madeinqc's Madeinqc's Crackme
| Download Madeinqc_crack-me_1.zip, 2 kb (password: crackmes.de) Browse contents of Madeinqc_crack-me_1.zip You need to find the "Good Boy" message (the message that
Difficulty: 2 - Needs a little brain (or luck) | Send a message to madeinqc » View profile of madeinqc » |
Solutions
Solution by costy, published 03. jul, 2008; download (122 kb), password: crackmes.de or browse.
costy has rated this crackme as boring crap.
Discussion and comments
| costy 27. Jun 2008 | It's impossible. Simply impossible wiithout modifications. There is a popup menu conteins 2 entry "good Boy" and "exit" but there is no possibility to call it. |
|---|---|
| jB_ 27. Jun 2008 | You're wrong, costy, it is possible to display the menu. The code is small, so it won't take you much time to figure out the trick. Funny crackme, madeinqc. |
| costy 28. Jun 2008 | jB Probably GetCommandLine could help... What do you think about? :-( |
| costy 29. Jun 2008 | Ok this is the problem. At line 401170 there is a check. the value DWORD PTR SS:[EBP+14] must be zero in order to display the good boy message but this value isn't zero. The program never write this value so it's impossible to display the good boy message without patching. No possibility. 00401170 |. 837D 14 00 CMP DWORD PTR SS:[EBP+14],0 00401174 |. 75 25 JNZ SHORT crackme1.0040119B 00401176 |. 66:83F8 01 CMP AX,1 0040117A |. 75 15 JNZ SHORT crackme1.00401191 0040117C |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 0040117E |. 68 18304000 PUSH crackme1.00403018 ; |Title = "Madeinqc's crack-me 1" 00401183 |. 68 2E304000 PUSH crackme1.0040302E ; |Text = "Good job! You found the Menu! Now send a mail to madeinqc_cracking@hotmail.com with your tutorial." 00401188 |. 6A 00 PUSH 0 ; |hOwner = NULL 0040118A |. E8 9B000000 CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 0040118F |. EB 45 JMP SHORT crackme1.004011D6 00401191 |> FF75 08 PUSH DWORD PTR SS:[EBP+8] ; /hWnd 00401194 |. E8 67000000 CALL <JMP.&user32.DestroyWindow> ; \DestroyWindow 00401199 |. EB 3B JMP SHORT crackme1.004011D6 0040119B |> 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10] 0040119E |. C1EA 10 SHR EDX,10 004011A1 |. 66:0BD2 OR DX,DX 004011A4 |. 75 19 JNZ SHORT crackme1.004011BF 004011A6 |. 66:83F8 01 CMP AX,1 004011AA |. 75 13 JNZ SHORT crackme1.004011BF 004011AC |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 004011AE |. 68 18304000 PUSH crackme1.00403018 ; |Title = "Madeinqc's crack-me 1" 004011B3 |. 68 92304000 PUSH crackme1.00403092 ; |Text = "You must find the ''Good Boy'' message." 004011B8 |. 6A 00 PUSH 0 ; |hOwner = NULL 004011BA |. E8 6B000000 CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 004011BF |> EB 15 JMP SHORT crackme1.004011D6 |
| Bswap 29. Jun 2008 | Oeps.... just press "esc" it will be 0 But AX is not 1....... a mouse call so AX will be 2. |
| jB_ 29. Jun 2008 | costy, as I wrote before, the crackme is ok. You can display the message without patching. |
| costy 30. Jun 2008 | i'm really sorry... but when i press "esc" the crackme is closed. I'm not perfect ... so i can make errors... I'm waiting for a solution... @jB The solution proposed by Bswap works on your pc? |
| jB_ 30. Jun 2008 | costy: no, what Bswap wrote isn't related to the solution. Try to disassemble the program with IDA, not Olly. You've missed something. Your second post might help, though I don't want to give hints. |
| costy 30. Jun 2008 | I only saw that the crackme search the character "/" in the arguments and store it's position in a memory location. that's all. is IDA freeware?? I have never used it... |
| Ox87k 30. Jun 2008 | Ahah WTF! It took me 2 minuts but nice "trick" ;) Funny! Good job madeinqc XD |
| costy 30. Jun 2008 | coULD you send a solution? |
| Ox87k 30. Jun 2008 | @costy: No. I won't write a solution because you have to understand how to solve it by yourself. You are in the right way, just take a look a little bit deeper. Ps: I could give you an hint with private message or better you can read something more about the WNDCLASSEXA's struct and try to find a way to solve it! ;) |
| Ox87k 30. Jun 2008 | Sorry, i mean WNDCLASSEX's struct (without the final A.. damned copy/paste!) |
| costy 01. Jul 2008 | Thank you for the hint |
| costy 03. Jul 2008 | The hint wasn't usefull. This is the WNDCLASSEX's struct. typedef struct { UINT cbSize; UINT style; WNDPROC lpfnWndProc; int cbClsExtra; int cbWndExtra; HINSTANCE hInstance; HICON hIcon; HCURSOR hCursor; HBRUSH hbrBackground; LPCTSTR lpszMenuName; LPCTSTR lpszClassName; HICON hIconSm; } WNDCLASSEX, *PWNDCLASSEX; I suppose that lpszMenuName should be equal to the resorce menu name. So I opened the program with ResHack and i see the menu name. That's ok. But how can i change it? The only way, i think, is passing a particular value in the command line. It seems that che crackme stores the position of a particular character in the sting. This character is '/'. But now i don't know what to do..... Could someone send a solution. Bye :-( |
| costy 03. Jul 2008 | ok i solved it. :-) Now the question is .... is it possible to find the menu name without a resource editor? Bye Bye Thanks to jB_ and Ox87k. |
| Ox87k 03. Jul 2008 | Why you want to find the menu name without any resource editor??? |
| Bswap 03. Jul 2008 | read the 3e line "No patching is required so... no patching allowed" changing the resource is patching ....... or what..... |
| costy 03. Jul 2008 | First: I committed an error the crackme isn't a boring crap. It's awasome. @Bswap I didn't changed the name of the menu. But i used the resource editor to see the menu name. So I asked (just to learn more)... Is it possible to know the menu name without a resource editor? Sometimes the exe are patcked so it's impossible to use a resource editor....... that's all. |
| Bswap 03. Jul 2008 | @costy nice tutor thx....... |
| Ox87k 03. Jul 2008 | @costy: Thanks for the greetz and nice tutor ;) |
| costy 04. Jul 2008 | ok... but... could someone answer to my last question? |
| DigitalAcid 04. Jul 2008 | Nice solution. And nice crackme. |
| madeinqc Author 07. Jul 2008 | loll thx for these comments. I'm planning to do a even more complexe crack-me. in fact it'll be more a keygen-me so watch out for obscufaction code loll :) will be out as soon as I finished my other program then that keygen-me ^^ |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.