ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
º					Logik CrackMe #1					º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ

This Tutorial is best viewed in Terminal font :)


AArrgghh, why am i writing about a VB CrackMe? ;)
Ok, sorry for the folks that like VB but i don't like it ;P
So why am i writing about this CrackMe then?
Because it's a very simple CrackMe :P
I'm not going to use SmartCheck or something because uhm... i don't have that anymore hehe ;)
So i'm going to use SoftICE for this one.

But as you probably know VB is pretty overbloated to Debug hehe ;)
We can ofcourse also try to break on some interesting Breakpoints :)
So i suggest to load the CrackMe in W32Dasm and press on "functions/imports" (Or use the little
button "Imp Fn" ;).
Now you'll see a list of the Imported VB API's.
hmmm.... hmmm.... do you notice a usefull API/Breakpoint? :)
Well i do:

MSVBVM60.__vbaStrCmp	(String Compare)

Let's try that one ;)

*Make sure that MSVBVM60.DLL is loaded with SoftICE, check your Winice.dat file. Don't ask me
*how to put it there get somekind of manual, they're all over the net ;)

Run the CrackMe and fill in some Name and Serial.
Now get into SoftICE (CTRL+D) and type this for the Breakpoint:

bpx MSVBVM60!__vbaStrCmp

Press enter and get out of SoftICE (CTRL+D).
Press the button "Check" and SoftICE should break.
You'll see in the Code Window 2 push instructions exactly where you are standing now ;)
Look in the top-right corner you'll see there something like this:

(Segment) : (Offset) = (Value at that Offset)

Look at "(Value at that Offset)", you'll see there another Offset.
Now when you type that other Offset (d Offset) you'll see the Name you filled in, in Unicode ;)
Press (F10) now one time and do the same again, this time you'll see in Unicode this Name:

Robert Doof

Hmm... write that Name down ;)
Press (F5) "You didn't type BC * or something right? else put a Breakpoint again on __vbaStrCmp"
and SoftICE should break again but this time with different Offsets in the pushes ;)
Do the same with the first push instructions like i said above and you'll find your fake typed
Serial.
Press (F10) one time and do the same again, and now you'll find this Serial:

28AKK29S

Write it down :P
You can type "BC *" now to disable the Breakpoint and press (F5) to get out of SoftICE.
We don't get any Message Box like "Bad Cracker, you suck !!!" erhm... something like that ;)
So enter this information:

Name:	Robert Doof
Serial:	28AKK29S

And press "Check", we get a Message Box saying:


crackme1
You cracked me! ;(


Well i think that says enough ;)
After this i searched a little bit (And i mean a little bit ;) further around in the CrackMe if
there wasn't any other Algo or something, i couldn't find anything so i guess that we made it :)
Btw if you only enter the correct Name and then press "Check" you get this Message Box:


crackme1
Awwww, i'm sorry perhaps you should try again!

Hehe :)


					- The End -

I hope that this Tutorial wasn't too dull ;)
Maybe you learned something maybe not, you decide :P


					- GreEetS -

Logik ofcourse for his CrackMe, and everyone else i know and everyone who knows me ;)


			 Don't trust the Outside, Trust the InSiDe !!!

					   Cya...

					 CoDe_InSiDe

Email: code.inside@home.nl