This tutorial are coming from

Acid Cool 178

Tutorial Number 38

Target

Synsax Crackme 2

Downlaod it at HTTP://WELCOME.TO/S2oo1 or http://move.to/skunk  
Date: 16.04.2K

Toolz

W32Dasm and Soft Ice
Download it at http://protols.cjb.net

Essay

Start this crackme and you can see that it are in german, but you can also see that this crackme got one Name - Serial protection and we can crack that shit easy I did enter "Acid_Cool_178" as the name and "2951" as the serial. Press on the "Okay" button and it will come up an error message. Note that message and open the crackme in W32Dasm and under "String Data References" can you fins that string.

* Possible StringData Ref from Code Obj ->"Sie haben leider eine falsche "
                                        ->"Nummer angegeben ..."
                                  |
:004444FB B88C454400              mov eax, 0044458C
:00444500 E883F5FFFF              call 00443A88

Here are the bad code and if you are scrolling some lines up so can you see this code..

:004444E8 E857F6FBFF              call 00403B44			<-- Important Call
:004444ED 750C                    jne 004444FB			<-- Jump If Not Equal / The Jump routine
* Possible StringData Ref from Code Obj ->"Danke, da"
                                  |
:004444EF B854454400              mov eax, 00444554
:004444F4 E88FF5FFFF              call 00443A88
:004444F9 EB0A                    jmp 00444505

Here are the calculation comming up, the call hace the calculation and the jump are jumping to the bad code. You can JOP the jump and than it will take all serials but i want MY serial. Trace the call at 4444E8 and you will now see this code

:00403B44 53                      push ebx			<-- Pushes EBX into the stack
:00403B45 56                      push esi			<-- Pushes ESI intp the stack
:00403B46 57                      push edi			<-- Pushes ESI into the stack
:00403B47 89C6                    mov esi, eax			<-- Moves EAX into ESI ( EAX = The FAKE Serial )
:00403B49 89D7                    mov edi, edx			<-- Moves EDX into EDI ( EDX = The REAL Serial )
:00403B4B 39D0                    cmp eax, edx			<-- Compares the Fake Serial with the Real Serial
  1. Write in you Name and Serial
  2. Open Soft Ice ( CTRL+ D )
  3. Bpx HmemCpy
  4. Exit SoftIce ( CTRL + D )
  5. Press on the "Okay" Button
  6. BANG and you are back in SoftIce
  7. Press F10 7 Times
  8. Break All Breakpoints by pressing ( BC * )
  9. Set an breakpoint at 403B4B ( BPX 403B4B )
  10. Press X [ENTER] or CTRL + D
  11. You are now at the breakpoint
  12. Write inn D EDX [ENTER]
  13. Look in the code window and there are the REAL serial
  14. Write It Down
  15. Clear All Breakpoints ( BC * )
  16. Exit Soft Ice ( CTRL + D )

Ending

Well, another german crackme are gone.. It are still fun to crack crackmes..

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ , AC|D, Dark Wolf, Marton and all the other i have forgotten