downloadbrowsewarrantyVoider's keyfile

Download crackme.zip, 14 kb (password: crackmes.de)
Browse contents of crackme.zip

Your task is to create a correct keyfile.

I hope you have a lot of fun.

Breaking the string obfuscation is not necessary, break it only if you are really bored ;-)

Difficulty: 3 - Getting harder
Platform: Windows 2000/XP only
Language: C/C++

Published: 30. Aug, 2005
Downloads: 858

Rating

Votes: 5
Crackme is boring.

Rate this crackme:

Send a message to warrantyVoider »

View profile of warrantyVoider »

Solutions

Solution by Requiem, published 29. oct, 2005; download (43 kb), password: crackmes.de or browse.

Requiem has rated this crackme as quite nice.

Submit your solution »

Discussion and comments

Ox87k
04. Sep 2005
use the CryptCreateHash and other Crypt's call in the advapi32.dll, right? It's so complicated for me because it's my first crypto crackme... :|
_HellDashX_
04. Sep 2005
This crackme uses MD5 hash. You can found it if use PEiD, is easy, :) But, one thing in the crackme is a little more difficult
warrantyVoider
Author
04. Sep 2005
Ox87k, the md5 part is easier than it seems, you might find this website useful: http://gdataonline.com/seekhash.php
Oorja-HalT
04. Sep 2005
Well i am surprised MD5 and all that. The key file i have contains just a simple string and the message keyfile accepted
Oorja-HalT
04. Sep 2005
Well i am surprised MD5 and all that. The key file i have contains just a simple string and it generates the message keyfile accepted
Ox87k
04. Sep 2005
hum... but peid with krypto plugin don't tell me MD5. ^^' i'm so confused! btw, i try to keygen it... thanks for this keyfileme :)
warrantyVoider
Author
04. Sep 2005
Oorja-HalT, does your simple keyfile still work when you are not using a debugger?
Oorja-HalT
05. Sep 2005
yes it does with debugger loaded/unloaded
BTW i tried in win98 .Does that effect
I have the keyfile details in your PM
warrantyVoider
Author
05. Sep 2005
LOL, Oorja-HalT, now this explains everything. The crackme is flagged "Windows 2000/XP only" for a reason. The santa claus thing is a joke. The logic is "if (debuggerpresent()) checkForSanta() else checkForRealKeyfile()". The debuggerCheck was made for w2k/xp and caused "undefined behaviour" or W98. It could have crashed/whatever, but in your case it caused a false positive, so you were stuck with santa. Sorry. Maybe next time I should check the OS version...
Oorja-HalT
05. Sep 2005
Yeah thats it then.
And i was a bit surprised because yoour earlier crackmes were quite difficult and compared to thta it cant be such a sweet walk over.

But wait I tried the crackme in WinXP and it works .Besides i dont have debugger in WinXP. So maybe your intention was as you mentioned but its not working as you have desired.
Besides why its giving the keyfile accepted message.
Ox87k
05. Sep 2005
@Oorja-HalT
why don't try olly?

Btw, this crackme make me crazy, but only because i hate crypto.. uff... :)
Oorja-HalT
06. Sep 2005
What i meant is 0X87
I am not using debugger in winXP
Therefore
if (debuggerpresent()) checkForSanta() else checkForRealKeyfile()"
should check for realkeyfile
And if the key file is Santa then it should generate wrong message but it is not
So debuggerpresent check is failing
warrantyVoider
Author
06. Sep 2005
Ok, Oorja-HalT, sorry, I have no clue whatsovever why it gives false positive on your machine. I just tested this on W2K and 2 different XP flavours and it works fine.
The debugger detection is between 4016D7 and (including) 4016EC, so anybody having problems with it please just overwrite that part with NOPs.

If anyone else has problems or is stuck just PM me.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.