mucki's crackme#7
| Download crackme7.zip, 48 kb (password: crackmes.de) Browse contents of crackme7.zip This is my 7th crackme (keygenme), written in MASM.
Difficulty: 2 - Needs a little brain (or luck) | Send a message to mucki » View profile of mucki » |
Solutions
Solution by DrPepUr, published 10. apr, 2008; download (580 kb), password: crackmes.de or browse.
DrPepUr has rated this crackme as awesome.
Discussion and comments
| r00ster 04. Apr 2008 | It's really funny, for me is a good level-3 ;-) I have defeated anti-debugging routine, and have the program opens my cd-image. Too bad, just after that there is a crypto routine on program startup path that i don't understand: it cyphers my path then results in a ExitProcess call.... ...Pretty confused...and maybe noob... :-| |
|---|---|
| mucki Author 06. Apr 2008 | I only used standard crypto routines, nothing special. You can find them if you check it with KryptoAnalyzer plugin of peid. |
| DrPepUr 08. Apr 2008 | Ok, I am lost on this one. I managed to create a valid cd image, no problem...here is where I am at. The program takes your name and makes a checksum then encrypts the entered serial then xor [Name Checksum], [Encrypted Serial] 07FFFFFFFh 0270Fh jg @Bad if you pass this check the xored value gets ran through wsprintf and modifies the code below where EAX is supposed to get set.. starting with 270fh there seems to be about 1,175 possiblities where the modified code will set EAX to 1 I have no Idea of how to proceed, can anyone throw me a bone on this? DrPepUr |
| DrPepUr 08. Apr 2008 | and 07FFFFFFFh cmp 0270Fh sorry I am tired lol |
| mucki Author 08. Apr 2008 | and 07FFFFFFFh: sets the first bit to 0 - otherwise "jg @Bad" would not work cmp 0270Fh (9999 decimal): to prevent that wsprintf destroys code your task is that wsprintf creates executable code |
| DrPepUr 08. Apr 2008 | yeah I know, I wrote a little program that listed all the possible outcomes from 00 to 270fh came up with like 1,175 possible ways. that the wsprintf would modify the code to where the outcome would be 1. was just curious if this was more brute forcing or keygenning or a little bit of both. I dunno still got a lot of noob in me, just cant think of a way to keygen this. |
| r00ster 08. Apr 2008 | @DrPepUr: Can i ask you to exchange infos about this CM? I have passed anti-debugging routines and open the cd-image, but i'm stuck after this. I think we can help each other, and maybe understand a little more of that program. If you think that is possible, let me know. |
| DrPepUr 09. Apr 2008 | I got it, writing tutorial now...guess I just needed some sleep. |
| mucki Author 09. Apr 2008 | you don't really have to brute force it. just look which opcodes between 30h and 39h you can use to create executable code. the last byte will be set to 0. |
| DrPepUr 09. Apr 2008 | I figured it out, tutorial + keygen submitted this was a nice crackme enjoyed it. |
| DigitalAcid 10. Apr 2008 | Nice tutorial. Looks like a nice crackme too. |
| Ox87k 11. Apr 2008 | I don't know how it's possible to rate this crackme as only good. Mucki, your ideas are awesome, you make always original crackme. I love your work mate! This one is pretty cool and maybe level3 would be better. Keep it up man, waiting for your next masterpiece! |
| mucki Author 12. Apr 2008 | Thx guys, I'm glad that you like it. |
| BRK12345 13. Apr 2008 | Yeah,it a great crackme!! |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.