ReWrit's ReWrit's Crackme #6
| Download ReWrit__s_Crackme#6.zip, 98 kb (password: crackmes.de) Browse contents of ReWrit__s_Crackme#6.zip ReWrit's Crackme#6
Difficulty: 2 - Needs a little brain (or luck) | Send a message to ReWrit » View profile of ReWrit » |
Solutions
Solution by JoKa, published 11. nov, 2008; download (4 kb), password: crackmes.de or browse.
JoKa has rated this crackme as nothing special.
Solution by Acorpxx, published 11. nov, 2008; download (103 kb), password: crackmes.de or browse.
Acorpxx has not rated this crackme yet.
Discussion and comments
| ReWrit Author 20. Oct 2008 | 132 download and no comments? anyone working on a keygen yet? :) |
|---|---|
| main 20. Oct 2008 | As soon as I get some time over, I´ll post a solution. I´ve found the routines anyway. This one is a bit harder than your previous cm´s if you think in terms of making a keygen. Nice cm anyway (and thx for the greets)! :) |
| nkcss 20. Oct 2008 | I've found the routine where you generate the password. 00401C18 . 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-23C] ; ||Password? Prefix: 00401C22 . 8D85 98FCFFFF LEA EAX,DWORD PTR SS:[EBP-368] ; ||ReWrit- Post: 00401C30 . 8D85 98FBFFFF LEA EAX,DWORD PTR SS:[EBP-468] ; |-Swe Just trying to find out now how to create a keygen (just started ASM yesterday), don't fully understand the code yet. In my case, the l/p was: nick / ReWrit-10990496671870608401-Swe |
| nkcss 20. Oct 2008 | Maybe someone can give me some pointers. I've been trying to get the application to somehow dump the valid key, no matter what the input was. My first idea was to trigger a MsgBox, but User32.dll wasn't loaded in the application. Since I've never written to the console, I tried to replicate the functions in the ASM like so: 00401B70 E9 A3120000 JMP ReWrit's.00402E18 ; Find a way to patch code and show a messagebox 00401B75 90 NOP ... 004045E3 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; Push Generated Valid Serial Into Buffer 004045E7 E9 28E8FFFF JMP ReWrit's.00402E14 ; Jump to Second part ... 00402E14 C70424 C0834400 MOV DWORD PTR SS:[ESP],ReWrit's.004483C0 ; 2nd part to write to console 00402E1B E9 551D0000 JMP ReWrit's.00404B75 ; Jump to 3rd part ... 00404B75 E8 AEB90300 CALL ReWrit's.00440528 ; Call ReWrit's Console Write 00404B7A E9 A3010000 JMP ReWrit's.00404D22 ; Jump to 4th part ... 00404D22 8985 C4FDFFFF MOV DWORD PTR SS:[EBP-23C],EAX ; Original Code! 00404D28 ^E9 49CEFFFF JMP ReWrit's.00401B76 ; Jump Back These are the patches I made in the code (wasn't able to find a large enough memory space, so had to use 4 NOP fields that were unreferenced). The code crashes on the 2nd part, where it references 004483C0. If I NOP that part, it works, but nothing gets written out. Can someone give some info as to what I am doing wrong and how I would go about this? Thanks in advance. |
| main 20. Oct 2008 | You can free up a lot of bytes by nop-ing the SetConsoleTextAttribute API. The only thing you will "loose" is the text color. I have a keygen to this, but if you want to patch it so it prints the password you can look at my patch: http://rapidshare.com/files/155948113/ReWrit_s_Crackme_6.Patching.Solution.by.main.zip.html |
| nkcss 21. Oct 2008 | Thanks a lot main, it looks so clean the way you do it :) I've found the parts you edited, and I must say: nicely done. You've used his own functions for everything (might be shorter to just add the pre and post text hardcoded, but my ASM isn't up to par to be able to tell if that is the case or how to go about it). I'll continue along with Iczellion's ASM tutorials and come back later to understand it better. Btw, and other tutorials regarding MASM that I should read up on that would help me patching/rebuilding code? |
| main 21. Oct 2008 | nkcss: Thanks! :) I think Iczellion's tutorials are the best, but if you want to you could buy "Introduction to Assembly Language Programming" ISBN: 0-387-20636-1, it´s really good and detailed. You also have "REVERSING - Secrets of reverse engineering" ISBN: 978-0-7645-7481-8. Keep on coding! |
| nkcss 21. Oct 2008 | Thanks for the tips! I'll be sure to check them out. I also started reding the art of assembly: http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html |
| nkcss 21. Oct 2008 | I've been able to 'aquire' both books. I must say that I'm exited :) The only downside that I can think of is that the 2nd revision of "Introduction to Assembly Language Programming" is focued on NASM and Linux, gcc and gdb, when I run Windows, MASM32, OllyDbg, IDA Pro and Microsoft Visual Studio :). The other thing is that I am missing out on some basic Win32 api info that .NET has always taken care off for me (messed around with basic gui controll api's and windows messages, but none of the real basics) that I don't even know how to write to a console application from scratch (to bad int 21h no longers, 16-bit knowledge in a 32-bit world :P). On the other hand, I've been meening to mess around with Backtrack 3 and ubuntu since I've had a lot of fun in the past playing with Red Hat 5.3. |
| main 23. Oct 2008 | Ok. Keygen + optimized source here: http://rapidshare.com/files/156795822/ReWrit.CrackMe06.Keygen.by.main.zip.html I have no time to write solution now, maybe later. But here is source and keygen. "optimized source" = replaced 2 functions with 1. |
| ReWrit Author 28. Oct 2008 | ok, 593 downloads now, atleast one if you should be able to create a keygen and write a solution... |
| main 28. Oct 2008 | ReWrit: You have keygen + source above. I just don´t have time to make solution at the moment. Maybe later. :) |
| ReWrit Author 28. Oct 2008 | yes i know but i want the solution uploaded at crackmes.de |
| blackfire 31. Oct 2008 | Unfortunately i solved it by luck :( but am just want to get my magic spot to know the routine . can u help geeks |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.