| Author | Acid_Cool_178 |
| Target | 2Sweet
Crackme 1.0 2Sweet Crackme 1.B |
| Download it from | http://2Sweet.tsx.orx |
| Public Release | 14 Febuary 2001 |
| Author Contact | acid_cool_178@hotmail.com |
| Dedication | Goes to 2Sweet and DaFixer for DeDe |
| Difficulty Level (1..7) | 1 (EASY) |
| Tools Required | Language DeDe (I'm are using version 2.44) |
| Download it from | http://www.protools.cjb.net |
. Published by +Tsehp feb 2001
|
|
Well, Mercution please jump up and down right now, finally I'm are using the Hellforge macro but i have done come changes at it ;) (CRIES)
I was bores at school so I went online and I founded alotta cool things at the net, like http://www.sex.com and http://www.disney.com and those pages just roxx!!
I have wondered how DeDe are working in a long time so now i started again to work with it, I had no clue on wha tthe hell I was doing but I read and followed the instructions and tested out.... I have founded out many things already so that is great....
And now we are going
to work coz we will crack Crackme 1 and Crackme 1.B
|
|
Cracking Crackme 1.0
Before we are starting so have to to understand what the hell this crackme are doing... Run the crackme and you will only find one edit field to enter your code into. I tried to fill in "2951" and i clicked the Try button and I ended up with one stupid NAG that told me "INCORRECT PASSWORD" Well.. Here are our options
- We can patch the damm jump that jumps to the NAG
- We can patch the nag so we won't get any stupid NAG's up
- We can leave the crackme alone and burn our PC and begin with fotball instead of cracking
- We can find the correct serial
Now, i'm are abit tierd of patching the jumps and calls for removing stuff so option 1 and 2 are not accepted.
Option 3 are also now accepted coz i'm are one PC holic :)
Option 4 will work fine for me...Let's begin witht he work so just follow the steps.
- Open DeDe
- Open File and select dcm10.exe
- Click on the Process Button and now DeDe are disassembeling the crackme
- Follow the instruction under the Disassembeling
- Goto the procedures tab in DeDe
- Select TForm1 and Button1Click
I'm are only guessing at step 6 but it was was the correct guess too as you can see so are one new window poping up now and it have some disassembely code for you. How I knew that was because that I scrolled down and founded my error message:
00442225 E81A19FCFF call 00403B44 <-- Serial Compare Routine
0044222A 750C jnz 00442238 <-- The Bad jump if the serial are wrong* Possible String Reference to: 'PASSWORD IS CORRECT' <-- Here is our good message
|
0044222C B888224400 mov eax, $00442288* Reference to: Dialogs.ShowMessage(System.AnsiString)
|
00442231 E88EF9FFFF call 00441BC4
00442236 EB0A jmp 00442242* Possible String Reference to: 'INCORRECT PASSWORD' <-- The bad message that we don't want to see
|
00442238 B8A4224400 mov eax, $004422A4Now, try to scroll up and you will see this and here are also our little serial :)
* Reference to: Controls.TControl.GetText()
|
0044220D E8D20FFEFF call 004231E4 <-- Here it takes the serial that we entred
00442212 8D45F8 lea eax, [ebp-$08] <-- Stores the entred serial into EAX* Possible String Reference to: 'ASSHOLEKING'
|
00442215 BA74224400 mov edx, $00442274 <-- Stores the string ASSHOLEKING in EDX* Reference to: System..LStrLAsg()
|
0044221A E83116FCFF call 00403850
0044221F 8B45FC mov eax, [ebp-$04]
00442222 8B55F8 mov edx, [ebp-$08]* Reference to: System..LStrCmp()
|
00442225 E81A19FCFF call 00403B44 <-- Compare Routine
0044222A 750C jnz 00442238 <-- IF EAX == EAX then don't jump else jump to the bad message* Possible String Reference to: 'PASSWORD IS CORRECT' <-- Good message
|
0044222C B888224400 mov eax, $00442288 <-- Good message stored in EAX* Reference to: Dialogs.ShowMessage(System.AnsiString)
|
00442231 E88EF9FFFF call 00441BC4 <-- Shows the good MessageBox
00442236 EB0A jmp 00442242 <-- Jump over the Bad Message* Possible String Reference to: 'INCORRECT PASSWORD' <-- Bad Message
|
00442238 B8A4224400 mov eax, $004422A4 <-- Bad Message stored in EAXOnly for looking so have I founded the famous CMP function int he call at 00442225 and that call worked too, trace into it by dubbleclick at it and you will see this.. (I have only taked the important codes)
00403B44 53 push ebx
00403B45 56 push esi
00403B46 57 push edi
00403B47 89C6 mov esi, eax <-- EAX == Our entred serial
00403B49 89D7 mov edi, edx <-- EDX == The correct serial
00403B4B 39D0 cmp eax, edx <-- Compares the entred serial with the correct serialAnd now you now whare it was :) I tested ASSHOLEKING and it worked 150% fine for me...
Cracking Crackme 1.B
Again,,before we are starting so have to to understand what the hell this crackme are doing... Run the crackme and you will only find one edit field to enter your code into. I tried to fill in "2951" and i clicked the Try button and I ended up with one stupid NAG that told me "PASSWORD IS WRONG"
We will follow the same stepas as we did with Crackme 1.0
- Open DeDe
- Open File and select dcm1b.exe
- Click on the Process Button and now DeDe are disassembeling the crackme
- Follow the instruction under the Disassembeling
- Goto the procedures tab in DeDe
- Select TForm1 and Button1Click
Dubbleclick at Button1Click and I didn't say in in Crackme1.0 that all code that you can find here is everything that 2Sweet have made under the Button1, there is nothing else that this code and nothing else.. THIS IS IT !!!!
I founded this code
* Reference to control TForm1.Edit1 : TEdit <-- Sets the focus at the SerialBox
|
00442207 8B83C4020000 mov eax, [ebx+$02C4] <-- Will store it in EAX* Reference to: Controls.TControl.GetText() <-- GetText
|
0044220D E8D20FFEFF call 004231E4 <-- Here it takes out our Serial (GetText)
00442212 8D45F8 lea eax, [ebp-$08] <-- and stores our serial in EAX* Possible String Reference to: 'PORNQUEEN' <-- One Ppedefined string
|
00442215 BA7C224400 mov edx, $0044227C <--Stores the string PORNQUEEN in EDX* Reference to: System..LStrLAsg()
|
0044221A E83116FCFF call 00403850
0044221F 8B45FC mov eax, [ebp-$04]
00442222 8B55F8 mov edx, [ebp-$08]* Reference to: System..LStrCmp() <-- StrCmp == StringCompare
|
00442225 E81A19FCFF call 00403B44 <-- The compare routine is in this call
0044222A 750A jnz 00442236 <-- IF wrong serial then jump to the bad message* Possible String Reference to: 'CRACKED ;) !!' <-- Good message
|
0044222C B890224400 mov eax, $00442290 <-- Stores CRACKED ;) !! in EAX* Reference to: Dialogs.ShowMessage(System.AnsiString)
|
00442231 E88EF9FFFF call 00441BC4 <-- Shows the good message
00442236 8B45FC mov eax, [ebp-$04] <-- The Message format
00442239 8B55F8 mov edx, [ebp-$08] <-- The Message format* Reference to: System..LStrCmp() <-- This is confusing
|
0044223C E80319FCFF call 00403B44 <-- But nothing important
00442241 740A jz 0044224D <-- but what the hell is this ??* Possible String Reference to: 'PASSWORD IS WRONG' <-- The bad message string
|
00442243 B8A8224400 mov eax, $004422A8 <-- Stores the bad message in EAXThis crackme is just the same as Crackme 1.0 but it have something new in the end, look at the last comapre routine at 44223C, trace into it and you will see the same thing that you was in the first crackme, CMP EAX,EDX where EAX == our serial and EDX == correct serial.. Nothing new in there but take a look at loaction 44222A and 442241
44222A == JNZ == Jump if Not Zero
442241 == JZ == Jump if Zero
As you can see so are it taking the same coparing routing but only changed something, then jumps, I don't now how and WHY but this crackme are cracked now.... I have my serial wich are PORNQUEEN :))
Well, finally I now something
about DeDe but these crackmes were easy, but it were good crackmes for beginning
to learn DeDe and it's functions : Back in Hellforge again and
Win32ASM coding are better than ever, still newbie but working and using OllyDbg
instead of SoftIce... I'm are getting better these days wich are great and I'm
are enjoying it.... And I also enjoys my lovly girlfriend and we will move
togheter now soon :D Acid_Cool_178
are logging og he's stupid lovly dear box now... Adios dear reader.... Groups:
HF, ID, TCA, GC
Special
Greetings: czDrillard 4 making he's crackme 2 that
was the first one i
understood 150% perfect,, and LaZARuS for he's great tutorials....
Individuals, ManKind, Dark Wolf, BiSHoP, Mercution, AlX, Falcon, Marton,
Borna Janes, Analyst, Eternal Bliss, NARRoW, Subzonic, DiABLO, Eddie Van Camper,
CD_Knight and all the rest that i have forgotten
Any mistakes, corrections, or comments
may be mailed to the members individually, or to the group :
hellforge@hellforge.org.