Kirjava's KGM2
| Download KGM2.zip, 2 kb (password: crackmes.de) Browse contents of KGM2.zip Difficulty:
Difficulty: 1 - Very easy, for newbies | Send a message to Kirjava » View profile of Kirjava » |
Solutions
Solution by mrmacete, published 16. oct, 2014; download (5 kb), password: crackmes.de or browse.
mrmacete has rated this crackme as quite nice.
Discussion and comments
| Borgiman 16. May 2014 | I find this crackme very hard, but i'm also a newbie^^ Really looking forward to a solution, so i can learn from it |
|---|---|
| evaboy 18. May 2014 | What is the good and/or bad message. This is good algo though. |
| absolute_stratos 18. May 2014 | Written both a keygen and patched it! Really fun for a noob, bit tricky with having some ollydbg analyse issues but I learned a lot. Thanks for making this! ^^ |
| unix-dude 19. May 2014 | Did a self-keygening thing for this one. Wasn't too hard, a bit of anti-analysis tricks here and there. Good job :) |
| zaas 24. May 2014 | Can you tell me how to write the tricks in visual studio? |
| r0bert 26. May 2014 | tr4ceflow, i'll think you'll find that was an intentional curve-ball |
| Kirjava Author 27. May 2014 | @zaas, The tricks were done like this: http://ideone.com/weVyka |
| tr4ceflow 27. May 2014 | I wrote an tutorial which was not accepted. An update version was uploaded now by me. > i'll think you'll find that was an intentional curve-ball I do not understand you. ------------------------------------ my removed comment: There is a bug in the crackme. If the name like "tr4ceflow" has length 9. There is a part when the crackme used int val = 10; char character = Name[9-val]; here: 004011BA . 83C9 FF OR ECX,FFFFFFFF ; ecx = FFFFFFFF 004011BD . 2BC8 SUB ECX,EAX ; FFFFFFFF - 9 = FFFFFFF6 = -10 004011BF . A1 FC164000 MOV EAX,DWORD PTR [<NamePtr>] ; hinter '-' zeigen 004011C4 . 03C1 ADD EAX,ECX ; gehe 10 Zeichen davor 004011C6 . 8B0D FC164000 MOV ECX,DWORD PTR [<NamePtr>] ; KGM2.004016AD |
| Kirjava Author 28. May 2014 | @tr4ceflow, you will notice the "out-of-bounds" byte is always the last 0xCC of main. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.