Reverse break the 160 CrackMe - 022

CrackMe —— 022

160 CrackMe reverse is more suitable for novice learning to crack a collection of a total of 160 to be reverse to crack the program CrackMe

CrackMe: they are open to a number of others try to crack the small programs, people may be making crackme programmer, want to test their software protection technology, it could be a cracker, want to challenge the strength of other cracker to crack, but also It may be some people who are learning to crack, own small programs to their break.

CrackMe referred to as CM.

Program Download: Click me

Source  <- Click to view

Numbering	Author	Protection
022	carlitoz	Serial(VB5)

 

 

 

tool 

x32dbg

VB Decompiler Pro

Start cracking tour

ON.1

Blasting

The first to use x32dbg open 022 program, the search string

 

At this point we have seen more than one string, it contains the correct prompt string and a can of string " C: \\ Windows \\ MTR.dat " suspected to read the file Address

We enter the correct address at the prompt string 00402DF7 up view of a recent jump came at 00402DE9 at a breakpoint

00402DE3 | 8D55 84                   | LEA EDX, DWORD PTR SS: [EBP-0x7C] | EDX: the EntryPoint
 00402DE6 | 8D4D C4 | LEA ECX, DWORD PTR SS: [EBP-0x3C] |
 00402DE9 | 0F84 5A010000 | JE carlitoz. . 1 .4 02F49                                     | judgment jump at
 00402DEF | FFD7 | Call EDI |
 00402DF1 | 8D5594                  | lea edx,dword ptr ss:[ebp-0x6C]                         | edx:EntryPoint
00402DF4 | 8D4D D4                  | lea ecx,dword ptr ss:[ebp-0x2C]                         |
00402DF7 | C745 9C D4224000         | mov dword ptr ss:[ebp-0x64],carlitoz.1.4022D4           | 4022D4:L"Registration Successful"
00402DFE | C745 94 08000000         | mov dword ptr ss:[ebp-0x6C],0x8                         |
00402E05 | FFD7                     | call edi                                                |

F9 Run, enter any data in the input box, click on the REGISTER button

At this point we stopped at the breakpoint

We will 00402DE9 at JE amended as NOP

bingo ~ successful break

ON.2

Chase mode code

We use VB Decompiler Pro Open 022 program

In the following figure we see the registration code GENERATION

Now we want to know is what abt.Lable1.Caption

We opened Project-> Forms-> abt see our form Caption to "About"

About us Click program

We see our message, but this time to see all the characters in more than 90 only, it would be no more than a hundred

We find the message in at VB Decompiler Pro

Saw a lot of middle separated by a space, a total of 123 spaces

register = "bPe CrackMe   v1.0" + " " * 123 + "This CrackMe it`s to trainer your VB cracking ability" + " " * 123 + "Developed by CarLitoZ"
print(register[5:6] + register[8:9] + register[142:143] + register[15:16] + register[160:161] + register[170:171] + register[165:166] + register[167:168])

求出结果为“rkh1oyie”

输入到文本框内，点击REGISTER按钮

bingo ~ 破解成功