downloadbrowseTDC[NL]'s CodeShield II

Download CODESHL2.ZIP, 56 kb (password:
Browse contents of CODESHL2.ZIP

Hehe my other CodeShield got solved, so I am striking back with CodeShield II :-)

I hope this one is not that easy,

- Greetz TDC

Difficulty: 3 - Getting harder
Platform: Windows 2000/XP only
Language: Assembler

Published: 15. Nov, 2005
Downloads: 787


Votes: 9
Crackme is quite nice.

Rate this crackme:

Send a message to TDC[NL] »

View profile of TDC[NL] »


There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!

Submit your solution »

Discussion and comments

15. Nov 2005
Very much overrated. Difficulty 3-4 would be more appropriate.
15. Nov 2005
For some it's easy kao, for others not, I think your skills at this stuff is maybe just better and that could be why u think it is easy :)
15. Nov 2005
After ReadProcessMemory edx is set to 5 on xp sp2 (after successful read, didn't check what happens with edx if read fails), and on win2k is set to 1, latter edx is used as index to inputed serial and it is not set to 0 nor any other number but it's value depends from last called api. Is this a bug?
15. Nov 2005
yeah, I noted it too in IDA right now. mmh... M$ specs for WinBool should state that true is any <>0, so assuming (1) as true is a fault on WinAPI, I think...
16. Nov 2005
well problem is that edx is not preserved during ReadProcessMemory and holds some "random" value, so my q is : can we patch just this to set edx to 0...
16. Nov 2005
TDC, this was not meant as offense.. ;) I downloaded it because I expected a challenge that will last for 2-3 hours, but found a simple encryption that requires smart bruteforce.. ;) A crackme that is level "8 - very very hard" should have more than that..

Even if all bugs in the crackme (like above mentioned EDX usage, buffer overflow in serial input and possible use of ProcessId in decryption, SEH handler that does not behave like it should) are intentional "features", it still is no harder than "5 - professional problem to solve"..
17. Nov 2005
quote from kao..
'simple encryption that requires smart bruteforce.. ;)'

hehe i bet you need smart bruteforce for this one, but it's not bugged in any way i'm sure of it, if you input the right pass, it decrypts the codes to show the message and decrypt the message

the SEH handler is just ment to quit the crackme if it begins to execute buggy codes generated from a wrong pass
22. Nov 2005
So... any1 going to solve this one and write a nice tut? :)
22. Nov 2005
Great crackme TDC!;)
24. Nov 2005
Can you give any hints as to how long the password is?
29. Nov 2005
ok, the password is about 14 characters long :)
13. Dec 2005
hah, i've tried a crackme like this before... where the password is used to decrypt the code... hmm... gonna be tough to figure without knowing what the code is meant to be :\
31. Dec 2005
hehe, i give 1 hint
the password is used to decrypt the opcodes to decrypt the opcodes for the junk/messagebox and that all filled with junk ^_^
07. Feb 2006
Anyone yet solved it? I think I know a nice bruteforcing way that would work. If anyone interested leave comments and I'll see if I can contact ya, or post my ideas here.
08. Feb 2006
Great crackme, TDC!
Good Job!
08. May 2006
i think that EDX sets to 5 because thats the number of bytes readen ...
12. May 2006
is anyone still tryes this one ???

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.