NEO'X'QuiCk


Tutorial for Sweeet Dream 1.0 CrackMe
 

Application:

Crackme

Download Application:

http://www.crackmes.cjb.net

Cracker:

NeO'X'Quick

Tools:

SoftIce 4.05

 

Beginner [ x ]                 Intermediate [ ]                Advanced [ ]                 Expert [ ]

:: Introduction ::

                                               If you are fresh newbie and you are just starting to learn how to crack this crackme is jts for you ! But if you have already some knowledge about cracking i advice you that you rather find some more difficult taks then this crackme. As you could notice the file is packed with ASp 2.11 by Pe-Pack 1.0 and UPx but there is no need to unpack it. Why? Because we can crack it just with the Softice.I used 4.05 but anyone version of it will also do it.SO this crackme is for any newbies who would like to practice serial fishing. Ok enought talk let's start:

:: Start Cracking ::


******************************************************************************************************************************************************************************


1: Task to the serial  


******************************************************************************************************************************************************************************


:: Solution FOr Task One :




Open crackme write you name i did mine NeO'X'QuiCk for key i had 5393C000 and for serial i Wrote 123123. Then open the Softice by pressing CTRL+D i set a break on HMEMCPY.Who BPX HmemCpy and press Enter!Then exit the softice by the same press as you entered.Press Ok in crackme.Softice should break Press F11 once (go to return address) and F12 * 11 times (to return to function where it was called) you should he right here:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


0167:00456EA2 E87DDBFCFF CALL 00424A24
0167:00456EA7 8B45FC MOV EAX,[EBP-04]
0167:00456EAA E801CCFAFF CALL 00403AB0                          /**Get the lenght of your name and moves into eax **/
0167:00456EAF 83F804 CMP EAX,04                             /**Compares you lenght of the name with 4 if it bigger you pass Small msg mine lenght of the name is B(hex) which is 11 in dec **/
0167:00456EB2 7D13 JGE 00456EC7
0167:00456EB4 A108954500 MOV EAX,[00459508]
0167:00456EB9 8B00 MOV EAX,[EAX]
0167:00456EBB E80869FEFF CALL 0043D7C8
0167:00456EC0 BB01000000 MOV EBX,00000001
0167:00456EC5 EB15 JMP 00456EDC
0167:00456EC7 83FB25 CMP EBX,25                       /**Here compare our lenght of serial if it's longer then 25 letters you get wrong msg**/
0167:00456ECA 7D0E JGE 00456EDA
0167:00456ECC 83C332 ADD EBX,32
0167:00456ECF 83C31E ADD EBX,1E
0167:00456ED2 83EB4F SUB EBX,4F
0167:00456ED5 83FB25 CMP EBX,25
0167:00456ED8 7CF2 JL 00456ECC
0167:00456EDA 33DB XOR EBX,EBX
0167:00456EDC 33C0 XOR EAX,EAX
0167:00456EDE 5A POP EDX
0167:00456EDF 59 POP ECX
0167:00456EE0 59 POP ECX
0167:00456EE1 648910 MOV FS:[EAX],EDX
0167:00456EE4 68F96E4500 PUSH 00456EF9
0167:00456EE9 8D45FC LEA EAX,[EBP-04]
0167:00456EEC E843C9FAFF CALL 00403834
0167:00456EF1 C3 RET


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So as you can see our leght of the name must be longer the 5 letter and lenght of serial musnt be longer the 25 letters.Ok press F10 to trace further more and then should stop here:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


0167:00457403 4B DEC EBX
0167:00457404 83EF31 SUB EDI,31 
0167:00457407 81FF26020000 CMP EDI,00000226
0167:0045740D 7EED JLE 004573FC
0167:0045740F 03DF ADD EBX,EDI
0167:00457411 8D55F0 LEA EDX,[EBP-10]
0167:00457414 8BC3 MOV EAX,EBX
0167:00457416 E82D04FBFF CALL 00407848
0167:0045741B 8B45F0 MOV EAX,[EBP-10]
0167:0045741E E88DC6FAFF CALL 00403AB0
0167:00457423 8345F803 ADD DWORD PTR [EBP-08],03
0167:00457427 33DB XOR EBX,EBX
0167:00457429 8BFB MOV EDI,EBX
0167:0045742B 836DF802 SUB DWORD PTR [EBP-08],02
0167:0045742F 81FED30D0000 CMP ESI,00000DD3
0167:00457435 7C0D JL 00457444
0167:00457437 BE01000000 MOV ESI,00000001
0167:0045743C 81FED30D0000 CMP ESI,00000DD3
0167:00457442 7DF3 JGE 00457437
0167:00457444 817DF8D0070000 CMP DWORD PTR [EBP-08],000007D0
0167:0045744B 7C9D JL 004573EA
0167:0045744D E8AEFAFFFF CALL 00456F00
0167:00457452 8D55F4 LEA EDX,[EBP-0C]
0167:00457455 8B45FC MOV EAX,[EBP-04]
0167:00457458 8B80C8020000 MOV EAX,[EAX+000002C8]
0167:0045745E E8C1D5FCFF CALL 00424A24
0167:00457463 8B45F4 MOV EAX,[EBP-0C]
0167:00457466 8B55FC MOV EDX,[EBP-04]
0167:00457469 8B92F8020000 MOV EDX,[EDX+000002F8]
0167:0045746F E84CC7FAFF CALL 00403BC0                                            /**IMPORTANT**/
0167:00457474 740E JZ 00457484                                                                  /**IMPORTANT**/



-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So on a CALL do D EAX and you will get the serial you wrote in that is in mine case 123123!But if you D EDX you will get the real serial so mine was 1121'EXNO-1212678147-on'e00AZ8 So write it in and you get the CORRECt msg the crackme cracked heh!Easy!

 

::Greetings ::

         Special and biggest Thanks goes to Corbio who made my cracking skill become better ! To Nukem for helping to make a html and To Chordless for helping to learn about it.ANd to VATi who likes to pay with color and like to make good gfx !

Greetings:
                   XasX,Santmat,SEvando2000,Wishmaker,Acid_Cool_178, am4,Woody,SV,Bratch,Batilog,Code_Inside, to all members of TNT and TCA...and to all that i have forgotten!!

And of course to all crackme's writes and to all people that have helped me!
SOrry about grammer mistakes!!


  NeO'X'QuiCK

© 2001 by NeO'X'Quick