Target Phrozen Crew Crackme 3,missing key file

Well,this is a simple protection,you can watch that program with your
filemon,if you don't have it download it as soon as possible,and you will 
find some strange things,look at the notfound files,you can notice a
bookmark.htm,mmmmmm that's strange for missing key files,btw create it and put
some bytes in it,then set a bpx readfile and then press retest and softice
will pop up ok press 12 once or twice until you get in the crackme3 code
then after our call readfile you can notice another call,let's trace it!
I didn't ripped that code cause i didn't have time
btw you will find just inside the call just ater a call readfile
and then you will notice that in edi stays the text you put into
the bookmark.htm,mmmmmm here the program makes "is file right?".
So you can noticed a "repnz scasb" in this istruction it look for the
ascii hexedecimal value of 68 into the key file,if it doesn't find it
it reports "wrong file",so in order to not patch the crackme we can
write in our file in the first byte "h" that is the ascii hexedecimal value of 68
now reload the crackme and look at the code,after the "call readfile"
don't trace the call and press f12 you will find a cmp al,01 if you try
to change this in cmp al,00 the program will seem to be regged,but this 
will be a patch and WE DON'T WANT TO PATCH A CRACKME,but we know that in 
al must be 1 in order to be regged......
Retest the crackme and softice will pops up on our call readfile,still to
step don't trace any call,just step,you notice that before the ret
there's a 
mov al, [402022]
so we know that 1 must be in 402022,
retest and trace up our "is key right?" call
after the repnz scasb we notice that the program jmp to another istruction,
let's look here around for something that changes [402022]
we notice an 
inc byte ptr [40200]
GOOD!
but how we can get to that address.....mmmmm...there's a JMP,you see
a JZ at 401054,this jump is active when cx is equal to 0
let's see the code we are
start:
	loadsb				put the byte of esi into al
	mov ah,[edi]			put the byte of our code to ah
	cmp ah,al			are they the same
	jnz fakekey			no!!! then Jump
	some istructions not relevant	here it'll inc edi and esi
	dec cx				decrement cx
	jz goodboy			if cx=0 youare a good guy
	jmp to the start		repeat this routine

mmmmm,this compare the string you put,char by char,if all are right
then jump to good boy,so the string you need to put in the bookmark.htm
can be read in esi at the star of this routine
it is "ttp://phrozencrew.org"
so open the bookmark.htm and you add this string to our "h"
so the right key is
"http://phrozencrew.org"
this our missing key file protection reversed by me(SUBY)
Cya!
and Enjoy!



