Written by

Bjanes 

 

Date: 10th April 1999

Program name: CoSH CrackMe v2.0

Program type: Win32 CrackMe 

Program location: Here

Program filename: cosh2.zip 

Program size: 4,5 Kb 

 

Tools required: 

Softice 3.2 - Debugger

 

Difficult level: 

Easy ( X )  Medium (   )  Hard (    )  Pro (    ) 

Type of protection: Serial only Even in this crackme you have to enter either Name and Serial, crackme doesn't use Name to generate your serial. It checks serial char by char and if everything is same displays good message. Crackme uses your Name only as a part of a good message! Name and Serial must be at least six characters long! Bad message: "One of the Details you entered was wrong" Good message: "Well done, [your_handle]"  

Load the crackme, and enter your handle and any random serial into 
the textboxes. Now, pop up the Sice with "CTRL-D",  and put the  
breakpoint at GetWindowTextA("bpx GetWindowTextA"). 
Close the Sice("CTRL-D" again) and press "CHECK" button. 

Note: Your Name and Serial must be at least six characters long!
Example: Bjanes
                 998899

When the Sice breaks, press "CTRL-D". Sice will break again, and now press 
"F11" and "F12", both ones, to return to the programs code. 

You'll see this piece of code.... 

015F:004014CD  57                  PUSH    EDI
015F:004014CE  8DBEA0000000        LEA     EDI,[ESI+000000A0]
015F:004014D4  8BCF                MOV     ECX,EDI
015F:004014D6  E86F030000          CALL    0040184A    ;Get lenght of the name
015F:004014DB  8B1DFC214000        MOV     EBX,[USER32!PostQuitMessage]
015F:004014E1  83F805              CMP     EAX,05       ;Is the lenght more then 5??
015F:004014E4  7E50                JLE     00401536(1)  ;If not then jump to bad section of code
015F:004014E6  8D6E60              LEA     EBP,[ESI+60]
015F:004014E9  8BCD                MOV     ECX,EBP
015F:004014EB  E85A030000          CALL    0040184A  ;Get lenght of the serial
015F:004014F0  83F805              CMP     EAX,05    ;Is the lenght more then 5??
015F:004014F3  7E41                JLE     00401536(1)  ;If not then jump to bad section of code
015F:004014F5  8D86E0000000        LEA     EAX,[ESI+000000E0]
015F:004014FB  8BCF                MOV     ECX,EDI
015F:004014FD  50                  PUSH    EAX
015F:004014FE  E841030000          CALL    00401844  ;Get name from the textbox
015F:00401503  8DBEE4000000        LEA     EDI,[ESI+000000E4] <--- You land here
015F:00401509  8BCD                MOV     ECX,EBP
015F:0040150B  57                  PUSH    EDI
015F:0040150C  E833030000          CALL    00401844  ;Get serial from the textbox
015F:00401511  8B07                MOV     EAX,[EDI] ;EAX = Location of the serial <--- You land here
015F:00401513  803836              CMP     BYTE PTR [EAX],36 ;Is first char of serial "6"(36h)??
015F:00401516  751E                JNZ     00401536(1)  ;If not then jumo to bad section of code
015F:00401518  80780132            CMP     BYTE PTR [EAX+01],32 ;Is second char of serial "2"(32h)??
015F:0040151C  7518                JNZ     00401536(1)  ;If not then jumo to bad section of code
015F:0040151E  80780238            CMP     BYTE PTR [EAX+02],38 ;Is third char of serial "8"(38h)??
015F:00401522  7512                JNZ     00401536(1)  ;If not then jumo to bad section of code
015F:00401524  80780337            CMP     BYTE PTR [EAX+03],37 ;Is fourth char of serial "7"(37h)??
015F:00401528  750C                JNZ     00401536(1)  ;If not then jumo to bad section of code
015F:0040152A  8078042D            CMP     BYTE PTR [EAX+04],2D ;Is fifth char of serial "-"(2Dh)??
015F:0040152E  7506                JNZ     00401536(1)  ;If not then jumo to bad section of code
015F:00401530  80780541            CMP     BYTE PTR [EAX+05],41 ;Is sixth char of serial "A"(41h)??
015F:00401534  7417                JZ      0040154D   ;If yes then jump to good section of code
015F:00401536  6A00                PUSH    00(1)
015F:00401538  6864304000          PUSH    00403064

Pretty simple, ha?....you can see that the serial is "6287-A".

Hope you haven't any problems with this crackme, but.... 
If you still have some problems or questions you can mail us: ReFleXZ@fcmail.com

The Sandman for his great site(the best site for newbies) full of knowledge and for 
his cracking forum(also the best on the net)! 
Eternal Bliss, my GREAT 'virtual'  friend, for all what he done for me! 
MiZ, also the GREAT friend of mine. For all the time that I spent with you :) 
Iczelion, for his great Win32Asm tutorials, and all knowladge that he gave me! 
DnNuke, for link of GREAT mp3 site that he gave me :)) 

Torn@do, Carpathia, Zobel, MisterE, VisionZ, DecoderZ, Rhytm, noos, Ordoc... 
...and all there at #cracking4newbies and #Win32Asm(and #ReFleXZ99 too :) 

If I miss someone plz forgive me, and if you think that you must be on this list tell me!