xtFusion's K1
| Download k1.zip, 6 kb (password: crackmes.de) Browse contents of k1.zip Ok this is my first crackme it is a very easy one so
Difficulty: 1 - Very easy, for newbies | Send a message to xtFusion » View profile of xtFusion » |
Solutions
Solution by redoC, published 22. jun, 2010; download (25 kb), password: crackmes.de or browse.
redoC has rated this crackme as boring.
Discussion and comments
| red477 09. Oct 2006 | Nice crackme!!! But a small bug coz of lazy code:when the name or serial is too short, good message will come after the error message;) Good idea, anyhow. |
|---|---|
| SaXoN 09. Oct 2006 | Ill check it out when i get home =) Thanks! |
| xtFusion Author 09. Oct 2006 | red477 sorry for that bug! i was so sleepy when i did this for fun i hope you could work around it! |
| Zaphod 15. Oct 2006 | How do I make this program stay on the screen? I type a name, hit ENTER, type a serial, hit ENTER - and it disappears. When the name or serial I enter has no letters, I don't get to see the error message or the good message. The window disappears. I can see in Olly that the program behaves like red477 says, but shouldn't there have been a "getch()" or something in the end of the code? |
| DeepBlue 15. Oct 2006 | Just open the Crackme from the windows-prompt. |
| Zaphod 16. Oct 2006 | Yes, of course! That was stupid! Thanks! |
| jB_ 16. Oct 2006 | A variable has not been initialized in the code. Check offset 40132F. Bug? |
| Zaphod 18. Oct 2006 | It seems to me that jB is right. At that point there are 3 dword's which affect the serial calculation, ebp-14, ebp-18 and ebp-1c. The two last are always the same, but ebp-14 change all the time. I have traced it to the value of edi when the program starts, and this value is often 0, sometimes 1, sometimes 2, and sometimes something completely different. So it doesn't seem possible to find a serial that will work all the time. Please prove me wrong, xtFusion...:) |
| Sotanat 14. Nov 2006 | This should be the correct combination: Tanatos / 9153f4eb but the "Corect , no" msg isn't shown...so guess thats a bug xtFusion... |
| Zaphod 14. Nov 2006 | I don't think there IS a correct combination. I found several combinations that work sometimes, like Zaphod / b21dbb7d or Zaphod / b21dbbb8 or others... But they only work sometimes in Olly, never outside Olly. Unfortunately xtFusion doesn't seem interested in participating in this debate... |
| refraction 31. Mar 2007 | that was a toughy, but i got there in the end, enjoy the first solution :) |
| refraction 31. Mar 2007 | oh and Zaphod, to prove it works (hopefully) try Zaphod / b18d1b1f |
| starzboy 31. Mar 2007 | @jB_ yes mate ebp-14 is shure chnaging allways ... and in olly u see the good message but not outside olly... seems he forgot to put a lil pause after the "correct". |
| refraction 31. Mar 2007 | whoops, do i feel an idiot, umm, when my solution is up, ignore the fact i said ESP instead of EBP, i know what i meant :D |
| Zaphod 01. Apr 2007 | refraction, I tried "Zaphod/b18d1b1f", but that doesn't work either, it is the same as the other combinations... |
| refraction 02. Apr 2007 | you are right, its machine independant, i made it under xp64, works perfect, go into xp32, doesnt work :/ what makes it more annoying, i got the value from xp32 which works and tried it on an other xp32 machine, it doesnt work very grrish |
| born2c0de 20. Aug 2007 | Nope refraction, the serial is not machine dependent. jB and Zaphod are right. The value in the uninitialized variable ends up changing the serial number. Hence, it is not possible to write a Keygen for this one unless we use ReadProcessMemory() and some really smart code to find and read the value of the uninitialized variable. |
| Andrey_Kolokol 02. Nov 2007 | I've wrote a loader/keygen for this crackme ). Some trick with uninitialized variables found. Good for newbies. Thanks!.) |
| SIDEBOTTOM 17. Dec 2007 | So what is the result of the EBP-14 problem? Has anyone figured out the answer? Was EBP-14 designed to have different values depending on some variable or was it an accidentally uninitialized variable due to "lazy coding?" |
| tema 19. Jun 2010 | Guys, this crackme rejectes all keys at my PC. I tried user name a one symbol 'a' and serial for this one-word name is 573edbcb just look: 004013F1: CMP DWORD PTR SS:[EBP-10], 1 boolean variable at this address SS:[EBP-10] determines if our serial is wrong ( or right if the variable is not uqual to one). Let's see where this variable is changed. 004013E3: MOV DWORD PTR SS:[EBP-10], 1 But this instruction is never executed! Then let's set a write breakpoint on this memory region and find where does it set to 1. Our debugger breaks on instruction: 004011DF: mov dword ptr [esp], eax ;eax == 1 This is something like startup application code. And there are no breaks after this instruction. So this VARIABLE WASN'T INITIALIZED TO ZERO before comparing two serials. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.