			-="Runnin' Butt-On"=-
		            [lite version]
		-------------------------------------
		(c) The AntiXryst & tC... (June 1999)
		 Tutorial by Lucifer48, 24 june 1999
		-------------------------------------


===============
1. INTRODUCTION
===============

We cannot press the register button :(, so after each key pressed, the crackme checks if the
serial is valid. I enter my name, my dummy serial. Put a bpx hmemcpy and add a letter to the
dummy serial in order to enter into the code. I am now into soft-ice:

XXXX:0045640A  CALL 00423854        ;we exit from here
XXXX:0045640F  MOV  EAX,[EBP-18]    ;my name
XXXX:00456412  CALL 00403AD0        ;gives the length of the name
XXXX:00456417  ADD  EAX,11          ;+17
XXXX:0045641A  CMP  EAX,14          ;the name must be greater than 2 chars
XXXX:0045641D  JL   0045640C
...
delphi reads the serial, checks if the size is null.
then reads again the name and checks again the size.
The length of the name is saved in [EBP-14], it will be the count of the loop.

===========
2. THE LOOP
===========

go see the code, there are few additions.
...
XXXX:00456A1  INC  DWORD PTR [EBP-0C]
XXXX:00456A4  DEC  DWORD PTR [EBP-14]
XXXX:00456A7  JNZ  00456465           ;end of the loop (at the end of this loop, there are 4 ..
XXXX:00456A9  MOV  EAX,[EBP-04]       ;.. important values: EBX, ESI, [EBP-04] and [EBP-08])
XXXX:00456AC  IMUL DWORD PTR [EBP-08] ;result in eax
XXXX:00456AF  ADD  ESI,EAX
XXXX:00456B1  XOR  ESI,EBX
XXXX:00456B3  AND  ESI,7FFFFFFF       ;we want positive numbers

At this time ESI contains the final 'checksum' of our name, it will be compared after, with
the serial.

XXXX:004564D8  LEA EAX,[EAX+EBX]      ;EAX= serial converted in hxa
XXXX:004564DB  XOR EAX,EBX            ;ebx has the same value than at the end of the loop
XXXX:004564DD  AND EAX,7FFFFFFF       ;we want positive numbers
XXXX:004564E2  CMP ESI,EAX            ;check (pretty common)
XXXX:004564E4  JNZ 0045640C           ;(jump) = bad cracker

If the right serial is entered, it is possible to press the register button. ;)
You can see your gift :)

Name/ Lucifer48
Serial/ 1738114503

==============
3. FINAL WORDS
==============

cm_lite.c is the c++ keygen (done under linux), and another one, written in Delphi (3.0).
This crackme is not very difficult. I will try the [advanced-version].

Greetings: ID group, Eternal Bliss (wonderfull site), tC... (for his *big* crackme in delphi ),
           ACiD BuRN, and others i forgot.

Lucifer48
