Code: |
"%X" "Thanks for registering!" "Invalid Serial" |
Code: |
* Reference To: USER32.SendMessageA, Ord:01C0h | :004010DC E8DE000000 Call 004011BF :004010E1 83F803 cmp eax, 00000003 :004010E4 0F8C93000000 jl 0040117D :004010EA 8BD0 mov edx, eax :004010EC 33C9 xor ecx, ecx :004010EE 33DB xor ebx, ebx |
Code: |
:004010E1 83F803 cmp eax, 00000003 :004010E4 0F8C93000000 jl 0040117D |
Code: |
:004010EA 8BD0 mov edx, eax :004010EC 33C9 xor ecx, ecx :004010EE 33DB xor ebx, ebx |
Code: |
:004010F0 0FB68150204000 movzx eax, byte ptr [ecx+00402050] :004010F7 3537130300 xor eax, 00031337 :004010FC 05EFBEADDE add eax, DEADBEEF :00401101 69C066060000 imul eax, 00000666 :00401107 2DB3BAAD1B sub eax, 1BADBAB3 :0040110C C1E003 shl eax, 03 :0040110F 350DD04DD3 xor eax, D34DD00D :00401114 03D8 add ebx, eax :00401116 41 inc ecx :00401117 3BD1 cmp edx, ecx :00401119 75D5 jne 004010F0 :0040111B 53 push ebx |
Code: |
movzx eax, byte ptr [ecx+00402050] |
Code: |
:004010F7 3537130300 xor eax, 00031337 :004010FC 05EFBEADDE add eax, DEADBEEF :00401101 69C066060000 imul eax, 00000666 :00401107 2DB3BAAD1B sub eax, 1BADBAB3 :0040110C C1E003 shl eax, 03 :0040110F 350DD04DD3 xor eax, D34DD00D :00401114 03D8 add ebx, eax |
Code: |
:00401116 41 inc ecx :00401117 3BD1 cmp edx, ecx :00401119 75D5 jne 004010F0 |
Code: |
.486 .model flat,stdcall option casemap:none include \masm32\include\user32.inc include \masm32\include\windows.inc include \masm32\include\kernel32.inc includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib .data sName db "Troopa",0 szFormat db "%X",0 .data? sNameCode dd 20 dup(?) .code start: mov edx,6h xor ecx,ecx xor ebx,ebx NextChar: movzx eax, byte ptr [ecx+sName] xor eax,31337h add eax,0DEADBEEFh imul eax,666h sub eax,1BADBAB3h shl eax,03h xor eax,0D34DD00Dh add ebx,eax inc ecx cmp edx,ecx jne NextChar invoke wsprintfA,addr sNameCode,addr szFormat,ebx invoke MessageBox,NULL,addr sNameCode,addr sName,MB_OK invoke ExitProcess,NULL end start |
Quote: |
Now, were this "how to crack application X", the case would obviously be different. But as it stands, I don't see any problems with it, barring the snippet which I removed where the author offered to provide a copy of the program for practicing purposes.. |
lepricaun wrote: |
was this a program he has written hisself, or was it someone elses? |
troopa wrote: |
I understand why Capi took that part out of my post though, so if it's alright with the moderators I am more than happy to pass out this crackme to the community, PM me if you want a copy. |
Quote: |
Do you intend to follow this up with a more comprehensive tutorial/walkthrough? |
Quote: |
I do apologize for jumping into conclusions - nothing directed at you, as I'm sure you understand it's always best to err on the side of caution in this sort of thing Wink. |
Quote: |
Please feel free to make the program available in whatever way you feel appropriate, either publicly through a link here or through a more private venue. |
Quote: |
:004010F7 3537130300 xor eax, 00031337
:004010FC 05EFBEADDE add eax, DEADBEEF :00401101 69C066060000 imul eax, 00000666 :00401107 2DB3BAAD1B sub eax, 1BADBAB3 :0040110C C1E003 shl eax, 03 :0040110F 350DD04DD3 xor eax, D34DD00D :00401114 03D8 add ebx, eax We take eax (which has the hex value of the character), xor it by the hex value 00031337, add what we have in eax by the value DEADBEEF, multiply the value of eax by the value of 00000666, subtract the value of eax by the hex value 1BADBAB3, shift three places to the left, and last we xor the current value of eax by D34DD00D. Then we store the answer to all of the calculations into ebx so at the end of the loop ebx will hold a valid serial number. |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours