//Distributer:
http://cod3r.cjb.net
//Program Name: Crackme 2
//Programmer: n0p3x
//Date: 22nd April 1999
//Version: 1
//FOREWORD
Well, The second edition of the crackme has been released. In
this program you have two objectives. One is to remove the nag
screen at the start and the other is to successfully find a
working serial for your user name.
//TOOLS
Softice / WDASM
//SOLUTION - PART 1 (NAG)
1) Type 'BPX MESSAGEBOXA' in sice.
2) Run the program and when sice pops up press F12 until sice
exits and the messagebox is displayed. Click 'OK' on the message
box and you will return to sice.
3) Type 'BC *' in sice.
4) In sice double click on the previous line of code that says
'USER32!MESSAGEBOXA'.
5) Exit sice and then exit the crackme.
6) Now re-run the crackme and sice will pop up.
7) Change the value of EIP to point to the nextline of code after
the messagebox.
8) Change the register ESP from the value '67FDF0' to the value
'67FE00'
9) Exit sice and you shopuld notice that the nag isn't displayed
and that the program operates correctly.
10) Now we know what register value needs changing we need to
replace the line of code that displays the nag with a line of
code which will change the registers value. I chose 'ADD ESP, 10'
as this calculation will result in the correct value in the
register.
11) The opcode for that asm comand is '83C410'. The opcode for
the messagebox is 'E8DF030000'. We know that the new code must be
the same size as the old code so we fill in the remaining bytes
with nops. So the new command is '83C4109090'.
12) To make the changes permanent we need to open the program in
our hex editor and search for the origional commands opcode. We
then need to change this to our new altered opcode. Fortunately
for us their is only one occurance of the opcode. Once the
changes have been saved the nag will be successfuly removed.
//SOLUTION - PART 2 (SERIAL)
1) Run the program and enter your username and any serial.
2) Enter sice and type 'BPX HMEMCPY'.
3) Exit sice and click on the 'OK' button. Sice will pop up.
4) Once in sice type 'BC *'. Then press 'F12' until you are in
the crackmes code and have left all the windows functions.
5) Now in sice keep pressing 'F10' until you are on the first
call to a non-windows function. Press 'F8' to step into this
call.
6) Now keep pressing 'F10' until you see a test followed by a
conditional jump. Stop on either of these lines of code.
7) Now typing 'D EBP-0C' will give you the actual serial for your
username and typing 'D EBP+0C' will give you the serial you
entered.
8) Now all you need to do is use the real serial name with your
username and Bingo! (FrozenFL ;-)), youve successfully cracked
the program.
//PERSONAL GREETS
- Carolyn : For being great.
- Busby : For being a humourous idiot.
- Pri$m : For being a cool person and programmer.
- theForger : For a great tutorial.
- Lee The Tecnician : For returning the CD.
- __y : For being constantly moody.
- FrozenFL : For giving me the bingo gag.
//OTHER GREETS
#cracking4newbies on efnet : For being a cool place to learn.
Borland / Inprise : For giving me an alternative to Microsoft
//END BIT
Thanx for reading.
n0p3x
