This tutorial are coming from
Acid Cool 178
Tutorial Number 44
Target
MaSStEr Crackme 1.01 Protection________________Name - Serial Downlaod it at ___________crackmes.cjb.net Date_____________________27 March 2000
Toolz Win32Dasm with SDR Enabled Hex Editor ( I Use Ultra Edit Ver. 7.00B) Smart Check (If you want) Dasm and Soft Ice Get the tools here http://protools.cjb.net / http://www.ultraedit.com Essay
Well, fisrt open the crackme in your hexeditor and scroll down, now can you see MSVBVM60.DLL and that file are the libary for Visual Basic, the conclutoin are. This crackme are made in Visual Basic 6..
Run the crackme and enter you name and serial, press on the TrY button and
you will get the message "HA!! SorrY old crap wrong!!" well, remember that.
Now, open the crackme in your W32Dasm and hope that it are not complied in P-Code, and it
ain't and in "String Data References" so can you find this string..
HA!! SorrY old crap wrong!!", goto that code and now you can see this code.
* Possible StringData Ref from Code Obj ->"HA!! SorrY old chap wrong!!"
|
:0040831F C7459C087A4000 mov [ebp-64], 00407A08
:00408326 C7459408000000 mov [ebp-6C], 00000008
:0040832D FFD7 call edi
:0040832F 8D55A4 lea edx, dword ptr [ebp-5C]
:00408332 8D45B4 lea eax, dword ptr [ebp-4C]
:00408335 52 push edx
:00408336 8D4DC4 lea ecx, dword ptr [ebp-3C]
:00408339 50 push eax
:0040833A 51 push ecx
:0040833B 8D55D4 lea edx, dword ptr [ebp-2C]
:0040833E 53 push ebx
:0040833F 52 push edx
* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
|
:00408340 FF152C104000 Call dword ptr [0040102C]
:00408346 8D45A4 lea eax, dword ptr [ebp-5C]
:00408349 8D4DB4 lea ecx, dword ptr [ebp-4C]
:0040834C 50 push eax
:0040834D 8D55C4 lea edx, dword ptr [ebp-3C]
:00408350 51 push ecx
:00408351 8D45D4 lea eax, dword ptr [ebp-2C]
:00408354 52 push edx
:00408355 50 push eax
:00408356 6A04 push 00000004
Here are the MessageBox created and if you want to remove that just nop out the call at 408340 and it are gone.
If you are scrolling up so can you see this
* Possible StringData Ref from Code Obj ->"1234567891" <-- 1234567891 ?? that
|
:0040828C 68DC794000 push 004079DC
* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h <-- hmm, this are intressing.
|
:00408291 FF154C104000 Call dword ptr [0040104C]
:00408297 8BF8 mov edi, eax
Well, this are strange. I can see any "good work" or something like that but i can see "1234567891" and after that one "__vbaStrCmp" wich means "Visual Basic String Compare" and what are it comparing ? my serial ? I had to try, change the serial with "1234567891" and ok. Crackme exit's, and it are now cracked..
Now, it's your turn. Crack it in Smart Check and write a tut in that. I
have taken W32Dasm. Soft Ice / Hex / Smart Check remains left. Good Luck
Acid
Ending
This are one realy nice crackme for newbies, in everything. I haven't tried to crack in
a HEX editor and Soft Ice. I will rak this to a skill 1..
LaZaRuS, Wajid, Borna Janes, ManKind,
Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ , AC|D, Dark Wolf, Marton and all the other i
have forgotten