CrackMe® Practices for Newbies
CrackMe 2 by CyberBlade [ReFleXZ '99]

A bit of contribution
Wednesday, 14-Apr-99 13:15:53

    I'd like to say that if this is the first time you are using SmartCheck,
    Under Program Settings:-
    Error Detection: "tick" all boxes except "Report errors immediately".
    Advanced: "tick" first 4 boxes.
    Make sure "Suppress system API and OLE calls" is not "ticked".
    Reporting: All boxes "ticked" except for "Report MouseMove events
    from OCX controls"

    Pictures of it are available on my website.

    Run the crackme using SC.
    I entered "Eternal Bliss" for the name and "12345" for the serial.
    Click on "Check"

    Command1_Click shown. Slick on + sign to expand the threads.
    (Still in "Show Errors and Specific Events" mode)

    A repetition of commands:
    txtname.Text
    Mid(VARIANT:String:"Eternal...",long:1,VARIANT:Integer:1)
    Asc(String:"E") returns Integer:69

    explanation:
    Read from textbox
    get first char which is "E"
    convert it to decimal value which is 69

    Every char is converted.
    Followed by 11 lines of txtkey.Text.
    (I believe that the author did not optimise his codes thus having so many repetitions)

    Then a MsgBox(VARIANT:String:"",Integer:64,VARIANT:String:"Failed",...)
    which is what you saw after clicking "Check"


    Click on the first txtname.Text and choose "Show All Event"
    scroll down using your arrow key and look at what is shown on the right window in SC whenever the line for SysFreeString is highlighted.

    You will see 69 then 69116 then 69116101 etc etc until 69116101114110971083266108105115115
    (this is the result of joining the decimal values of Eternal Bliss together)
    Then you will see a series of
    VariantChangeTypeEx and SysFreeString

    I've copied down the numbers for

    69116101114110971083266108105115115
    2.20003382762274E+34
    ...
    7.47791902916183E+28
    94707710791
    30146400638
    9595897354
    3054468994
    972267677 (the last SysFreeString before txtkey.Text)

    If you take the last 2nd number and divide it with the last,
    you will get 3054468994 / 972267677 = 3.141592656
    9595897354 / 3054468994 = 3.141592654

    The results are similar and the only difference is due to rounding off.

    In fact, that is how the next number in the sequence is obtained.
    The number before will be divided by pi (3.1415926...) to get the next number.

    Using a few different names, you will see that it stops when the number is 9 digits.

    Then it is another series of
    txtkey.Text
    SysFreeString
    _TextBox:Released()
    _TextBox:AddRef()

    Eternal Bliss


Message thread:

A bit of contribution (Eternal Bliss) (14-Apr-99 13:15:53)

Back to main board