Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Sunday, March 29 2020 @ 07:43 PM CEST

Tutorial for 'A crackme for Newbies'

   

TutorialsLevel : beginner

Serial Fishing Visual Basic P-Code


To reverse this crackme we need some special tools. It was compiled with P-Code. :)

Find the crackme here: A crackme for Newbies

"P-code works by compiling an application into an intermediate code format that is much more compact than 80x86 machine code. At link time, a small engine is built into your application that processes the p-code into native machine code during run time. Although there is an associated reduction in performance due to the extra step of interpretation, some simple techniques can minimize this effect." - msdn

The best tool for this is: WKTVBDebugger @ http://vbdebug.cjb.net

First, what we need to do is open Crackme in the debugger and hit run (under actions).

Now the debugger is running, the application should be running in the background as well. Enter whatever fake password you want and the debugger will break.

You should be here now:


00401BF0: 04 FLdRfVar 0012F470h
00401BF3: 21 FLdPrThis 0014C308h
00401BF4: 0F VCallAd Form1.Text1
00401BF7: 19 FStAdFunc
00401BFA: 08 FLdPr
00401BFD: 0D VCallHresult get__ipropTEXTEDIT  ; Get EditBox Text
00401C02: 6C ILdRf 00000000h
00401C05: 1B LitStr: 'c'  
00401C08: 1B LitStr: 'o'
00401C0B: 2A ConcatStr            ; add 'o' onto 'c'
00401C0C: 23 FStStrNoPop
00401C0F: 1B LitStr: 'o'             
00401C12: 2A ConcatStr            ;add 'o' onto 'co'
00401C13: 23 FStStrNoPop
00401C16: 1B LitStr: 'L'            
00401C19: 2A ConcatStr        ;add 'L' onto 'coo'
00401C1A: 23 FStStrNoPop
00401C1D: 30 EqStr                  ; compare our serial with 'cooL'
00401C1F: 32 FFreeStr
00401C2A: 1A FFree1Ad
00401C2D: 1C BranchF 00401C59 (Jump )          ; Badguy jump
00401C30: 27 LitVar_Missing 0012F3E4h
00401C33: 27 LitVar_Missing 0012F404h
00401C36: 27 LitVar_Missing 0012F424h
00401C39: F5 LitI4: -> 0h 0
00401C3E: 3A LitVarStr 'Great Work Cracker :) '    ; GoodGuy Message
00401C43: 4E FStVarCopyObj 0012F444h
00401C46: 04 FLdRfVar 0012F444h
00401C49: 0A ImpAdCallFPR4 rtcMsgBox on address 660DC5F3h
00401C4E: 36 FFreeVar -> 4


So our password is 'cooL'

Thanks for the Crackme Kino!
-DaXXoR




What's Related

Story Options

Tutorial for 'A crackme for Newbies' | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.77 seconds