Written by

Bjanes 

 

Date: 8th April 1999

Program name: Eternal Bliss VCCrackMe v1.0

Program type: Win32 CrackMe 

Program location: Here

Program filename: vccrackme10.zip 

Program size: 5 Kb 

 

Tools required: 

Softice 3.2 - Debugger 

 

Difficult level: 

Easy ( X )  Medium (   )  Hard (    )  Pro (    ) 

Few words about crackme from the author...

"Greetings to those that downloaded this CrackMe...

This is my 1st CrackMe written in VC++.

This CrackMe is very simple to crack. You just need a code. 
The reason for it being simple is because it's my first in the series 
of VC++ CrackMes I'm going to code. And the other reason is that 
my VC++ knowledge is not enough yet. This form of protection can 
be seen in some sharewares. Very lame but effective enough to prevent 
non-crackers from registering. Try it.

What to do with this CrackMe:
1) Find the code using Softice
2) If possible patch it but make a copy first. 8P"
 

Type of protection: Serial only

First of all you must have Sice loaded!...if you don't know how to do that
goto our page(link on the top) read toolz help section.

Now load the crackme and enter any random serial at the textbox....
For example, I entered: 998899
Now fire up the Sice with "CTRL-D" and but breakoint at GetWindowTextA.
You'll do that typing "bpx GetWindowTextA". Close the Sice, again "CTRL-D"
and press "Check" button.

When Sice break press "F11" once and "F12" also once.
You're now in the programs code, and you'll see this....

015F:004015AC  8D4DEC              LEA     ECX,[EBP-14]
015F:004015AF  8D45E8              LEA     EAX,[EBP-18] 
015F:004015B2  51                  PUSH    ECX
015F:004015B3  8D55E4              LEA     EDX,[EBP-1C]
015F:004015B6  50                  PUSH    EAX
015F:004015B7  52                  PUSH    EDX
015F:004015B8  E8FD020000          CALL    004018BA
015F:004015BD  C645FC05            MOV     BYTE PTR [EBP-04],05
015F:004015C1  8B00                MOV     EAX,[EAX] ;EAX = Correct Serial
                                                     ;Type "d eax" here and you'll see correct serial
015F:004015C3  8B0E                MOV     ECX,[ESI] ;ECX = Serial that you entered
                                                     ;Type "d ecx" here and you'll see 'fake' serial
015F:004015C5  50                  PUSH    EAX   ;Save location of correct serial
015F:004015C6  51                  PUSH    ECX   ;Save location of fake serial
015F:004015C7  FF15F8434000        CALL    [004043F8] ;Compare them
                                                      ;This comparation saves result into eax
                                                      ;if EAX == -1(FFFFFFFF) then Serial is BAD
                                                      ;if EAX == 0 then Serial is GOOD

015F:004015CD  C645FC04            MOV     BYTE PTR [EBP-04],04
015F:004015D1  83C408              ADD     ESP,08 
015F:004015D4  83F801              CMP     EAX,01   ;If the eax is -1 then C flag is unset
                                                    ;If the eax is 0 then C flag is set
015F:004015D7  1BC0                SBB     EAX,EAX  ;If C flag is set result will be FFFFFFFF
                                                    ;If C flag is unset result will be 0
015F:004015D9  40                  INC     EAX      ;EAX = EAX + 1
                                                    ;EAX = 1 for BAD serial
                                                    ;EAX = 0 for GOOD serial
015F:004015DA  8945D4              MOV     [EBP-2C],EAX ;Save EAX
015F:004015DD  E890000000          CALL    00401672
015F:004015E2  837DD400            CMP     DWORD PTR [EBP-2C],00 ;Check the result
015F:004015E6  7414                JZ      004015FC  ;If the result is 0 then jump to GOOD code

You can see that this crackme is pretty easy to crack!
Just type "d eax" at 4015C1 and you'll see correct serial in data window!
Maybe it will confuse you 'coz you'll see "Correct...Error" and you'll probably
think that the ends after "Correct", but when you look at the hex code of the serial
you'll see that "." is 2E not 00. So correct serial is "Correct...Error".
Hope this crackme is really easy to you....

If you still have some problems or questions you can mail us: ReFleXZ@fcmail.com

The Sandman for his great site(the best site for newbies) full of knowledge and for 
his cracking forum(also the best on the net)! 
Eternal Bliss, my GREAT 'virtual'  friend, for all what he done for me! 
MiZ, also the GREAT friend of mine. For all the time that I spent with you :) 
Iczelion, for his great Win32Asm tutorials, and all knowladge that he gave me!
DnNuke, for link of GREAT mp3 site that he gave me :))

Torn@do, Carpathia, Zobel, MisterE, VisionZ, Rhytm, noos, Ordoc...
...and all there at #cracking4newbies and #Win32Asm(and #ReFleXZ99 too :)

If I miss someone plz forgive me, and if you think that you must be on this list tell me!