
KLiZMA's CrackMe #5 (Stupid)
Download CrackMe_#5_by_KLiZMA.zip, 3 kb (password: crackmes.de) Browse contents of CrackMe_#5_by_KLiZMA.zip Hola!
Difficulty: 2 - Needs a little brain (or luck) | RatingVotes: 6 View profile of KLiZMA » |
Solutions
Solution by Rambo, published 24. feb, 2006; download (1 kb), password: crackmes.de or browse.
Rambo has rated this crackme as nothing special.
Solution by EsKiMo, published 24. feb, 2006; download (10 kb), password: crackmes.de or browse.
EsKiMo has rated this crackme as quite nice.
Solution by acidflash, published 24. feb, 2006; download (64 kb), password: crackmes.de or browse.
acidflash has rated this crackme as awesome.
Solution by Kerberos, published 24. feb, 2006; download (54 kb), password: crackmes.de or browse.
Kerberos has not rated this crackme yet.
The submission of solutions is closed.
Discussion and comments
Ank83 17. Feb 2006 | Hi KLiZMA ! I need some help with unpacking. I search the web to find some tutorial for unpacking SVKP 1.3x - Pavol Cerven but I didn't find any good. All the tutorial I found lead me to the same error. All of them are with using OllyScripts. So give me some hint how to unpack this crackme ? I also want to ask you does the goal of this crackme is to print Patched ? Best Regards Ank83 |
---|---|
HMX0101 17. Feb 2006 | The crackme is not packed with SVKP, its packed with FSG XD |
Ank83 17. Feb 2006 | I notice that in Olly Dump, but I can't find the OEP ! That is my problem ! |
HMX0101 17. Feb 2006 | @KLiZMA: You have encrypted/obfuscated the goodboy message? This make it a little bit more harder. |
Ank83 17. Feb 2006 | In Olly Dump it shows the FSG signature, bur PEID give me SVKP 1.3x - Pavol Cerven. |
HMX0101 17. Feb 2006 | Its easy to unpack: Find the JMP EAX and put a BPX here and run now the crackme break in the breakpoint, trace until this 3 jumps: 004001CD ^\78 F3 JS SHORT crackme.004001C2 004001CF 75 03 JNZ SHORT crackme.004001D4 004001D1 FF63 0C JMP DWORD PTR DS:[EBX+C] Put a BPX in the 3rd jump, run the crackme and this break in the jump, now trace with F7 or F8 and you land in the OEP :D |
Ank83 17. Feb 2006 | How can I find the OEP for this one ? |
HMX0101 17. Feb 2006 | It is useful to unpack? |
Ank83 17. Feb 2006 | hm... I found the 3 jump, put a breakpoint on it, and when i press F9 the app doen't get to the breakpoint ! It says: Error Dont know how to continue becase memory at adress F22E40B6 is not readable. Try to change EIP or pass exeption to program. I will try restarting my PC ! Maybe that's the problem. |
Ank83 17. Feb 2006 | no, that wasn't my problem. |
Ank83 17. Feb 2006 | it crashes when the second jump (of 3) reach this command kernel32.SetUnhandledExceptionFilter. Maybe something is wrong with my system file. (or I'm missing something). Thanks HMX0101 |
HMX0101 18. Feb 2006 | To avoid this you can use the UnhandledExceptionFilter 0.22p or HideDebugger plugins. |
KLiZMA Author 18. Feb 2006 | Very interest fighting in this comments... |
EsKiMo 18. Feb 2006 | You can make OllyDbg show you the OEP by selecting "Trace real entry bytewise (very slow!)" in the SFX tab (Debugging options). |
crazysky 18. Feb 2006 | Why my replyes were disapeared? |
Ox87k 18. Feb 2006 | for unpacking no problem, but... KLiZMA u made a very g00d j0b! I'm in difficult to find the real byte to patch... i don't understand very well, so ur crackme make me confused! =| |
zairon Moderator 18. Feb 2006 | To crazysky: >Why my replyes were disapeared? You surely broke one of our rules. |
jB_ 18. Feb 2006 | Same for me, sorry for my previous message which gave really too many tips... I almost gave the solution. Writing tips for this crackme without giving all is not easy. Another try: Ox87k : 'Not patched!', 'Patched'... Think about it. KLiZMA said "patch 1 byte (or 2 byte)". Why? =) |
HMX0101 18. Feb 2006 | I think that the goodboy message has encrypted/obfuscated, and this make a little more harder. |
kemp 18. Feb 2006 | Sent my solution for this.... not sure if it's the correct way to patch it but.... it works! and only 2 bytes ;-) |
crazysky 19. Feb 2006 | It is just change the beginning address of "Not patch!" to point to the "p" charactor! |
Ox87k 19. Feb 2006 | crazysky has had my same idea (only 1 byte) =) but i think it's wrong... I'll wait for some solution! (thanks klizma and jb!) |
crazysky 21. Feb 2006 | Ox87k,why do you thought my idea is wrong? Can you show me? |
Ox87k 21. Feb 2006 | is my thing! i don't sure that this way is correct but... try ;) i'm waiting the solutions! |
HMX0101 21. Feb 2006 | my way to beat this crackme is very lamest and maybe the solution can be rejected XD |
HMX0101 21. Feb 2006 | SOME BYTES modifieds (not 1 or 2, various) XD |
HMX0101 24. Feb 2006 | my solution has rejected because too much solutions XD |
HMX0101 24. Feb 2006 | i'm waiting the crackme #6 XD |
Ox87k 24. Feb 2006 | all unpacked solutions files don't work for me. Crash! I've WinXP SP1.. however the my and crazysky idea is right =) Seems to be too much stupid to be true! ehehe!! i'm waiting for crackme#6 ;) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.