downloadbrowsewarrantyVoider's do not call

Download donotcall.zip, 147 kb (password: crackmes.de)
Browse contents of donotcall.zip

This normal C++ program is married to a dongle driver that makes debugging difficult. No obfuscation, just genuine weirdness.

To solve the crackme:

=> free it from the dongle driver
OR
=> write a keygen

Compatibility: SINGLE PROCESSOR ONLY! No hyperthreading etc.

If you solve one or both of the problems, please submit a solution. Please do NOT post "i h4ve teh unpacked at hxxp://popups.com/broken/link.exe".

Have Fun!
WV

Difficulty: 4 - Needs special knowledge
Platform: Windows
Language: C/C++

Published: 29. Sep, 2006
Downloads: 647

Rating

Votes: 5
Crackme is quite nice.

Rate this crackme:

Send a message to warrantyVoider »

View profile of warrantyVoider »

Solutions

Solution by deroko, published 02. oct, 2006; download (252 kb), password: crackmes.de or browse.

deroko has rated this crackme as quite nice.

Submit your solution »

Discussion and comments

crp-
29. Sep 2006
hehe, this crackme might be incompatible with some rootkits/protections/"security software"
D4ph1
29. Sep 2006
i think this program something did to my memory. after i run it and try to open it with olly i cant open any program with olly because of "dont know how to step because memory at address xxxxxxxx is not readable etc" error.
Plz help!
evo_it
29. Sep 2006
try rebooting :P
crp-
29. Sep 2006
olly wont be of much use anyways...
warrantyVoider
Author
29. Sep 2006
Sorry, D4ph1. I should have made the driver better behaved.

Yes, after a reboot your system will be fine again. (This is why I recommended VMWARE.)
deroko
29. Sep 2006
nice crackme, a little VM here also :)
D4ph1
30. Sep 2006
Thank you guys for remind me rebooting :p
btw nice crackme!
if someone writes a solution please make it a good one for newbies like me :)
deroko
01. Oct 2006
is emulation dll an option? there is way too much stolen opcodes, I have fixed the ones that are executed, but others are emulated trough .dll.
warrantyVoider
Author
02. Oct 2006
Hey, deroko, I'm happy you are working on my crackme.

DLL injection is great! It sound like you set up your own SEH-handler or hook that emulates the opcodes and writes a log. And you wrote a program that fixes all the addresses mentioned in the log?

Cool. I guess the fixed program will run faster now. On my computer the protected one runs almost 2000 times slower...

I did the stealing with a IDC script that writes all worthy addresses to a log and a java prog that uses the log to patch the program. Maybe the other solution would have been a IDC script that lets IDA figure out which 0xCC is a stolen opcode and which isn't. Nah, I like the DLL better.
deroko
02. Oct 2006
Well I wrote my simple disassm engine to mark and disassembly known procedures. It screwed a few opcodes and I had to fix those manualy, others that are not fixed are being emulated trough .dll :)
warrantyVoider
Author
02. Oct 2006
Just downloaded your solution. I see your nonintrusive debugger in action again. Nicely done!
deroko
02. Oct 2006
hehe :) you always make nice crackmes for brainbusting ;)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.