Patching The Cracking Answer Trial Crackme 4

Acid_Cool_178
presents he's

#16 Tutorial

For Hellforge

This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.

Athour Information

E-mail	acid_cool_178@hotmail.com
Age	17
Web Page	http://acidcool.cjb.net/
Date	Febuary 2K
Member in	Hellforge	Flying Horse Cracking Force
Groups Web Page	Hellforge Login	FHCF Login

Program Infromation

Name	The Cracking Answer Trial Crackme 4
	crackme.exe
Athour	BonT and dERz
Where to Downlaod	The Cracking Answer Homepage
Size	289KB
Tools used	Proc Dump W32Dasm Hiew		Downlaod At
			1. Player Tools
			2. Programmer Tools
What kind of a program	Crackme		Shareware

Skill	Easy	Not so easy	Hard	X-pert

Information about the Protection I

The first look are cool, it looks like some matrix crackme.

Before we start

NOP means No OPeration and are 90 in HEX

The Process

I have now, one rule in my cracking routine. Open the file i want to crack in an hex editor. I founded this in crackme.exe
UPX3 p –a @ @$Id: UPX 0.72 Copyright (C) 1996-1999 Laszlo Molnar & Markus Oberhumer $
$Id: NRV 0.61 Copyright (C) 1996-1999 Markus F.X.J. Oberhumer $
$License: NRV for UPX is distributed under special license $

This means thet the crackme are packed in UPX, wel lets unpack it. Open ProcDump and select Unpack-->UPX and choose crackme.exe
Follow the instructions and everything will be OK, save the file as crackme1.exe

Now, fire up crackme1.exe in W32Dasm
in String Data References can you see this string "Congratulations! Now try to make "
Dubbleclick on that string and you wil end here

:00401FC4 84C9 test cl, cl                                             <-- Test the real serial with the serial you entred
:00401FC6 7418 je 00401FE0                                     <-- if equal then move on to the good msgbox, else jump to the bad msgbox
:00401FC8 A160094400 mov eax, dword ptr [00440960]
:00401FCD 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"BonT'n'dERz' Crackme"
|
:00401FCF B96AC34300 mov ecx, 0043C36A

* Possible StringData Ref from Data Obj ->"Congratulations! Now try to make "
->"a Keygen and send it to <derz@gmx.de> "
->"or <bont@gmx.at> !"
|
:00401FD4 BA10C34300 mov edx, 0043C310                 <-- You will end here
:00401FD9 8B00 mov eax, dword ptr [eax]
:00401FDB E8F48C0300 call 0043ACD4

The location 00401FC6 has the offset 15C6 as i coud see in W32Dasm's statusbar ::)

Open crackme1.exe in Hiew and press enter twice and you will now be in "decode mode" If you're not in "decode mode" then press F¤ (Mode) and choose "Decode" and now you have to be in "decode mode" :)
Goto (F5) 15C6 <-- the offset to location 401FC6
Now you will stand here
:00401FC6 7418 je 00401FE0
change the code from 7418 to 9090 by Edit (F3) and press 9090
Update the file (F9) and exit Hiew (F10 or Esc)

Now, run crackme1.exe and enter a dummy serial and check it.
Congratulations man, you did it :)

Ending

Wel, i didn't use my german skills here. But this are the first Trial crackme that i have patched :)

Information about the Protection II

Now, this crackme are packed in UPX and got one Matrix serial.

Greetings

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ and all the other i have forgotten