S!x0r's Crackme#2 by S!x0r
| Download Crackme#2_S!x0r.zip, 6 kb (password: crackmes.de) Browse contents of Crackme#2_S!x0r.zip Hello,
Difficulty: 3 - Getting harder | RatingWaiting for at least 3 votes View profile of S!x0r » |
Solutions
Solution by Encrypto, published 20. jan, 2015; download (408 kb), password: crackmes.de or browse.
Encrypto has rated this crackme as nothing special.
Discussion and comments
| stanoja 21. Dec 2014 | Okay, I've cracked this thing but can't make a keygen. At 004012E0 replace C3 (RET) with 90 (NOP). Still trying to figure out how to bypass the RET without replacing it with NOP but to look for the comparisons. Need help... |
|---|---|
| Office Jesus 21. Dec 2014 | @stanoja: Scroll up to 004012B3 and you will see the first three checks you need to pass. They're pretty easy to figure out. ;) |
| S!x0r Author 25. Dec 2014 | Sorry, in the first version was a bug. Accepted invalid Serials. A thank goes to Office Jesus, who reported me that bug. I hope this version is bug free. |
| ragdog 26. Dec 2014 | Are you sure on your last step with bn2Bytes, do you take care of Endian ? feature or bug? at the end it is not hard. every right solution is wrong in your keygenme due the endian issue.! Greets, |
| S!x0r Author 26. Dec 2014 | Hi ragdog, Yes, I´m sure. I can generate valid serials, with my own keygen for it. |
| ragdog 26. Dec 2014 | I have test it i have the correct serial but you compare it in a wrong endian can you check it please? 00401254 . 8D35 B2454000 LEA ESI, DWORD PTR DS:[4045B2] 0040125A . 8D3D C2454000 LEA EDI, DWORD PTR DS:[4045C2] 00401260 . B9 10000000 MOV ECX, 10 00401265 . 33D2 XOR EDX, EDX 00401267 . 33D2 XOR EDX, EDX 00401269 . EB 0A JMP SHORT Crackme#.00401275 0040126B > 8A06 MOV AL, BYTE PTR DS:[ESI] 0040126D . 3A07 CMP AL, BYTE PTR DS:[EDI] 0040126F . 75 01 JNZ SHORT Crackme#.00401272 |
| S!x0r Author 26. Dec 2014 | The check is correct. Can you send me the part where you generate the serial? The surrender from h(m) reaches. |
| ragdog 26. Dec 2014 | Ragdog 9252D23151FC64435B47A631BF1C5A5C-A81ED88B522892B7D897782459EBD556 |
| S!x0r Author 26. Dec 2014 | This is Correct! |
| ragdog 26. Dec 2014 | Yes i know but my first thinking was a wrong way. mfg,raggy gRn |
| downabc 29. Dec 2014 | Seriously, Keygen is not hard to code if i know what's the algorithm at 0x402840... it look's like a big int operation, however i can't identify it. Just a overview to this cm: after text of Edit_username and Edit_password was got, the dw_KeyTable at 0x404013 was used to calculate four part of sum of the username in four similar way like: lodsb // get char from username one by one as a loop //do something to al //part2:al ^bx, part4:al+4e, part1:al/16, part3:al+4 add sum,dw_KeyTable[al] then the password was used as 2x128bit big int, seperated by '-' with some endian reverse. after some big int calculation, the four part of the sum will be used as a 128bit big int to be compared with the first 128bit of the 256bit big int to deicde the password is or not corret. and the very last, please forgive me about the poor english... |
| S!x0r Author 29. Dec 2014 | Little tip What's the result for result =AD089BD35F53D4687921D4B4DAF4D4F3^2 |
| boonz 21. Jan 2015 | Nicely done, Encrypto. The keygen looks pretty badass. Good to see some of the older folks are still around :-) |
| Encrypto 23. Jan 2015 | Thanks for the kind words boonz :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.