Cracking Acid_Cool_178 Crackme 1

The Camper Crew Solution To Acid_Cool_178 CrackMe Number 1 Of 178

Tools: W32Dasm Patched For VB SDR

Disassemble ACCrackme1.exe in W32Dasm and open up the String Data References Window, you'll see three strings:

"Crackme_1"

"Fucking Shit"

"YOU DID IT"

Double click on "YOU DID IT" and close the SDR Window.

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

Address Machine Code Assembler Instructions

* Possible StringData Ref from Code Obj ->"YOU DID IT"

|

:004023EF C74594C41D4000 mov [ebp-6C], 00401DC4 ; you'll land here

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

If you scroll up a couple of lines you will see this:

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

Address Machine Code Assembler Instructions

:004023E5 753E jne 00402425 ; jump if code is wrong to BadGuy

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

If you follow the jump you will see the SDR "Fucking Shit" and a call to rtcMsgBox the VB MessageBoxA function. For this jump to occur there must be some kind of condition like a compare, so if you scroll up a few lines again, you will see this:

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

Address Machine Code Assembler Instructions

:004023B8 6681FE870B cmp si, 0B87 ; compare the code you entered to 0B87h (2591 decimal)

/ / / / / / / / / / / / / / / / / / / Dead Listing / / / / / / / / / / / / / / / / / / / / / / / / /

This is the last compare before the jne so this is the instruction that must set the condition, therefore this must be the serial compare. 0B87h = 2951 decimal, so if you enter 2951 as the code then you will be greeted with the "YOU DID IT" message, and that's it - CrackMe solved - a very simple protection :)

If you wanted to patch it, you could nop the jne, or you could change the cmp, but as we know the correct code that is unnecessary :)

Greetz: ACiD_BuRN, Acid_Cool_178, as, Dawai, Ed!son, Eternal Bliss, Intern, LaZaRuS, Lord Soth, MisterE, Muad'Dib, Quantico, R!SC, TeChNiCh, tKC, Videk, and of course the CrackMe writers too. As well as everyone in #cracking4newbies, and #learn2crack.

Eddie Van Camper [The Camper Crew]

evc.campercrew@innocent.com

ICQ#: 43669548