Cracking Acid_Cool_178 Crackme Number 1

About this tutorial:
Tutorial:Cracking Acid_Cool_178 Crackme Number 1
Target:Acid_Cool_178 Crackme Number 1(included in the package)
Author:ManKind
Tools:W32Dasm 8.9x(this are good softwares, worth buying)
Date:5th of December 1999
Descriptions&Comments:This is a VB crackme coded by Acid_Cool_178 and [The Bug Tracker]. Though the protection(single serial) is kinda lame, the programmers are smart enough to not code the serial as a string. This tutorial is certainly worth for total newbies since I myself took around 15 minutes to crack it, hehe!
Copyright information:This tutorial is copyright © 1999 ManKind

Starting words:
Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at mankind001@bigfoot.com

The process: Actually, the purpose of this tutorial is to show that VB programs are aren't that hard to be cracked. Instead, I found it rather easy to crack VB programs compared to any other programs(that's my opinion). Note that to follow this tutorial, you will have to get SDR Enabler for VB Apps from Duelist of DREAD Crew(you can get it from either http://dread99.cjb.net or LaZaRuS's site) and use it to patch your copy of W32Dasm so that your copy of W32Dasm can show the String Data References of VB applications after disassembly. First I tried a long number on the serial input field and quickly was presented with an error and the Crackme exit. After trying few times, I realise that we have to enter integer number into the input field. Later I disassemble it(to see if there is any hardcoded serial) but I found only the following three String Data References:

"Crackme_1"
"Fucking Shit"
"YOU DID IT"

I double click on the "YOU DID IT" and was brought to the following code:

:004023EF C74594C41D4000 mov [ebp-6c], 00401DC4

I scroll up a little and saw the following code:

:004023E5 753E jne 00402425

The above conditional jump(jump if not equal) will bring you to the "Fucking Shit" message if executed. I guess we can actually change the jne into je to easily crack the crackme(I didn't try) but I am eager to fish out the real serial. I continued to scroll up until I see the following code:

004023B8 6681FE870B cmp si, 0B87

Now the above code looks great to me(want to know why?)! My first guess is that the code above will compare the serial entered with the correct one. SI should be our serial since the value isn't fixed while 0B87 is a fixed value(this is the correct serial) but 0B87 isn't in integer format so I went into SoftIce(you can use Windows Calculator too) and I type the following command:

? 0B87

Quickly presented to me is the decimal value of 0B87 which is 2951. Try it on the crackme, a message box displaying "YOU DID IT" came out and we knew that we have already succeeded in cracking this little crackme. Lastly, as a note to the programmers of this crackme, they should have build an error handler to handle input that isn't in integer format. Hehe! As usual, contact me if I make any mistake, ve me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Ending:
Thanks to:+ORC, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, Crackz, eKH(for the crackme) and other crackers and individuals who provide me with their tutorials and tools.
Greetz to:HarvestR, tKC, ytc_, Kwai_Lo, Punisher, TORN@Do, CiA, Phrozen Crew, eKH, other cracking groups and all crackers.

Service for ManKind
ManKind
mankind001@bigfoot.com
http://surf.to/mrep