downloadbrowse_khAttAm_'s _khAttAm_'s KefileMe v2

Download _khAttAm_.kfmv2.zip, 95 kb (password: crackmes.de)
Browse contents of _khAttAm_.kfmv2.zip

hey ppl,
It's me again. This time I've come up with a Kefile-Gen-Me. As the name suggests, you will need to find a valid keyfile for your name and make a Keyfile generator. It may prove to be very difficult, but isn't impossible, trust me I have made it. If you are successful, you can even see the source of the whole crackme, which is included, but is password protected. The password is the Registration Code for my name "_khAttAm_" in the Keyfile.

Note that it runs properly in XP only. In other platforms, I haven't tested it and I think it does not say registered even if there is a valid keyfile..............

Warning:
Not for newbies, it may cause nervous breakdown :D

Difficulty: 7 - Very hard
Platform: Windows
Language: Unspecified/other

Published: 24. Jul, 2005
Downloads: 901

Rating

Votes: 6
Crackme is quite bad.

Rate this crackme:

Send a message to _khAttAm_ »

View profile of _khAttAm_ »

Solutions

There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!

Submit your solution »

Discussion and comments

ap0x
27. Jul 2005
I have just downloaded it and unpacked it... The thing i want to know is what is that code scrambler used on UPX. Do you mind telling us...
_khAttAm_
Author
27. Jul 2005
Ok ap0x........

It's UPolyX 0.4...............
_khAttAm_
Author
27. Jul 2005
And good luck ap0x.......... Hope you'll write a tut to my crackme.............. I really love to see tuts on my crackmes...............
deroko
05. Aug 2005
noooooo =) why VB why =)
uhhhhh this progy goes from one dir to another =)
deroko
06. Aug 2005
huh I've patched kfm__1.tmp to create keyfile with my name, but I'm not sure if this is right solution?

Now it prints registered to deroko... and this VB is really killing me...
deroko
06. Aug 2005
yap, but I've set BPs on CreateFileA and CreateFileW, also on CreateProcessW to see what is going on, but CreateFileA is called only for checking if keyout.tmp exists, which is generated by kfm__1.tmp...

I don't see any keygen routine or anything like that so I guess that patching kfm__1.tmp with my name is solution =(

_khAttAm_ ?
_khAttAm_
Author
06. Aug 2005
Come on konstAnt,

Dont act smart............... Two weeks ago, I've already shown you how this crackme works and the valid keyfiles too................. And you've got the wrong one.......... Here is NO LOADER............ That was another one.............. Have you even tried this one?? hehe :D.....peace

and derko........
Hope you've tried hard.......
But I've stated clearly and will like to state, well if I haven't, that .......... "NO PATCHING"
It isnt so silly as writing keyout.tmp and writing your name on that, come on...........

And thats why it is level 7 (Very Hard) :)

And keygen routine?? for a keyfile-gen-me............ Remind you, your target is to make a Keyfile-Generator for any name...............

Let me give you a hint, the keyfile will have the name "jammin.key" and should reside in the same folder where the crackme is running from....................

If you wish to see some valid Keyfiles, you may ask...........

And yet another hint, the original checking routine is in kfm__1.tmp.................., :D
deroko
06. Aug 2005
yap I've seen that jammin.key and made it, but couldn't finc routine that cheks for it =) maybe to deep harder =)
deroko
06. Aug 2005
ahh bunch of spelling mistakes... huh it is going to be a long night...
deroko
07. Aug 2005
004033BC FF2485 C4334000 JMP DWORD PTR DS:[EAX*4+4033C4]

ahh just to see how this thing fits in, 9, 0a, 0d can't be used so some other address is used... 20 neither... huh =)
Just to find working address... or we have decoy =) I'll find out very soon...
deroko
07. Aug 2005
huh I got lost with all this 22/2c/24/09/0a/0d/20 =)
Also there are some checks for stringlen (30) and as I fugured there should be 24 13/14 times so this would be incremented:
004010F7 E8 74250000 CALL dumped3_.00403670
004010FC 83F8 24 CMP EAX,24
004010FF 74 05 JE SHORT dumped3_.00401106
to follow last je and increment some data...

not sure yet... huh, very tough crackme...

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.