Written by

Bjanes 

 

Date: 10th April 1999

Program name: PhoX's CrackMe v3.0

Program type: Win32 CrackMe 

Program location: Here

Program filename: phox_cm3.zip 

Program size: 1,6 Kb 

 

Tools required: 

Softice 3.2 - Debugger

 

Difficult level: 

Easy ( X )  Medium (   )  Hard (    )  Pro (    ) 

Few words about crackme from the author...  

"PhoX's serial CrackMe3.... 

___Rules___ 
No patching...(do I really have to write this?) 

___Other___ 
This CrackMe is maybee harder then the other serial-CrackMe...(i hope =)). 
When u cracked it send the serial to: 
phox@trust-me.com 

Greetz to PC,ORiON,REVOLT,UCF2000,MexElite,FireWorx, all the ones that 
crack this crackme.... and special greetz fly out to _masta_ and _hak_ for 
great tuts on win-asm and to iczelion for a great page.... 

PhoX" 

Type of protection: Serial only When I saw that here is also third crackme from PhoX, I hope this one is a bit harder. But even the previous one checks only lenght, you'll spend more time one the previous one. This crackme first checks the lenght, and then compares char by char of the serial. If everything is same then  displays messagebox with good mesage! Bad message: "Wrong Code!" Good message: "Right Code!"  

Load the crackme, and enter any random serial into the 
textbox. Now, pop up the Sice with "CTRL-D",  and put the 
breakpoint at GetWindowTextA("bpx GetWindowTextA").
Close the Sice("CTRL-D" again) and press "OK" button.

When the Sice breaks, press "F11" to return to the programs
code. You'll see this piece of code....

015F:0040118B  837D1020            CMP     DWORD PTR [EBP+10],20
015F:0040118F  0F859E000000        JNZ     00401233
015F:00401195  56                  PUSH    ESI
015F:00401196  6898204000          PUSH    00402098
015F:0040119B  FF354C204000        PUSH    DWORD PTR [0040204C]
015F:004011A1  E8C7000000          CALL    USER32!GetWindowTextA <-- Get the serial
015F:004011A6  BB98204000          MOV     EBX,00402098 ;EBX = Location of the serial
015F:004011AB  FF354C204000        PUSH    DWORD PTR [0040204C]
015F:004011B1  E8C3000000          CALL    USER32!GetWindowTextLengthA<-- Get the lenght of the serial
015F:004011B6  8BF0                MOV     ESI,EAX ;ESI = Lenght of the serial
015F:004011B8  83FE12              CMP     ESI,12  ;Is the lenght 18(12h)??
015F:004011BB  755F                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011BD  803B46              CMP     BYTE PTR [EBX],46 ;Is 1th char of serial "F"(46h)???
015F:004011C0  755A                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011C2  807B0169            CMP     BYTE PTR [EBX+01],69 ;Is 2nd char of serial "i"(69h)???
015F:004011C6  7554                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011C8  807B0372            CMP     BYTE PTR [EBX+03],72 ;Is 4th char of serial "r"(72h)???
015F:004011CC  754E                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011CE  807B0465            CMP     BYTE PTR [EBX+04],65 ;Is 5th char of serial "e"(65h)???
015F:004011D2  7548                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011D4  807B0657            CMP     BYTE PTR [EBX+06],57 ;Is 7th char of serial "W"(57h)???
015F:004011D8  7542                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011DA  807B076F            CMP     BYTE PTR [EBX+07],6F ;Is 8th char of serial "o"(6Fh)???
015F:004011DE  753C                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011E0  807B0872            CMP     BYTE PTR [EBX+08],72 ;Is 9th char of serial "r"(72h)???
015F:004011E4  7536                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011E6  807B0A78            CMP     BYTE PTR [EBX+0A],78 ;Is 11th char of serial "x"(78h)???
015F:004011EA  7530                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011EC  807B0C53            CMP     BYTE PTR [EBX+0C],53 ;Is 13th char of serial "S"(53h)???
015F:004011F0  752A                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011F2  807B0D75            CMP     BYTE PTR [EBX+0D],75 ;Is 14th char of serial "u"(75h)???
015F:004011F6  7524                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011F8  807B1078            CMP     BYTE PTR [EBX+10],78 ;Is 17th char of serial "x"(78h)???
015F:004011FC  751E                JNZ     0040121C(1)   ;If not, then jump to bad section of code
015F:004011FE  6A30                PUSH    30  <-- If you pass all conditions(if your serial is 
                                                   correct), you'll be here
015F:00401200  687F204000          PUSH    0040207F
015F:00401205  688B204000          PUSH    0040208B
015F:0040120A  FF3548204000        PUSH    DWORD PTR [00402048]
015F:00401210  E870000000          CALL    USER32!MessageBoxA  <-- Good guy message
015F:00401215  5E                  POP     ESI
015F:00401216  5F                  POP     EDI
015F:00401217  5B                  POP     EBX
015F:00401218  C9                  LEAVE
015F:00401219  C21000              RET     0010
015F:0040121C  6A30                PUSH    30(1)      <--Bad section of code
015F:0040121E  68C0204000          PUSH    004020C0
015F:00401223  68D1204000          PUSH    004020D1
015F:00401228  FF3548204000        PUSH    DWORD PTR [00402048]
015F:0040122E  E852000000          CALL    USER32!MessageBoxA  <-- Bad guy message
015F:00401233  33C0                XOR     EAX,EAX
015F:00401235  5E                  POP     ESI
015F:00401236  5F                  POP     EDI
015F:00401237  5B                  POP     EBX
015F:00401238  C9                  LEAVE
015F:00401239  C21000              RET     0010

From this section of code you can see that serial must be 18 chars long.
You can also see some letters of serial, other chars you must add 
by yourself. So serial must look like this...
1st char = "F"
2nd char = "i"
3rd char = Any random
4th char = "r"
5th char = "e"
6th char = Any random
7th char = "W"
8th char = "o"
9th char = "r"
10th char = Any random
11th char = "x"
12th char = Any random
13th char = "S"
14th char = "u"
15th char = Any random
16th char = Any random
17th char = "x"
18th char =Any random

At the end, here is serial that I use to register the crackme: "FiRreEWorFxLSuEXxZ"

Hope you haven't any problems with this crackme, but....
If you still have some problems or questions you can mail us: ReFleXZ@fcmail.com

The Sandman for his great site(the best site for newbies) full of knowledge and for 
his cracking forum(also the best on the net)! 
Eternal Bliss, my GREAT 'virtual'  friend, for all what he done for me! 
MiZ, also the GREAT friend of mine. For all the time that I spent with you :) 
Iczelion, for his great Win32Asm tutorials, and all knowladge that he gave me! 
DnNuke, for link of GREAT mp3 site that he gave me :)) 

Torn@do, Carpathia, Zobel, MisterE, VisionZ, DecoderZ, Rhytm, noos, Ordoc... 
...and all there at #cracking4newbies and #Win32Asm(and #ReFleXZ99 too :) 

If I miss someone plz forgive me, and if you think that you must be on this list tell me!