Cracking Projects For Newbies

Task 3
Saturday, 06-Feb-99 13:07:57
    193.159.4.1 writes:

    XXXX:0040B73A CALL 0040CCC0 Compares the fake serial with the correct one (see answer 2)
    XXXX:0040B73F ADD ESP, 00000008 before the ADD, ESP points to the adress, where the fake
    serial is stored, after the ADD, ESP doesn't point to anything
    important (in my opinion)
    XXXX:0040B742 TEST EAX, EAX Compares fakes serial with correct one
    XXXX:0040B744 JNE 0040B9BC If entered serial is wrong jump to bad
    cracker, else good buyer

    a) ecx - fake serial
    edx - correct serial

    b) After the Call ESP points to the adress where the fake serial is saved,
    after the ADD ESP,08 the ESP doesn't point to a important adress (I
    believe), So ADD ESP,08 deletes the pointer to the fake serial, because
    the serial is stored in ecx.

    c) same as a)

    d) jne 0040B9BC Takes us to the 'Sorry...' message.

    2)
    Before the CALL ESP points to the fake serial

    0040CCC0 SUB ESP, 04 points somewhere in the memory
    0040CCC3 CMP DWORD PTR [0042F124],00 compares lenght of name(?) to 0
    0040CCCA PUSH EBX saves EBX on the stack
    0040CCCB PUSH ESI saves ESI on the stack
    0040CCCC JNZ 0040CD05 jumps to wrong serial
    0040CCCE MOV ECX,[ESP+10] ECX=fake serial
    0040CCD2 MOV EDX,[ESP+14] EDX=correct serial
    0040CCD6 MOV AL,[ECX] adress AL=ascii of first char of
    fake serial
    0040CCD8 CMP AL,[EDX] compares first char of fake serial
    with first char of correct serial
    0040CCDA JNZ 0040CCFA jumps to bad serial
    0040CCDC OR AL,AL logic inclusive OR
    0040CCDE JZ 0040CCF2 if AL=0 jumps to correct serial
    0040CCE0 MOV AL,[ECX+01] adress al=second char of fake#
    0040CCE3 MOV AL,[EDX+01] compares first char of fake and
    valid serial
    0040CCE6 JNZ 0040CCFA jumps to bad serial
    0040CCE8 ADD ECX,02 ecx=third char of fake serial
    0040CCEB ADD EDX,02 edx=third char of correct serial
    0040CCEE OR AL,AL logic inclusive OR
    0040CCF0 JNZ 0040CDD6 if AL is not 0 jump to 0040CDD6 (loop)
    0040CCF2 XOR EAX,EAX EAX=0
    0040CCF4 POP ESI loads ESI from the stack
    0040CCF5 POP EBX loads EBX from the stack
    0040CCF6 ADD ESP,04 makes the SUB ESP,04 at the beginning
    undone
    0040CCF9 RET returns from Call


    First the program compares the lenght of our fake serial to 0.
    If it is 0 then it jumps to bad serial. Then it compares the first char
    of our serial to the first char of the correct serial. Then the second and
    so on, until there are different chars in the fake and correct serial. Then
    it jumps to bad serial.

    3) Not yet


    LaZaRuS


Message thread:

LaZaRuS: My solutions for Task 1 (03-Feb-99 12:14:39)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.