home *** CD-ROM | disk | FTP | other *** search
Solution for Ubique.Daemon's "CrackMe01" written by KaMiKaZe [AmoK] Tool(s) used: W32 Dasm with VB Patch, HIEW Time needed: 2 minute(s) Ok, let's start! Run the Crackme and you see, that you just have to enter a Serial. Ok, enter something like "12345678" and press "Check the Serial". A No, that's not right." Messagebox appears ;) Let's patch the Crackme! Run W32 Dasm (with VB Patch!) and disassemble the "UB_CrackMe01.exe". Now click on the "Strn#Ref" Button and you see the this String Data Items: "123456789" ;try this *g* "Count" ;not important "enter your serial" ;we know this ;) "Hi there & welcome to my first " ;click on "Welcome" to see this message "No, that's not right." ;enter an incorrect serial to see this one *g* "Send your Serial, Keygens, Tutorial, " ;this message comes when you leave the crackme "So you have to enter something " ;this comes if you don't enter any serial "That's always my first one to " ;if you enter "123456789" as a serial, ;this message appears :) "Version 1.0. This one was coded " ;click on "About" to see this "Yeah, that's a right one !!!" ;this is what we want "Yes, do it" ;this comes, when you leave the "enter your serial" ;in the inputbox and press "Check the Serial" Ok, now doubleclick on "Yeah, that's a right one !!!" and W32 Dasm jumps to the location in the code, where this String is: * Reference To: MSVBVM60.__vbaBoolVarNull, Ord:0000h | :004044FA 8B355C104000 mov esi, dword ptr [0040105C] :00404500 8D4D8C lea ecx, dword ptr [ebp-74] :00404503 51 push ecx :00404504 FFD6 call esi :00404506 6685C0 test ax, ax :00404509 0F8498000000 je 004045A7 ;<= Bad jump :0040450F B90A000000 mov ecx, 0000000A :00404514 B804000280 mov eax, 80020004 :00404519 898D10FFFFFF mov dword ptr [ebp+FFFFFF10], ecx :0040451F 898D20FFFFFF mov dword ptr [ebp+FFFFFF20], ecx :00404525 898D30FFFFFF mov dword ptr [ebp+FFFFFF30], ecx :0040452B 8D95DCFDFFFF lea edx, dword ptr [ebp+FFFFFDDC] :00404531 8D8D40FFFFFF lea ecx, dword ptr [ebp+FFFFFF40] :00404537 898518FFFFFF mov dword ptr [ebp+FFFFFF18], eax :0040453D 898528FFFFFF mov dword ptr [ebp+FFFFFF28], eax :00404543 898538FFFFFF mov dword ptr [ebp+FFFFFF38], eax * Possible StringData Ref from Code Obj ->"Yeah, that's a right one !!!" | :00404549 C785E4FDFFFFB8204000 mov dword ptr [ebp+FFFFFDE4], 004020B8 :00404553 C785DCFDFFFF08000000 mov dword ptr [ebp+FFFFFDDC], 00000008 * Reference To: MSVBVM60.__vbaVarDup, Ord:0000h Do you know, what to do? Yes, we must kill the "Bad jump" ;) Run HIEW, press F5 and enter ".00404509". The "." is important. With it, you mustn't enter the Offset. Press Enter and HIEW jumps to the location of the "Bad jump". Then press F3 an change the 0F8498000000 je to 0F8598000000 jne Press F9 to save and F10 to quit HIEW. Then run the patched exe, enter any Serial (not "123456789" *g*) and press "Check the Serial". The "Yeah, that's a right one !!!" messagebox appears and you have cracked this Crackme! Any comments to kami-mail@firemail.de KaMiKaZe [AmoK] http://www.AmoK.am Greetz to: All memberz of AmoK, UAP, breal, morpheus and all who know me! 
