Return
to CrackMe'sPaRKeR's CrackMe v1.0 - CrackMe Archive (180k).
Its not often I actually bother doing CrackMe's let alone recommend them, aside from the +Cruehead series most authors of these programs just use long, tedious maths operations or impossible encryption algorithms like RSA (pretty pointless in my mind), the real purpose of a CrackMe is to challenge a particular audience of cracker. PaRKeR's CrackMe is one I would recommend for new reversers looking to do some fairly relaxing code tracing.
The first challenge is the elementary nag box at the start, I think the French translates to something like "this program must be executed in the C++ Builder environment", bpx on MessageBoxA and note the address (00425EF6), tracing up the tree you'll need to actually search for a CALL to address 00425E9C. The relevant code is as follows.
:00425F41 CALL 00431538 <-- KERNEL32.GetLastError.
:00425F46 CMP EAX,B7 <-- Compare.
:00425F4B JZ 00425F58 <-- Good_jump.
:00425F4E CALL 004314B4 <-- KERNEL32.CloseHandle.
:00425F53 CALL 00425E9C <-- Bad_function_call.
Fixing this shouldn't present you with any problems, reverse the jump, patch the compare or simply NOP the entire bad call, all will work. Now its time to attack the CrackMe. Use a bpx on Hmemcpy and a fake name of at least 6 letters, then press F12 to reach parker1.exe. I'll leave the rest of the tracing for your own probes but here is how the maths of the scheme works with my name as well as an ASM key generator I quickly coded.
EAX initialised to CACA00h (13289984 dec) then IDIV by the 1st letters ASCII value (43h=C), the result stored in EAX 306D5h (198357 dec), then saved away to [EBP-54].
2nd letter r SHL,CX (starts at 1) = E4h (228 dec). 3rd letter a SHL,CX (incremented to 2) = 184h (388 dec). 4rth letter c SHL,CX (incremented to 3) = 318h (792 dec). 5th letter k SHL,CX (now back to 0) = 6B (107 dec), finally last letter Z SHL,CX (CX=1) = B4h (180 dec). All these results are added to [EBP-54] which loops the entire name.
CrackZ/200052.
Send e-mail regarding this CrackMe to parker__@caramail.com.
Return
to CrackMe's