home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
raptor_crackme.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
2KB
|
44 lines
[rAPTOR]'s Crackme 1
--------------------
Tools Used:
Softice
---
Protection:
A simple code protection
---
Ok, first of all, get the crackme ;), you can get it (and many others) from
http://crackmes.cjb.net
Load up the crackme, enter a junk serial and set a breakpoint on Hmemcpy
now press the Validate button to check the serial, when softice break, go on
until you come here:
:0042F6E9 B850174300 MOV EAX,00431750
:0042F6EE E8B143FDFF CALL 00403AA4
:0042F6F3 8B1550174300 MOV EDX,[00431750] ; EDX = offset of our entered serial
:0042F6F9 8A541AFF MOV DL,[EBX+EDX-01] ; DL = asc value of serial[i]
:0042F6FD 80F210 XOR DL,10 ; dl = dl xor 10h
:0042F700 885418FF MOV [EBX+EAX-01],DL
:0042F704 43 INC EBX
:0042F705 4E DEC ESI
:0042F706 75E1 JNZ 0042F7E9 ; is all char's xor'ed? no, then jump
that's all the important code, which simply means that each char of the serial we
entered is XOR'ed by 16(10h). but we need to know one more thing, what is it we should
XOR with?! well, step down until you come here
:0042F708 A150174300 MOV EAX,[00431750] ; eax = offset of our junk serial
:0042F70D 8B1548174300 MOV EDX,[00431748] ; edx = offset of our valid serial (XOR'ed)
so do a "d edx" and you'll see KbQ@D_BM and that's simply the thing we should xor with..
4B 62 51 40 44 5F 42 4D (KbQ@D_BM)
XOR
10 10 10 10 10 10 10 10
-----------------------------------
5B 72 41 50 54 4F 52 5D ([rAPTOR])
so the valid serial is [rAPTOR] not so hard eh?
---
/Klefz - http://klefz.cjb.net
