CrackMe —— 022
160 CrackMe reverse is more suitable for novice learning to crack a collection of a total of 160 to be reverse to crack the program CrackMe
CrackMe: they are open to a number of others try to crack the small programs, people may be making crackme programmer, want to test their software protection technology, it could be a cracker, want to challenge the strength of other cracker to crack, but also It may be some people who are learning to crack, own small programs to their break.
Numbering | Author | Protection |
022 | carlitoz | Serial(VB5) |
tool
x32dbg
VB Decompiler Pro
Start cracking tour
ON.1
Blasting
The first to use x32dbg open 022 program, the search string
At this point we have seen more than one string, it contains the correct prompt string and a can of string " C: \\ Windows \\ MTR.dat " suspected to read the file Address
We enter the correct address at the prompt string 00402DF7 up view of a recent jump came at 00402DE9 at a breakpoint
00402DE3 | 8D55 84 | LEA EDX, DWORD PTR SS: [EBP-0x7C] | EDX: the EntryPoint 00402DE6 | 8D4D C4 | LEA ECX, DWORD PTR SS: [EBP-0x3C] | 00402DE9 | 0F84 5A010000 | JE carlitoz. . 1 .4 02F49 | judgment jump at 00402DEF | FFD7 | Call EDI | 00402DF1 | 8D5594 | lea edx,dword ptr ss:[ebp-0x6C] | edx:EntryPoint 00402DF4 | 8D4D D4 | lea ecx,dword ptr ss:[ebp-0x2C] | 00402DF7 | C745 9C D4224000 | mov dword ptr ss:[ebp-0x64],carlitoz.1.4022D4 | 4022D4:L"Registration Successful" 00402DFE | C745 94 08000000 | mov dword ptr ss:[ebp-0x6C],0x8 | 00402E05 | FFD7 | call edi |
F9 Run, enter any data in the input box, click on the REGISTER button
At this point we stopped at the breakpoint
We will 00402DE9 at JE amended as NOP
bingo ~ successful break
ON.2
Chase mode code
We use VB Decompiler Pro Open 022 program
In the following figure we see the registration code GENERATION
Now we want to know is what abt.Lable1.Caption
We opened Project-> Forms-> abt see our form Caption to "About"
About us Click program
We see our message, but this time to see all the characters in more than 90 only, it would be no more than a hundred
We find the message in at VB Decompiler Pro
Saw a lot of middle separated by a space, a total of 123 spaces
register = "bPe CrackMe v1.0" + " " * 123 + "This CrackMe it`s to trainer your VB cracking ability" + " " * 123 + "Developed by CarLitoZ" print(register[5:6] + register[8:9] + register[142:143] + register[15:16] + register[160:161] + register[170:171] + register[165:166] + register[167:168])
求出结果为“rkh1oyie”
输入到文本框内,点击REGISTER按钮
bingo ~ 破解成功