
warrantyVoider's do not call
Download donotcall.zip, 147 kb (password: crackmes.de) Browse contents of donotcall.zip This normal C++ program is married to a dongle driver that makes debugging difficult. No obfuscation, just genuine weirdness.
Difficulty: 4 - Needs special knowledge | Send a message to warrantyVoider » View profile of warrantyVoider » |
Solutions
Solution by deroko, published 02. oct, 2006; download (252 kb), password: crackmes.de or browse.
deroko has rated this crackme as quite nice.
Discussion and comments
crp- 29. Sep 2006 | hehe, this crackme might be incompatible with some rootkits/protections/"security software" |
---|---|
D4ph1 29. Sep 2006 | i think this program something did to my memory. after i run it and try to open it with olly i cant open any program with olly because of "dont know how to step because memory at address xxxxxxxx is not readable etc" error. Plz help! |
evo_it 29. Sep 2006 | try rebooting :P |
crp- 29. Sep 2006 | olly wont be of much use anyways... |
warrantyVoider Author 29. Sep 2006 | Sorry, D4ph1. I should have made the driver better behaved. Yes, after a reboot your system will be fine again. (This is why I recommended VMWARE.) |
deroko 29. Sep 2006 | nice crackme, a little VM here also :) |
D4ph1 30. Sep 2006 | Thank you guys for remind me rebooting :p btw nice crackme! if someone writes a solution please make it a good one for newbies like me :) |
deroko 01. Oct 2006 | is emulation dll an option? there is way too much stolen opcodes, I have fixed the ones that are executed, but others are emulated trough .dll. |
warrantyVoider Author 02. Oct 2006 | Hey, deroko, I'm happy you are working on my crackme. DLL injection is great! It sound like you set up your own SEH-handler or hook that emulates the opcodes and writes a log. And you wrote a program that fixes all the addresses mentioned in the log? Cool. I guess the fixed program will run faster now. On my computer the protected one runs almost 2000 times slower... I did the stealing with a IDC script that writes all worthy addresses to a log and a java prog that uses the log to patch the program. Maybe the other solution would have been a IDC script that lets IDA figure out which 0xCC is a stolen opcode and which isn't. Nah, I like the DLL better. |
deroko 02. Oct 2006 | Well I wrote my simple disassm engine to mark and disassembly known procedures. It screwed a few opcodes and I had to fix those manualy, others that are not fixed are being emulated trough .dll :) |
warrantyVoider Author 02. Oct 2006 | Just downloaded your solution. I see your nonintrusive debugger in action again. Nicely done! |
deroko 02. Oct 2006 | hehe :) you always make nice crackmes for brainbusting ;) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.