Knight's Knight's Crackme #2
| Download Knight__s_Crackme_2.zip, 17 kb (password: crackmes.de) Browse contents of Knight__s_Crackme_2.zip My second crackme. Bit harder than the first one.""
Difficulty: 3 - Getting harder | RatingWaiting for at least 3 votes View profile of Knight » |
Solutions
Solution by bbvv, published 17. nov, 2005; download (24 kb), password: crackmes.de or browse.
bbvv has not rated this crackme yet.
Solution by oklahoma, published 15. aug, 2005; download (40 kb), password: crackmes.de or browse.
oklahoma has rated this crackme as nothing special.
Discussion and comments
| TQN 16. Jun 2005 | Great and hard plugin, Knights ! A new, clever and simple way to injected and hidden teerayoot.dll by GetModuleHandleA. |
|---|---|
| TQN 16. Jun 2005 | Sorry, I type wrong. "To find the injected and hidden..." |
| Knight Author 16. Jun 2005 | Yeah, seems you have hidden olly but forgotten your own plugin :) Hope in next versions OllyInvisible won't be so easy detecteble. Have u allready cracked it? |
| GR33d 19. Jun 2005 | can someone post a solution with a tute? im connfused lol |
| TQN 20. Jun 2005 | I am crack it in my free time. I use IDA to analyze it. To by pass the checking for teerayoot.dll, we can open the Invisible.dll in hex editor, replace the teerayoot.dll (ansi and Unicode) text with any name we want, and replace the name of teerayoot.dll in disk with that name. And below is my idc script to decode the check function. This function is new subclass function for edit controls in crackme. // decrypt the subclass window proc in Knight's Crackme #2 // TQN #include <idc.idc> static main() { auto ea; for (ea = 0; ea < 0x19C; ea++) { PatchByte(0x00409000 + ea, Byte(0x00409000 + ea) ^ ea); } } Hope another experience reverses will continue with this fun crackme. Best regards, TQN |
| bkslash 24. Jun 2005 | I've written a keygen for this crackme, I'll post it here as soon as I write a solution. BTW there are some names for those it's impossible to generate a serial (for example bksla and Knightd). |
| Knight Author 25. Jun 2005 | Well there are some names whitch doesn't have serials, but there are much less them than you think. When CuTedEvil approved my crackme he asked serial for his name, here it is: 00821-64000-64002-00019-0084F . I'm posting it here because your keygen can't generate serial for this name. Man you missed something, something what makes things much easier. Regards |
| CuTedEvil 25. Jun 2005 | Yeah, that's actually why I asked for a serial for my name, Knight gave me a working serial, so all of you, THINK HARDER :) btw Knight, I like ur crackme. I hope to see some PERFECT solutions from you guyz. Best Luck CuTedEvil |
| bkslash 26. Jun 2005 | Oh yes, I've found a bug, fixed it and submitted a new version of solution. |
| Knight Author 19. Nov 2005 | Intresting fact, that nobody noticed what all those xor's in name hashing funtion do. They just swap values, and everybody whose keygens I saw left everything how it is. I meen some of those xor's might be removed. Anywayz, nice solution, bbvv. Regards, Knight |
| oklahoma 20. Nov 2005 | oh really? look at my solution, file "knightcm2.cpp" you just do not read solutions carefully. ....................... // ... and tashy code, yup I'm lazy to make a candy... hash1=hash3^temp^(hash2^temp)^(hash2^temp^(hash3^temp^(hash2^temp))); hash2=hash2^temp^(hash3^temp^(hash2^temp))^(temp^(hash2^temp^(hash3^temp^(hash2^temp))))^hash3^temp^(hash2^temp)^(hash2^temp^(hash3^temp^(hash2^temp))); hash3=temp^(hash2^temp^(hash3^temp^(hash2^temp))); /* i.e hash1=temp^hash2; hash2=hash2; hash3=hash3; */ |
| oklahoma 20. Nov 2005 | "tashy" means "trashy" :) |
| oklahoma 20. Nov 2005 | and there is still no key for name "zairon". :( |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.