HMX0101's Keygenme #5
| Download keygenme#5.zip, 30 kb (password: crackmes.de) Browse contents of keygenme#5.zip =====================
Difficulty: 4 - Needs special knowledge | RatingWaiting for at least 3 votes View profile of HMX0101 » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| HMX0101 Author 26. May 2006 | Nothing can't crack this?, i think its very easy :D if somebody need hints, maybe i can help... |
|---|---|
| Ank83 26. May 2006 | Hi HMX0101. How are u ? It was a while since a cracked something, and this one looks difficult to me, but I will try it. So my question is: Can this crackme load in Olly ? Best Regards Ank83 |
| HMX0101 Author 26. May 2006 | Yes, check the crackme using a PE Editor :D |
| Ank83 26. May 2006 | I just don't see what to change ! Need some help ! Regards Ank83 |
| l0calh0st 26. May 2006 | Ank83 ...you only need to change the "no. of RVA and sizes"...Mostly it should be 10 |
| Ank83 26. May 2006 | yeap it working... thank l0calh0st it's nice to see you all, again. |
| bundy 06. Jun 2006 | First some code fragment with my comments. I apologize if it gets wrong formated. 003D4FE6 mov esi,003D6100 ; some sort of crc table ...... 003D5011 |shr ecx,14 ; get high 12 !!! bites 003D5014 |mov ecx,[dword esi+ecx*4] ; access AWAY!! of the crc table ...... 003D5033 |shr edx,19 ; 7 bites ?!? 003D5036 |mov edx,[dword esi+edx*4] ; crc table not fully used :( 003D5039 |shl ebx,15 ; this could be accepted ...... 003D5049 mov eax,80 003D504E /mov edx,ebx 003D5050 |shr edx,18 ; corretly in my point of view - 8 bites left 003D5053 |mov edx,[dword esi+edx*4] 003D5056 |shl ebx,13 003D5059 |xor edx,ebx 003D505B |mov ecx,[local.1] ; remember 80h <= eax < 101h 003D505E |movzx ecx,[byte ecx+eax-2] ; reference to company + eax - 2 - hmm, what's there???? 003D5063 |xor edx,ecx ; some data on heap 003D5065 |mov ebx,edx 003D5067 |inc eax 003D5068 |cmp eax,101 003D506D \jnz short 003D504E 003D506F mov ecx,[local.2] Well, the main problem the way I see it, is that there is access out of data section. Mostly there is access into .reloc section - if it would be into .code section I would see it as a sort of crc checking, which would be fine with me. The second thing is this access into the heap after company name - do we miss here some modulo? :) I honestly don't think anyone of these fragments is this mentioned "special trick". I would call them "bugs". If I oversaw something or I'm completly wrong give me some hint, on the other side, I would correct this wrong access "behaviour". |
| HMX0101 Author 06. Jun 2006 | The algo used for check the CRC32, can make different hashes, but after a long time... maybe its a bug, but i don't think so. Try to make a keygen, and you see if that points are true... |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.