Mr.Farshid's RZM Crack Me - Crack Me 4 (11)
| Download Crack_Me_11.zip, 107 kb (password: crackmes.de) Browse contents of Crack_Me_11.zip Here Is My crack me
Difficulty: 3 - Getting harder | RatingWaiting for at least 3 votes View profile of Mr.Farshid » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| DaoTian007 05. Mar 2015 | key func: Testuj() { ... } |
|---|---|
| Matteo 17. Mar 2015 | i think that it is too difficult for me... stupid vb6 :/ but after 2 hours of analysis that is what i have found: -ZwQueryInformationProcess (ProcessDebugPort=7) as antidebug -seems that RC4 is used -a .bat file is created, inside you find this: ATTRIB - s - h - r C:\DOCUME~1\Matteo\Desktop\CRACK_~1\CRACKM~1.EXE ATTRIB -s -h C:\DOCUME~1\Matteo\DATIAP~1\___Kill_MyPro.bat DEL C:\DOCUME~1\Matteo\Desktop\CRACK_~1\CRACKM~1.EXE DEL C:\DOCUME~1\Matteo\DATIAP~1\___Kill_MyPro.bat seems also that it read files in windows dir to make some kind of checksum working in progress for more... when i will have some free time |
| Matteo 18. Mar 2015 | nice news!! solved first part :) happy to see that i'm not a total noob, login 1: "F4rsl-l!d" working for the rest.... |
| Matteo 18. Mar 2015 | i think i will skip the activation part as i have no idea how it could work. i have found that this is the website: http://rzm.is-best.net there is a post request, something with cookies, phpsessid. but i don't know php and i know only for what cookies are used for. there is also something with this reg key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD i have no idea about bat file and reg key... question: is in general a good idea to post the working serial? pro: it can help people con: it removes all the fun in solving it |
| halsten 19. Apr 2015 | Matteo: The login and username will be used to access a Persian forum's account "http://rzm.is-best.net/users/stop/", the first part is trivial to get, but I don't get the point in doing the second part, def not an online activation per se, and therfore I think it shouldn't count as a valid crackme. And I agree VB6 is stupid. :) |
| Matteo 20. Apr 2015 | what i did is register on the forum (with the help of google translate) and: - if i input my valid user & pw (used on registration) it block and nothing happens - if i input random data it say you loose - if i do both while offline it say step 1 done i have found also this: "http://rzm.is-best.net/2-.html" if you visit there is a textbox and it say wrong pw if you confirm i think that password is server-sided so you can't find (you have to bruteforce and it takes forever) what someone could do is to find where it sees if pw is correct or not and patch it but i don't think is good solution |
| halsten 20. Apr 2015 | Matteo: There was a link to the activation part, I can read the page normally, but I can't understand anything cause I don't speak Farsi, but as you said its correct its server side and its pretty much pointless. There was actually 2 strings generated from the binary one of them was generated from a base64 encoding. Not sure if you got that part or not. I did try and see if it the right one, but I don't think so it worked. Either ways, this part of the crackme is pointless and not valid. The crackme has lots of bugs programmatically and logic wise as well. |
| Mr.Farshid Author 25. Apr 2015 | try that not to hard its not stupid mybe your thing is stupid :) no activation with no idea and no programming is good becuse ... good luck :) |
| SinaDiR 14. May 2015 | It's fully shit, it's serverside check routine, here is the U/P for the first part=asdqwe:123123 the last part is web based again and the author just has access to password, so u'r cheater and I think you try to make visitor for your website, also it's completely bruteforcable to get last 4 char of password, here is RCE community it's not your stupid idea area !!! |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.