downloadbrowser-Evolution's Our first keygenme by r-Evolution crew

Download first_r-Evolution_keygenme#1.zip, 128 kb (password: crackmes.de)
Browse contents of first_r-Evolution_keygenme#1.zip

Very easy windows crackme running on the command line

Difficulty: 1 - Very easy, for newbies
Platform: Windows
Language: C/C++

Published: 09. Sep, 2010
Downloads: 1256

Rating

Waiting for at least 3 votes
(we have only 2).

Rate this crackme:

Send a message to r-Evolution »

View profile of r-Evolution »

Solutions

Solution by hardbop, published 14. sep, 2010; download (9 kb), password: crackmes.de or browse.

hardbop has not rated this crackme yet.

Solution by ORacLE_nJ, published 14. sep, 2010; download (13 kb), password: crackmes.de or browse.

ORacLE_nJ has rated this crackme as boring crap.

The submission of solutions is closed.

Discussion and comments

MRw0rmX
12. Sep 2010		Its sooooo fucking easy LOOL. it took me a few secs with olly ^^
r-Evolution
Author
13. Sep 2010		@MRw0rmX Ok!!!I am waitng for your solution.And believe me....More challenges by r-Evolution coming soon :).
@freesoul I removed your last comment :/.If you solved it please upload a solution.No offense
MRw0rmX
13. Sep 2010		r-Evolution I've already submitted my solution but it is being analysed by MODS

LOOL its so fucking easy. Just search for strings click on the error that is being displayed when wrong serial, then find the JE and fill it with NOPS. Save the cracked version and u are done with it ^^

MY SUGGESTION: Don't display any message when serial is wrong. Use a obfuscator to encrypt strings. It will be much more fucking hard to solve ^^
MRw0rmX
13. Sep 2010		well actually it will be easy anyways LOOL. But for newbies it will be harder.
MRw0rmX
13. Sep 2010		I've upload my crackme. Try to solve it :)
r-Evolution
Author
13. Sep 2010		@MRw0rmX Well yes I tried to make it very easy because it is our first crackme.You solved it???I am glad you did.I would really like to analyze the easy ago and write a keygen.Patching is too easy and it's not allowed!! I thnk I 've said that before ,haven't I??I will try your crackme as soon it will be reviewed by the moderators.
MRw0rmX
13. Sep 2010		OK. Patching not allowed?? don you want me to make a keygen? ok I will do it :)
MRw0rmX
13. Sep 2010		lol. I can make a keygen after patching xD. just kiding LOOL
r-Evolution
Author
13. Sep 2010		OKP.I am happy you will :P :)
voneiden
13. Sep 2010		I'm curious to see if MRw0rmX can produce a keygen..
MRw0rmX
14. Sep 2010		Why do you think I'm a newbie?uh?
MRw0rmX
14. Sep 2010		Patching: Fill with NOPS in the JE that goes to Invalid Serial
Keygen. Username+Ê

Very Easy LOOL
vasto
14. Sep 2010		thx for the good explanation @ hardbop and thx for this keygen @ r-Evolution
r-Evolution
Author
15. Sep 2010		Well Done guys for the great solutions.I am really happy you solved it :) (Yes I really am).....
r-Evolution
Author
15. Sep 2010		I read your solutions1!!How many f@cking :) times am i gonna say it.It was our first keygenme god damn it.We are still teenagers.Do you think we can do much more?????????
r-Evolution
Author
15. Sep 2010		Great solution hardbop i am really imressed
r-Evolution
Author
15. Sep 2010		:) I mean from your explanation and keygen
hardbop
15. Sep 2010		Thank you, r-Evolution ( & vasto ). I am not new to programming but am fairly new at reversing/cracking. I am going to be spending more time on this site downloading crackmes and trying to learn more & hone my skills.
r-Evolution
Author
15. Sep 2010		Well believe me that's what you exactly have to do
ORacLE_nJ
15. Sep 2010		I didnt mean to offend you by making such a short tut..

I didnt have enough time..

"We are still teenagers. Do you think we can do much more????????"

Me too...
MRw0rmX
16. Sep 2010		"We are still teenagers. Do you think we can do much more????????"

Me too...


Me too LOOL
manorhacker
16. Sep 2010		@oracle_nj no no offense!!! :) I told you i am happy you solved it :P
manorhacker
16. Sep 2010		@MRw0rmX :P :) LOL
manorhacker
16. Sep 2010		Well i logged in with my original account!!You might not recognized me.I am one of the r-Evolutions
MRw0rmX
16. Sep 2010		nice. my crackme was cracked by one of the mods (and I used my obfuscator. however he still cracked it :)
MRw0rmX
16. Sep 2010		@manorhacker
Man 'm crating a new crack me. And It will be so fucking hard to crack. I got some ideas ^^
r-Evolution
Author
17. Sep 2010		I am thinking of creating a keygenme in .net a bit harder algo and an obsfucator as well :)
s0nik42
02. Oct 2010		I'm quite confused,
I follow the solution provided above, but when I go to ebp-58, I can't find the string as expected :

->[ebp-58] = 002D2C8C -> Raw Hex Dump ->

002D2C8C 68 61 72 64 62 6F 70 D2 00 AB AB AB AB AB AB AB hardbop-.ΩΩΩΩΩΩΩ

but :

Stack[0000097C]:0022FF20 var_48 db 0Ch ; DATA XREF: Stack[0000097C]:off_22FCD0o
Stack[0000097C]:0022FF20 ; Stack[0000097C]:var_D8o ...
Stack[0000097C]:0022FF21 db 26h ; &
Stack[0000097C]:0022FF22 db 3Eh ; >
Stack[0000097C]:0022FF23 db 0
Stack[0000097C]:0022FF24 db 94h ; ö
Stack[0000097C]:0022FF25 db 5Ch ; \
Stack[0000097C]:0022FF26 db 0C3h ; +
Stack[0000097C]:0022FF27 db 77h ; w
Stack[0000097C]:0022FF28 db 88h ; ê
Stack[0000097C]:0022FF29 db 20h
Stack[0000097C]:0022FF2A db 0C1h ; -
Stack[0000097C]:0022FF2B db 77h ; w

Someone can help me ?
r-Evolution
Author
02. Oct 2010		@s0nik42 well it looks like you are a newbbie on reversing so let me give you a hint....You have to keep tracing for hours if you want to learn something don follow solutions or ready scripts it is better for you to start with something easy (like this crackme) and do it yourself...You will propable learn something more ;)
P.S:Learn assembly if you don't already know

friendly,
SearcH_AnD_dEstroY
hardbop
04. Oct 2010		s0nik42,

ebp-58 in this case is not a quantity, but a reference.

Notice that I use the notation, [ebp-58]. In Microsoft/Intel assembly, the "[]" brackets mean de-reference. That is, give me the VALUE located at the address that is the result of the expression between the "[]" characters.

In our case, the value stored at ebp-58 is a location in the dynamic heap (which could change every time you execute the program). So take the whatever DWORD (4 bytes) you get from [ebp-58], then look at *that* memory location to find your string.

So according to the runtime dump you printed out in your message, the absolute location of ebp-58 is the stack area address 0x0022FF20.

So, jump 4 bytes (starting at 0022FF20) ahead of that address and this gives you the start of the DWORD you want, which is: 0022FF23. Then read *backwards* (little endian) from there until you get back to 0022FF20 and you get your full 4 byte address:

003E260C

In other words: DWORD PTR [ebp-58] = 003E260C

Now, take a look at THAT address and see if you don't find your string there.
Xzil0
08. Oct 2010		Hey guys i have 1 question.

I opened this crackme in olly, i found piece of code with "Invalid se" string.

The question is: Will it be patched if i change the condition? Its giving me: "Yeahp!Well done this is it now make a keygen!"

I will try to make the keygen. :D

00401627 . E9 24010000 JMP keygenme.00401750
0040162C > 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
0040162F . 890424 MOV DWORD PTR SS:[ESP],EAX
00401632 . C785 78FFFFFF >MOV DWORD PTR SS:[EBP-88],2
0040163C . E8 EFD80200 CALL keygenme.0042EF30
00401641 80BD 6FFFFFFF >CMP BYTE PTR SS:[EBP-91],0 ; Will this make it patched ---->>> CMP BYTE PTR SS:[EBP-91],1
00401648 . 74 7E JE SHORT keygenme.004016C8
0040164A . C74424 04 1C01 >MOV DWORD PTR SS:[ESP+4],keygenme.004401>; ASCII 0A,"Yeahp!Well"
00401652 . C70424 C033440 >MOV DWORD PTR SS:[ESP],keygenme.004433C0
00401659 . E8 5AAE0300 CALL keygenme.0043C4B8
0040165E . C74424 04 58B2 >MOV DWORD PTR SS:[ESP+4],keygenme.0043B2>
00401666 . 890424 MOV DWORD PTR SS:[ESP],EAX
00401669 . E8 728D0200 CALL keygenme.0042A3E0
0040166E . C70424 4B01440 >MOV DWORD PTR SS:[ESP],keygenme.0044014B ; |ASCII "PAUSE"
00401675 . E8 26F40000 CALL <JMP.&msvcrt.system> ; \system
0040167A . 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
0040167D . 890424 MOV DWORD PTR SS:[ESP],EAX
00401680 . C785 78FFFFFF >MOV DWORD PTR SS:[EBP-88],3
0040168A . E8 A1D80200 CALL keygenme.0042EF30
0040168F . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00401692 . 890424 MOV DWORD PTR SS:[ESP],EAX
00401695 . C785 78FFFFFF >MOV DWORD PTR SS:[EBP-88],4
0040169F . E8 8CD80200 CALL keygenme.0042EF30
004016A4 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004016A7 . 890424 MOV DWORD PTR SS:[ESP],EAX
004016AA . C785 78FFFFFF >MOV DWORD PTR SS:[EBP-88],-1
004016B4 . E8 77D80200 CALL keygenme.0042EF30
004016B9 . C785 70FFFFFF >MOV DWORD PTR SS:[EBP-90],0
004016C3 . E9 27010000 JMP keygenme.004017EF
004016C8 > C74424 04 5401 >MOV DWORD PTR SS:[ESP+4],keygenme.004401>; ASCII 0A,"Invalid se"
r-Evolution
Author
28. Oct 2010		@xzil0 i have to tell you that this command:
0040163C . E8 EFD80200 CALL keygenme.0042EF30
is really important....And no more hints :P
r-Evolution
Author
28. Oct 2010		@hardpob i told you your solution is great but your keygen has to be analysed in a debugger for someone to get his serial..You have entered return 0; without system("PAUSE");
next time pay attention to that ;)...Anyways i don't count on the keygen......but on how you explain what you do in order to write it!
krankenversicherungsvergleiche
15. Aug 2013		cracked pretty easily, but i don't know the first thing about creating keygens XD. Hopefully I can use this to help learn how to do this because it's supposed to be easy
tinmarino
08. May 2015		Cool, One has to go in the functions, but not all of course, it is interesting. Possible for beginners like me, but a good practice.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.