Sep 2006 | Yes the patch resolves it 0045087C 34 01 xor al,1 to 0045087C 34 00 xor al,0 |
| geeko Author 06. Sep 2006 | 127.0.0.1, Congratulations. U found a very good spot (can u write a tut on how did u find it, please?), but u need to find the code as I said. Sorry. Let's say it's a key to some treasure :) Do u still work on it, or need some tips? |
| BaKaE 18. Sep 2006 | is the numer "16777215" important, coz it arives while debugging |
| geeko Author 19. Sep 2006 | want some hints? |
| BaKaE 19. Sep 2006 | yes, so what does this number mean? |
| geeko Author 19. Sep 2006 | it is important, coz it;s part of the test. Put it in hex. see something? |
| geeko Author 25. Sep 2006 | d16777215=hFFFFFF=white color! (remember the first comment?) |
| overhead 26. Sep 2006 | hi, it must have to do something with the embedded TImages... "hot spot code" loops through pixels (getpixel). unfortunatelly i cant see, how user input is related to this... patching would be easy :o) but... need some further investigation on this one! |
| overhead 26. Sep 2006 | [cite] Well, it could be said that I never read the serial entered :-) [/cite] hmm... some idea pops up in my lil tired brain... maybe "serial" is checked by its "graphical" representation through pixel... crazy if so :o) |
| overhead 26. Sep 2006 | YEAH......... I GOT IT! :) |
| overhead 26. Sep 2006 | part of serial = 43Uuak/ me makes a lil dance :o) nice ONE geeko!!! i now have to write a tut... but not tonite... keep searching guys... even the color blinds ;o) |
| geeko Author 26. Sep 2006 | Is very good what u did spot. waiting tut thanx |
| geeko Author 12. Oct 2006 | the code is encrypted in an Timage. |
| Zaphod 26. Oct 2006 | Geeko, I'm ripping my hair out over this one! I asssume overhead is right when he says that the serial is checked by it's graphical representation, but when GetPixel breaks with x,y-values within the area of the serial, it returns 0xFFFFFFFF meaning these values are outside the clipping region. And I don't see any cliprgn-functions in the crackme. Arrrgh! By the way, I tried localhost's patch ( xor al,1 -> xor al,0 ). I made no difference on my computer :( |
| Zaphod 26. Oct 2006 | I made no difference on my computer :( should have been It made no difference on my computer :( |
| geeko Author 27. Oct 2006 | zaphod, maybe the clipping region is not visible while u debug it. I dont know... The XOR patch is correct. I think the simplest way is to find the key image and try to decript it using some graphics filters or using the encryption algo within the code. |
| Zaphod 03. Nov 2006 | geeko, I finally found the password ( encrypted in TImage5 ), but I still don't know how you "read" the typed serial. I hope someone will post a solution. |
| geeko Author 06. Nov 2006 | Zaphod, post the solution. Reading the text is not required in this crackme, but you can look at Onkeypress event! |
| Zaphod 07. Nov 2006 | Geeko, I did try to set breakpoints at WM_Keydown and WM_Keyup, but that didn't get me anywhere. But okay, I'll write a short tutorial on how to extract the key from the bitmap, then we'll see if the moderators accept it :) |
| geeko Author 07. Nov 2006 | I don't know exactly how Delphi wraps WM_keyup and WM_keydown messages, but I tell you I surely used form.onkeypress event. Using dede will tell you exaclty where to BP. g'luck |
| Zaphod 07. Nov 2006 | Hey, that's a really smart program, Dede! I just downloaded it, and it should prove very helpful! By the way, I submitted my solution to the program... |
| geeko Author 08. Nov 2006 | Dede is good, but........... Try it on some of my latest crackmes! surprize! ha? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.