home *** CD-ROM | disk | FTP | other *** search
/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / E_bliss / cm4a_sol.txt < prev    next >
Text File  |  2000-05-25  |  3KB  |  99 lines
  1. Tutorial: Crackme 4a (nOp3x)
  2. By: Sanhedrin
  3.  
  4.  
  5. Tools:  W32DASM
  6.  
  7. Disassemble the crackme and search for the words well done.  This get you here:
  8.  
  9. * Reference To: KERNEL32.GetDriveTypeA, Ord:0000h
  10.                                   |
  11. :00401087 E884040000              Call 00401510
  12. :0040108C 8BC8                    mov ecx, eax
  13. :0040108E BBAE3E0F00              mov ebx, 000F3EAE
  14. :00401093 90                      nop
  15. :00401094 40                      inc eax
  16. :00401095 42                      inc edx
  17. :00401096 47                      inc edi
  18. :00401097 90                      nop
  19. :00401098 48                      dec eax
  20. :00401099 4A                      dec edx
  21. :0040109A 4F                      dec edi
  22. :0040109B 90                      nop
  23. :0040109C 3BD9                    cmp ebx, ecx
  24. :0040109E 7525                    jne 004010C5<----jump to bad luck if not in CD drive
  25. :004010A0 6800100000              push 00001000
  26.  
  27. * Possible StringData Ref from Data Obj ->"Well Done"
  28.                                   |
  29. :004010A5 6898204000              push 00402098
  30.  
  31. * Possible StringData Ref from Data Obj ->"This program is being run from "
  32.                                         ->"a CD"
  33.                                   |
  34. :004010AA 6874204000              push 00402074
  35. :004010AF 6A00                    push 00000000
  36.  
  37. * Reference To: USER32.MessageBoxA, Ord:0000h
  38.                                   |
  39. :004010B1 E86C040000              Call 00401522
  40.  
  41. * Possible StringData Ref from Data Obj ->"Correct CD In Drive"
  42.                                   |
  43. :004010B6 68A2204000              push 004020A2
  44.  
  45. * Possible Reference to Dialog: DialogID_0001, CONTROL_ID:0065, ""
  46.                                   |
  47. :004010BB 6A65                    push 00000065
  48. :004010BD 56                      push esi
  49.  
  50. * Reference To: USER32.SetDlgItemTextA, Ord:0000h
  51.                                   |
  52. :004010BE E859040000              Call 0040151C
  53. :004010C3 EB23                    jmp 004010E8
  54.  
  55. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  56. |:0040109E(C)
  57. |
  58. :004010C5 6800100000              push 00001000
  59.  
  60. * Possible StringData Ref from Data Obj ->"Bad Luck"
  61.                                   |
  62. :004010CA 68F3204000              push 004020F3
  63.  
  64. * Possible StringData Ref from Data Obj ->"This program isn't being run from "
  65.                                         ->"a CD, Please insert the CD"
  66.                                   |
  67. :004010CF 68B6204000              push 004020B6
  68. :004010D4 6A00                    push 00000000
  69.  
  70. * Reference To: USER32.MessageBoxA, Ord:0000h
  71.                                   |
  72. :004010D6 E847040000              Call 00401522
  73.  
  74. * Possible StringData Ref from Data Obj ->"Invalid CD In Drive"
  75.                                   |
  76. :004010DB 68FC204000              push 004020FC
  77.  
  78.  
  79.  
  80.  
  81. --Solution--
  82.  
  83. In order to crack this one, change
  84.  
  85.  0040109E 7525                    jne 004010C5 to
  86.  0040109E 7425                      je  004010C5
  87.  
  88.  or 
  89.  0040109E 90                      nop
  90.  0040109F 90                      nop    
  91.  
  92.  and the file will be cracked.
  93.  
  94.  
  95. Thanks to all of those coders that make these crackmes, and of course to Eternal Bliss.
  96.  
  97.  
  98. Sanhedrin
  99. stachi@geocities.com