Bjanes Crackme v10
| |
| |
| |
Start the crackme.Press Ctrl+D to go to softice,type bpx GetDlgItemTextA,to set a breakpoint on it.
Now enter somethin' for the serial like 12345678,press check it button,and softice pops up.Press F11 once,then press t to trace the call.Now you should be here:
:004011D7 8BF4 mov esi, esp
:004011D9 33C0 xor eax, eax
:004011DB 33DB xor ebx, ebx
:004011DD 33C9 xor ecx, ecx
:004011DF 33D2 xor edx, edx
:004011E1 E88C000000 call 00401272 <---Checks for serial
:004011E6 67E373 jcxz 0040125C <---Jumps if you didn't enter any serial
:004011E9 85DB test ebx, ebx <----EBX=0 then
:004011EB 7443 je 00401230 <----better luck next time cracker
:004011ED 83F908 cmp ecx, 00000008 <---Check if serial length is 8,if not
:004011F0 753E jne 00401230 <---beter luck next time
Let's see what's inside that call at address :004011E1.Set breakpoint on it,by typing bpx 004011E1.Press Ctrl+D to get out of softice,press the check it button again,softice breaks,now press t to trace the call,now you should be here:
:00401272 BAEC304000 mov edx, 004030EC <---serial you entered
:00401277 803C1100 cmp byte ptr [ecx+edx], 00 <---Checks if there's no more chars of serial
:0040127B 7418 je 00401295 <---if so then jump No serial or Wrong serial
:0040127D 83F903 cmp ecx, 00000003 <---Check if has processed more than 3 chars of serial
:00401280 7F0C jg 0040128E <---If so then jump
:00401282 803C1130 cmp byte ptr [ecx+edx], 30 <---Compares the first three chars of serial to 30h(0 dec)
:00401286 7209 jb 00401291 <---If below 0 then jump Wrong serial
:00401288 803C1139 cmp byte ptr [ecx+edx], 39 <---Compares again with 9
:0040128C 7703 ja 00401291 <---If above 9 then you suck
:0040128E 41 inc ecx <---Next char
:0040128F EBE6 jmp 00401277 <---Loop
:00401291 41 inc ecx
:00401292 33DB xor ebx, ebx
:00401294 C3 ret
:00401295 BB01000000 mov ebx, 00000001 <---Good guy
:0040129A C3 ret
Keep pressing F10 until you get out of jump and you should be here:
:004011E6 67E373 jcxz 0040125C <---Jumps if you didn't enter any serial
:004011E9 85DB test ebx, ebx <----EBX=0 then
:004011EB 7443 je 00401230 <----better luck next time cracker
:004011ED 83F908 cmp ecx, 00000008 <---Check if serial length is 8,if not
:004011F0 753E jne 00401230 <---beter luck next time
:004011F2 BB9C304000 mov ebx, 0040309C <---Moves Bjanes(not him) to EBX
:004011F7 8B1B mov ebx, dword ptr [ebx] <---Moves value of EBX to EBX
:004011F9 B9EC304000 mov ecx, 004030EC <--- Moves your serial's first four chars to ECX
:004011FE 8B09 mov ecx, dword ptr [ecx] <---Moves value of ECX to ECX
:00401200 C1C108 rol ecx, 08
:00401203 C1CB08 ror ebx, 08
:00401206 0FAFD9 imul ebx, ecx
:00401209 C1E302 shl ebx, 02
After that shl ebx,02 above,type ? EBX,you'll see the value of it,at this case it is 252988960.Continue pressing F10...
:0040120C B9EC304000 mov ecx, 004030EC <---Moves your serial to ECX
:00401211 8B4904 mov ecx, dword ptr [ecx+04] <---Moves last four chars' value toECX
:00401214 BA9C304000 mov edx, 0040309C <---Moves Bjanes(string) to EDX
:00401219 8B12 mov edx, dword ptr [edx] <---Moves EDX value to EDX
Type after the line mov edx, dword ptr [edx] ,? EDX,and write down the value(it's 1851877954).
Now continue...
:0040121B 03CA add ecx, edx <---Adds edx value to ECX
:0040121D C1E902 shr ecx, 02 <--- ECX value / 4
:00401220 68EC304000 push 004030EC <---Pushes your serial to stack
:00401225 68A3304000 push 004030A3 <---Really think your serial....
:0040122A E86C000000 call 0040129B <---Checks if valid serial
Press t to trace the call.You should be now here:
:0040129B 33D9 xor ebx, ecx <---xores ecx with ebx
:0040129D 7591 jne 00401230 <---Jump if EBX <> ECX,if same
:0040129F EBA5 jmp 00401246 <----Jump GOOD guy
Hmmmmmmmmm.....Now remember the value you written down (252988960) it must be the same with the value of last four chars of the serial.Now let's do some mathematics:
x= this would be our last four chars(the correct ones,that we don't know yet)
Now (x value + EDX value) * 4=252988960(EBX)
So it's like this:
(x + 1851877954) * 4 = 252988960
x = -839922114
We remove that minus sign,and we have 839922114.
839922114 in hex is CDEFCE3E.
Now goto your favourite hexeditor and edit some text file,at the beggining of file replace some text with this hex value CDEFCE3E,but wait it must be in reverse order like this 3ECEEFCD,save it and exit.
Open the text file you just saved in Notepad,at the begining of text you should see:
>ÎïÍ,copy this to clipboard,goto crackme enter 1234 and press Ctrl+V to past the text.Clear all breakpoints in Ice.Press check it button and message appears sayin How did you do it...
That's all.If you want you can enter any first four digits you like,but they must be above 0 and below 9,then just proceed with this essay and calculate the last four.
Job done.
| |
Thanx to The Sandman,CrackZ and +ORC for their great tutorials.
And REMEBER if you want to use the software then buy it.
MiZ 1999
P.S Sorry for my bad English