downloadbrowselena151's ReverseMe#2 by lena151

Download, 277 kb (password:
Browse contents of

Some time ago, I coded a freeware application in which a registration scheme was only implemented to help me keep track of its use (free registration).
I amused myself coding a rather difficult scheme, however, it can easily be made many times harder.
To comply with forum rules, I have grabbed the registration scheme and made a CrackMe from it.
Everything is allowed : serialfishing, patching, brute forcing ... the ultimate goal being a keygen.
The only nag in the real stuff is when clicking the "Register" button as each time an action is required, the registration scheme is re-run internally to decide on acting or not. To make the reverseme easier, I have also implemented a startup and closing nag.
It's clear that killing the nags and About Box is NOT helping. This only confirms the non-registration internally.
In a valid solution, the goodboys are shown.
I built some useless code around the CrackMe to make it the normal size of the software.
ReverseMe is not packed nor encrypted. I believe it is virtually impossible without the following hints though :
1. For the application to be registered, it must say "REGISTERED" on the registration window. However, all the obvious goodboys in the strings (Success ... Registration SuccessFull ... Thanks for your support !!!! ... REGISTERED) are NOT used but are diversion code, seek elsewhere !
2. This "reverseme" is in fact part of an application which has 20 (twenty !) checks and doublechecks. If any of these fail, you are sent in the woods to go play with Robin Hood. In this case, the real serial is never calculated (only a fake diversion serial is calculated). BTW, assume anything by "checks and doublechecks", like suppose : verifying if the length of a certain part of the serial is right, else --> go see Robin in the woods.
3. This reverseme is part of a real application : at startup, it verifies for "was I previously registered or not ?". If it was registered before, the registration scheme is not shown in the real application. BTW, the reverseme shows the goodboy at startup when registered before (because there is no "application" here).
4. Find the ring0 debugger checks (find them all !) --> else go see Robin Hood
5. Find the ring3 debugger checks (find them all !) --> else go see Robin Hood
6. Find the anti-tracing --> else go see Robin Hood
7. ALL detecting is silent : if anything suspicious is detected --> go see Robin Hood
8. Expect some more tricks, probably these being the most important factor of faillure of all.

Success and have fun !

Difficulty: 7 - Very hard
Platform: Windows
Language: Unspecified/other

Published: 27. Jun, 2007
Downloads: 1077


Votes: 4
Crackme is nothing special.

Rate this crackme:

Send a message to lena151 »

View profile of lena151 »


Solution by lena151, published 19. jul, 2007; download (141 kb), password: or browse.

lena151 has not rated this crackme yet.

Submit your solution »

Discussion and comments

27. Jun 2007
The only reason it's "uncrackable" because it's soooooo boring. There is just endless and endless amount of code.... that it makes it boring.
27. Jun 2007
" Find the ring0 debugger checks " driver??
28. Jun 2007
I have included in the download a second file that shows anti-debugging (on the closing nag). Like said before: if your debugger is detected, it's not possible. This second file is supposed to help you in finding/eliminating the anti to find the reg scheme. Success!
30. Jun 2007
Well i dont run any debugger on my machine and still i got debuger detected message?!

(just runed it on xp sp2 - clean install (vmware) from windows explorer)
01. Jul 2007
Do not run in VM's because any "handling" may get detected.
Also, sice will get detected if it's installed.
09. Jul 2007
it's to hard recursive algo + some vm (or not %)), my head exploited...

it harder then bLaCk-eye's Nightmare or JUN!0R keygenme...

to Lena: has it some crypto?
19. Jul 2007
It has no crypto other than some crypto in the strings. There is absolutely no crypto involved in the reg scheme though.
It is your good right to express your feelings, thanks for the comment. However, it seems to me that you may have missed the meaning of the initial comments (see above). Indeed, if you miss anything from the anti, then you are sent into seemingly endless and recurrent code (I called it being sent into the woods to go play with Robin Hood). Of course it is boring in that case, however, I warned about it ...
Anyway, it's probably too hard even with the anti-debugging detecting file included. Hence, I've uploaded my own solution/keygen (see solution above). Your own solutions be it a patch/keygen are still (very) welcome though!

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.