x4uth's SerialMe5
| Download CrackMe05.zip, 142 kb (password: crackmes.de) Browse contents of CrackMe05.zip The goal is to get a valid serial, no patching
Difficulty: 3 - Getting harder | RatingVotes: 3 View profile of x4uth » |
Solutions
Solution by JoKa, published 14. oct, 2008; download (7 kb), password: crackmes.de or browse.
JoKa has rated this crackme as quite nice.
Discussion and comments
| Zaphod 30. Sep 2008 | Is anyone working on this one? I have two problems: 1. There is some antidebugging which I cannot pass. I would like to see a solution for this. 2. I can get to work on the serial algo by starting the crackme first and then attaching Olly - instead of running Olly first and then start the crackme. I think I have figured out how the algo works, but I also think that it is impossible to find a solution. I hope some expert will have a look at it :) |
|---|---|
| Zaphod 02. Oct 2008 | I was wrong - it can be solved. I got help from x4uth. It's a really nice crackme. It doesn't take special math knowledge or anything, it just requires you to think ( which I didn't :) |
| ShadowRayzz 04. Oct 2008 | Stuck with the protection so far :P it's interesting. |
| ShadowRayzz 04. Oct 2008 | Haha, can't pass the protection :D it's sweet! |
| Zaphod 05. Oct 2008 | ShadowRayzz, I still can't pass the protection, either, but run the crackme and attach Olly - then it works. |
| DigitalAcid 05. Oct 2008 | When I attach it to Olly, I get a DbgBreakpoint thing... I'm using a standard Olly version, so no anti-anti-debug stuff. It seems to go better without attaching, but i still don''t quite figure out the protection =). |
| HMX0101 05. Oct 2008 | The anti stuff is very easy to bypass... the trick is in the VirtualProtect api.. =) And btw, it have anti-bp too ;p |
| Zaphod 06. Oct 2008 | DigitalAcid: I have no problems attaching Olly, but that might be because I have the "AdvancedOlly" plugin... HMX0101: If it is so easy, then please write a tutorial :) |
| Ox87k 06. Oct 2008 | @Zaphod: i can run it inside my Olly without any problem :) Did you try phant0m plugin? |
| Zaphod 06. Oct 2008 | 0x87: You are right! I tried ticking off all options in phantom, and then it runs fine! Nevertheless, I would like to be able to pass the protection without phantom. I would probably learn something from that:) |
| ShadowRayzz 07. Oct 2008 | Would be amazing if anyone could submit a valid solution and detail how he did it :D |
| Ox87k 07. Oct 2008 | @Zaphod: Just a quick note, i notice that OllyDbg2 doesn't crash also without any plugin :) |
| Zaphod 07. Oct 2008 | Thanks, 0x87. In the meantime I have found out about the mystery (HMX0101 helped me). It has to do with the way Ollydbg1 handles VirtualProtect and PAGE_GUARD. |
| ShadowRayzz 08. Oct 2008 | Well, i passed the protection, seems like he added more then a single bad boy message and allot of conditional jumps, makes it a little hard :P |
| Laurance_1111 10. Oct 2008 | Any hints to pass the protection? Thanks |
| JoKa 13. Oct 2008 | Laurance 1111: call dword [ebp-18h] at 401199 goes to PAGE_GUARD memory. OllyDbg handles STATUS_PAGE_GUARDED exception as breakpoint. To pass protection generate some other exception at address dword [ebp-18h] (for example, division by zero). Or use some plugin to change OllyDbg behaviour. Thanks to Zaphod, HMX0101 for hint. |
| JoKa 16. Oct 2008 | Zaphod showed me good idea of 2d-representation of "moves". This transforms mine field to labyrinth. Such idea allows to find solution without exhaustive search. |
| Zaphod 16. Oct 2008 | Well, I have to admit I got the good idea from x4uth himself :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.