Raziel's Raziel's KeygenMe v1.0
| Download Raziel__s_first_crackMe.zip, 5 kb (password: crackmes.de) Browse contents of Raziel__s_first_crackMe.zip Ok, it's my first crackme so do not expect too much.
Difficulty: 1 - Very easy, for newbies | Send a message to Raziel » View profile of Raziel » |
Solutions
Solution by MoUsE-WiZ, published 10. feb, 2009; download (8 kb), password: crackmes.de or browse.
MoUsE-WiZ has not rated this crackme yet.
Discussion and comments
| main 27. Oct 2008 | The algo is quite long. Of course, it´s not "hard", but there is some work you must do to produce keygen i think. So maybe level 2 because of that? |
|---|---|
| main 27. Oct 2008 | "long" = Total function is about 2.5 pages in olly (with default settings). |
| indomit 28. Oct 2008 | I don't like long algos :P |
| main 28. Oct 2008 | Nah, me neither, takes too long time :) This algo is quite straight-forward, but I don´t think I want to make keygen anyway. Of course, if you´re lazy (like me), you could just rip it, but i don´t think that goes under keygenning. :) |
| main 28. Oct 2008 | Thank you Raziel for this crackme, it made me develop some tools that could be useful in the future. :) |
| bendThis 18. Nov 2008 | Is the difficulty of this crack-me that is doesnt show anything ? I didnt find anything of an algorithm and the crackme doesnt start. At OllyDbg i can see it sets an ExceptionHandling Routine and i think this is what it does calling an exception and exiting immedetialey. Am i wrong ? Please explain. Thanks. |
| andrewl.us Moderator 18. Nov 2008 | I'm having the same problem as bendThis. The DialogBoxParamA() call fails, returning -1. GetLastError() says nothing is wrong. The DlgProc gets called but ends up receiving a WM_NCDESTROY before anything is displayed. |
| main 18. Nov 2008 | There is one call to IsDebuggerPresent, and the algo starts at 0040141e. |
| bendThis 19. Nov 2008 | Ok. When this is an crackme who checks if is a debugger present i would not categorize this as beginner or easy. But thanks for the hint i try to find my way through it. I am really new to OllyDbg. |
| bendThis 19. Nov 2008 | @4018BE IsDebuggerPresent returns 0, so it doesnt find any debugger like HELP says: "If the current process is not running in the context of a debugger, the return value is zero." And again. It doesnt start or shows anything when i start it right out of explorer. No debugger present at all. I dont use SoftICE. Can someone please write a tutorial that i understand or can compare. Thanks. |
| bendThis 19. Nov 2008 | @4018E0 it should show a Dialog, its calling DialogBoxParamA. But it doesnt at all. So why ? Very strange and i am still believing this file is corrupt. |
| bendThis 19. Nov 2008 | Both ways after @4018E0 are going to the Exit routine and end the program. |
| main 19. Nov 2008 | I don´t understand. Nop:ing the jump after the call to IsDebuggerPresent did it for me anyway. Try downloading the file again maybe? |
| bendThis 19. Nov 2008 | I skip this file. Maybe i am a real real real noob. But i reversed some programs already and found a solution. Not here the crackmes. Some time ago. Now iam new in again. And restart all over. But this file ...... :-( |
| JoKa 20. Nov 2008 | bendThis: Reason is used compiler, not corrupt crackme. Compiler must insert InitCommonControls call, when includes manifest resource, for correct work on all windows. To "heal" the file just remove manifest resource (type 24) with any resource editor for exes. |
| JoKa 20. Nov 2008 | Second way of "healing" is add something from comctl32.dll to import (I just added InitCommonControlsEx). I was wrong: call of InitCommonControls is not necessary. Importing comctl32.dll has great value. |
| JoKa 21. Nov 2008 | andrewl.us, bendThis: Simplest way of "healing" is changing two bytes (offset 21FC from begin of file) 1D 02 to 00 00. This is patching, but it is resource section patching, not code patching. main: What kind of tools did you develop for this crackme? I made keygen by copying text of generation procedure to asm file. It is interesting that resulting dialogbox with message depends on clicking within text edit window. For example: Case 1: Start crackme. Enter (by hands, not copy-paste) name and correct password. Then click in name editbox. Then click Test. Got "You failed". Close crackme. Case 2: Start crackme. Enter (by hands) name and correct password. Then click Test. Got "You succeeded". |
| main 22. Nov 2008 | JoKa: Oh, nothing special, just some WriteProcessMemory stuff. I put a link to that, but it got deleted by moderators (I guess because it was pathing?). I am not done with the final product yet though. |
| shellwolf 25. Jan 2009 | keygen: { sn= sub_4014fe (name,hdinfo) } |
| main 27. Jan 2009 | Hey guys, I have a question... =) I´ve used ReadProcessMemory for some time now and used it to extract information and so, but now I´m thinking, is it possible to dump a (entire) process to disk? |
| main 27. Jan 2009 | Do I have to be in another runlevel? |
| omeromeromer 18. Feb 2009 | hello bro!! em sorry to disturb u!!! sorry em new here!! i just patched it!! coz i dont know how to sniff serials!! pls help us |
| windowbase 21. Mar 2009 | I could sniff a serial...? To sniff means to fish a serial? right? Have a nice day.^^ Kind Regards. |
| boon 21. Mar 2009 | >>main Yes, it is possible to dump an entire process to disk ,without that we would have a hard time defeating packers. |
| Mr.Andersen 23. Mar 2009 | yes, crackme is easy. but long, tooo long. and booored. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.