************************************************************************************************* Flash's CrackMe #1 ************************************************************************************************* Author: Flash Protection: Password URL: http://www.blubb.at/sweety/cracking/crackmez/flcrackme1.zip Tools: W32Dasm 8.93 Hex-Editor ---> Let's begin... Ok, open the delphi-crackme#1.exe in W32Dasm and click on "Strn Ref" (String Data References). Then search for some suspicious text :) Searching... Searching... Hmmm... "Gute Arbeit !!!" this is the text we like :) So double click on it and your here: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044178E(C) | * Possible StringData Ref from Code Obj ->"Gute Arbeit !!!" | :0044179C B8E4174400 mov eax, 004417E4 :004417A1 E82AFCFFFF call 004413D0 Notice the (C)onditional Jump from address 0044178E let's see what's there. Trace a few lines up till that address and we'll get this: :00441780 8D0480 lea eax, dword ptr [eax+4*eax] :00441783 83C002 add eax, 00000002 :00441786 83E806 sub eax, 00000006 :00441789 3D51F55200 cmp eax, 0052F551 :0044178E 740C je 0044179C <--- THIS IS THE PLACE !!! * Possible StringData Ref from Code Obj ->"Neeee!!!" | :00441790 B8D0174400 mov eax, 004417D0 :00441795 E836FCFFFF call 004413D0 :0044179A EB0A jmp 004417A6 Look it compares EAX with 0052F551 if it's equal then it jumps to the Good Message (Gute Arbeit) If not equal then it continues and you'll get the Message Box with "Neeee!!!". So were going to patch the JE. What should we change it in...? maybe a JNE we could do that BUT... This is some nice thing i always see in tutorials :) You could change it into JNE but if we enter the CORRECT serial it gives us a Bad Message Box. And we don't want that happen now do we :) So were going to change it into EB (JUMP). Double click on the line JE 0044179C and look at the line down below you'll see this: @Offset 00040B8E <--- this is the only important part for us :) Scribble down that address on some paper or keep in mind and open the CrackMe in a Hex-Editor. Don't forget to close W32Dasm otherwise we can't save the file =) then go to that address (00040B8E) and change it into this: 740C ---> EB0C Ok, save the file (you can save it as backup if you want) and run the CrackMe, now you can enter anything you want (even the REAL Serial) and it gives you the Good Message Box :) Ok, Target Patched...!!! If you have questions mail me at: code.inside@home.nl ---> GREETINGS Everybody from TrickSoft, Everybody from FCC, Everybody from #Cracking4Newbies, And 2Sweeet <--- i found the CrackMe from his page "www.2sweeet.tsx.org" nice guy :) Don't trust the Outside, trust the InSiDe !!! Cya... CoDe_InSiDe