******************************************************************************************************************************** CrackMe #1 ******************************************************************************************************************************** Author: n0p3x Protection: Serial URL: http://www.phrozencrew.co.uk/crackme1.zip Tools: SoftICE V4.05 ---> Intro... Welcome to my next Tutorial !!! This is a very easy little beginners CrackMe but fun ;P ---> Let's Begin... Open the CrackMe and it'll ask you for a Serial fill in something i've used: Serial: 1234567890 Then get into SoftICE (CTRL+D) and type "bpx hmemcpy" followed by "enter" and then out of SoftICE (CTRL+D). Then press "Ok" and SoftICE should popup. Now type "BC *" to clear the breakpoint and press (F12) 9 times and you'll see this: -------------------------------------------------------------------------------------------------------------------------------- :00401105 8D4DF4 lea ecx, dword ptr [ebp-0C] <--- ECX now points to our "fake" Serial :00401108 51 push ecx <--- Save ECX * Reference To: cw3220._atol, Ord:0000h | :00401109 E8D4030000 Call 004014E2 <--- Hmmm... :0040110E 59 pop ecx <--- Pop ECX :0040110F 3DA93E0F00 cmp eax, 000F3EA9 <--- Compare EAX with 000F3EA9 (interesting ;) :00401114 7518 jne 0040112E <--- If not equal jump to bad Message Box, else continue :00401116 6800100000 push 00001000 * Possible StringData Ref from Data Obj ->"Congrats" | :0040111B 68F2204000 push 004020F2 * Possible StringData Ref from Data Obj ->"Well done, You cracked this -EASY- " ->"crackme" | :00401120 68C7204000 push 004020C7 :00401125 6A00 push 00000000 * Reference To: USER32.MessageBoxA, Ord:0000h | :00401127 E8E6030000 Call 00401512 :0040112C EB16 jmp 00401144 -------------------------------------------------------------------------------------------------------------------------------- Ok, no need for a big explanation, when you trace into the CALL 004014E2 your "Fake" Serial will be put in EAX in Decimal format. Then it comes back to this place and Compares it with 000F3EA9. So to get the valid Serial type "? 000F3EA9" to show the Decimal Format of this value. Which is "999081" that's the valid Serial :) You can NOP (90) the "jne 0040112E" if you want so that every Serial works, but that's up to you ;) Ok, that's all there is very -EASY- ;) ---> Greetings... Everyone from TrickSoft (www.TrickSoft.net) Everyone from Cracking4Newbies (www.Cracking4Newbies.com) Everyone from Keygenning4Newbies (Keygenning4Newbies.cjb.net) And You... Don't trust the Outside, trust the InSiDe !!! Cya... CoDe_InSiDe Email: code.inside@home.nl