Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Sunday, March 29 2020 @ 07:51 PM CEST

Tackling CeyCey's crackme

   

TutorialsLevel : newbie

In this tutorial we take a look at CeyCey's crackme. This tut is for absolute beginners only, as the crackme is very easy to crack. This tut will show you some of the basic techniques used in cracking.

Hi everyone!

Today we'll try to crack the crackme from ceycey.
It is a very easy crackme. I rate it newbie...

Download the crackme here: http://www.reversing.be/binaries/articles/20050310095911964.rar

I assume you are a newbie, so I'll try to explain it as thoroughly as possible. I also assume you have Soft Ice installed. Of course you can use Olly as well. It isn't easy to remember the things I struggled with in the past so...if there are things you don't understand you can mail me
miele@reversing.be

So...let's hit the road:)

We start by opening the program (yes, double-click the icon ;)
What do we see here...we have to enter a password.

Just enter something, like for example: 'hello'
Now press Ctrl-D, and put a breakpoint on hmemcpy (bpx hmemcpy).
Now press Ctrl-D again, en press the 'Check'-button of the crackme.

YEP! Soft Ice breaks...
Now press F12 a few times (7x) until you are in the program (ceycey!)

Now trace trough the code (with F10) until you reach this part of the code...

:00457620 mov eax, [EBP-04] ->OUR password is now in eax
:00457628 mov edx, 0045766C ->ULTRADMA...............(followed by 60 dots) is now in edx. Hmm...what's that doing here?? Trace on...

:00457628 CALL 00403CBC ->enter this call(F8)

:00403C8C push ebx ->pushes ebx on the stack
:00403C8D push esi ->pushes esi on the stack
:00403C8E push edi ->yes, indeed...:)
:00403C8F mov esi, eax ->move eax to esi (ie: esi=password)
:00403C91 mov edi, edx ->move edi to edx (ie: edi=ULTRADMA........)
:00403C93 cmp eax, edx ->compare our password (hello) to ULTRADMA..............
:00403C95 jz 403D2A ->jump to 403D2A if eax=edx

Now, there is still some code behind this...but we don't have to trace on...
We can see clearly in the code that eax(where OUR (wrong) password is stored) is compared with edx(where ULTRADMA....... is stored)
After that we see a 'jump if zero' (jz). This means that, if the 2 registers are the same, we jump to the good-guy code!!
So, if our (wrong) password is compared with 'ULTRADMA......', it means that 'ULTRADMA.......' is the correct password.

So try it!! Enter ULTRADMA..........(type exactly 60 dots behind ULTRADMA, or it won't work!!)

If you don't feel like typing all those dots, you can copy/paste this:
ULTRADMA............................................................


Well, I hope this tutorial is clear. If there are things you don't understand, feel free to mail me.
If you think I made a mistake somewhere: Mail me!

That's it for now!

Miele...signing off...




What's Related

Story Options

Tackling CeyCey's crackme | 1 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Tackling CeyCey's crackme
Authored by: crackee on Tuesday, February 14 2006 @ 01:33 AM CET
How do you tackle it using OllyDbg? I'm interested to learn. Thx.
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.81 seconds