tutorial for kf-crkme3.exe

by Mango

this is the third crackme by kornflex

tools used smartcheck
difficulty 2~3 ( newbie )

ok well to start with it is written in vb6 i belive, so the first thing that i did was open it up
in smartcheck and see what it had to say.  well i got to say the first thing i do in smartcheck is
to do a complience report to see what i can search for like vbastrcmp etc

ok so i opened it up and ran it

and was greeted with the usual load of code

i then entered username == mango and pass == 12345

i let smart check do its stuff and once it had calmed down i searched for vbastrcmp (just to see)
and was greeted this a comparison between my fake pass and the string "4e-12-56y-90"
whhoooooooooooooooooooooo hooooooooooooooooooooooo we have it and the kettle hasnt even boiled yet

well................ fire up the crackme and try it (i did) and was greeted with a cute little
message telling me not to trust string refs  well i got a little upset and went to make my coffee.

ok

i fired up smartcheck again and ran it with a different username and found that it was the same
string that it was comparing it to so i kinda got the idea that it was hardcoded as a decoy

so i looked a little higher in the code and found that i could see the string that held the dont
trust string refs :P and for some reason it was reversed ?? well this got me thinkng hmmmm

after a little bit of reading i also came to the conclusion that this was all done before i even
clicked the register button so...

i searched for click and got to the start of the REAL algo

now i saw a lot of string manips and so on but after getting to the bottom end of the page i found a
serial code been built up :)

in the end i got npfhmo`blm for the name mango

so i tried it and BINGO i got a good job picture :)

ok ok ok so i got it cracked but how ??

i followed the code back to the start and found that it took my name and reversed it (remember the
reversed string at the start)

now the code takes the first (or last) letter and took the letter before it in the ascii table and
the letter after it in the ascii table

so   mango get turned to ognam

o == np
g == fh
n == mo
a == `b
m == ln

sooo    put it all together and you have npfhmo`bln

final though on this crackme.............well done it got me thinkng for a bit :)

Mango



