CiN1 Team - Cracking Is Number 1  

Cracking Is Number 1

Go Back   CiN1 Team - Cracking Is Number 1 >
~~ Learning Cracking ~~
> Free Talk About Cracking > CrackMe's

Nội qui diễn đn - Forum Rules Must Read

Search kỹ trước khi post bi


Reply
 
Thread Tools Display Modes
Old 13-05-2011, 02:51 PM   #1
User Profile
khonel_00

 
khonel_00's Avatar
 
Join Date: Sun Oct 2010
Location: http://127.0.0.1
Posts: 277

Cấp bậc: 15 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 364
Hoạt động: 92 / 8041
Kinh nghiệm: 57%

Tiểu sử: my is newbie and wish study cracking :D
Địa chỉ: http://127.0.0.1
Sở thch: play video game, try making something program and study all about computer
Nghề nghiệp: university student

Thanks: 1,165
Thanked 1,576 Times in 214 Posts
Icon14 need help dencrypt hash...

HTML Code:
http://www.ziddu.com/download/14948850/antidebug2.exe.html
RULE : No patching, just find real word in textbox

I need help brother...
how to find real word in textbox

Code:
00402AE1  /> \8B16          MOV EDX,DWORD PTR DS:[ESI]
00402AE3  |.  56            PUSH ESI                                 ;  MSVBVM60.__vbaVarDup
00402AE4  |.  FF92 FC020000 CALL DWORD PTR DS:[EDX+2FC]
00402AEA  |.  50            PUSH EAX
00402AEB  |.  8D45 CC       LEA EAX,[LOCAL.13]
00402AEE  |.  50            PUSH EAX
00402AEF  |.  FF15 58104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>;  MSVBVM60.__vbaObjSet
00402AF5  |.  8B08          MOV ECX,DWORD PTR DS:[EAX]
00402AF7  |.  8D55 E0       LEA EDX,[LOCAL.8]
00402AFA  |.  52            PUSH EDX
00402AFB  |.  50            PUSH EAX
00402AFC  |.  8985 48FFFFFF MOV [LOCAL.46],EAX
00402B02  |.  FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
00402B08  |.  3BC7          CMP EAX,EDI
00402B0A  |.  DBE2          FCLEX
00402B0C  |.  7D 18         JGE SHORT 00402B26
00402B0E  |.  8B8D 48FFFFFF MOV ECX,[LOCAL.46]
00402B14  |.  68 A0000000   PUSH 0A0
00402B19  |.  68 D8234000   PUSH 004023D8
00402B1E  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402B1F  |.  50            PUSH EAX
00402B20  |.  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
00402B26  |>  8B55 E0       MOV EDX,[LOCAL.8]
00402B29  |.  8D4D DC       LEA ECX,[LOCAL.9]
00402B2C  |.  897D E0       MOV [LOCAL.8],EDI
00402B2F  |.  FFD3          CALL EBX
00402B31  |.  8B16          MOV EDX,DWORD PTR DS:[ESI]
00402B33  |.  8D45 D8       LEA EAX,[LOCAL.10]
00402B36  |.  8D4D DC       LEA ECX,[LOCAL.9]
00402B39  |.  50            PUSH EAX
00402B3A  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402B3B  |.  56            PUSH ESI                                 ;  MSVBVM60.__vbaVarDup
00402B3C  |.  FF92 FC060000 CALL DWORD PTR DS:[EDX+6FC]
00402B42  |.  3BC7          CMP EAX,EDI
00402B44  |.  7D 12         JGE SHORT 00402B58
00402B46  |.  68 FC060000   PUSH 6FC
00402B4B  |.  68 881E4000   PUSH 00401E88
00402B50  |.  56            PUSH ESI                                 ;  MSVBVM60.__vbaVarDup
00402B51  |.  50            PUSH EAX
00402B52  |.  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
00402B58  |>  8B55 D8       MOV EDX,[LOCAL.10]
00402B5B  |.  8D4D D4       LEA ECX,[LOCAL.11]
00402B5E  |.  897D D8       MOV [LOCAL.10],EDI
00402B61  |.  FFD3          CALL EBX
00402B63  |.  8B16          MOV EDX,DWORD PTR DS:[ESI]
00402B65  |.  8D45 D0       LEA EAX,[LOCAL.12]
00402B68  |.  8D4D D4       LEA ECX,[LOCAL.11]
00402B6B  |.  50            PUSH EAX
00402B6C  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402B6D  |.  56            PUSH ESI                                 ;  MSVBVM60.__vbaVarDup
00402B6E  |.  FF92 F8060000 CALL DWORD PTR DS:[EDX+6F8]
00402B74  |.  3BC7          CMP EAX,EDI
00402B76  |.  7D 12         JGE SHORT 00402B8A
00402B78  |.  68 F8060000   PUSH 6F8
00402B7D  |.  68 881E4000   PUSH 00401E88
00402B82  |.  56            PUSH ESI                                 ;  MSVBVM60.__vbaVarDup
00402B83  |.  50            PUSH EAX
00402B84  |.  FF15 44104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>;  MSVBVM60.__vbaHresultCheckObj
00402B8A  |>  8B55 D0       MOV EDX,[LOCAL.12]
00402B8D  |.  52            PUSH EDX
00402B8E  |.  68 EC234000   PUSH 004023EC                            ;  UNICODE "lrj|miui`zfxdrg,.\" =====>>> what it's ???
00402B93  |.  FF15 7C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>;  MSVBVM60.__vbaStrCmp
00402B99  |.  8BF0          MOV ESI,EAX
00402B9B  |.  8D45 D0       LEA EAX,[LOCAL.12]
00402B9E  |.  F7DE          NEG ESI                                  ;  MSVBVM60.__vbaVarDup
00402BA0  |.  8D4D D4       LEA ECX,[LOCAL.11]
00402BA3  |.  50            PUSH EAX
00402BA4  |.  1BF6          SBB ESI,ESI                              ;  MSVBVM60.__vbaVarDup
00402BA6  |.  8D55 DC       LEA EDX,[LOCAL.9]
00402BA9  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402BAA  |.  52            PUSH EDX
00402BAB  |.  F7DE          NEG ESI                                  ;  MSVBVM60.__vbaVarDup
00402BAD  |.  6A 03         PUSH 3
00402BAF  |.  F7DE          NEG ESI                                  ;  MSVBVM60.__vbaVarDup
00402BB1  |.  FF15 E4104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>;  MSVBVM60.__vbaFreeStrList
00402BB7  |.  83C4 10       ADD ESP,10
00402BBA  |.  8D4D CC       LEA ECX,[LOCAL.13]
00402BBD  |.  FF15 24114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;  MSVBVM60.__vbaFreeObj
00402BC3  |.  B8 04000280   MOV EAX,80020004
00402BC8  |.  BB 0A000000   MOV EBX,0A
00402BCD  |.  66:3BF7       CMP SI,DI
00402BD0  |.  8945 94       MOV [LOCAL.27],EAX
00402BD3  |.  895D 8C       MOV [LOCAL.29],EBX
00402BD6  |.  8945 A4       MOV [LOCAL.23],EAX
00402BD9  |.  895D 9C       MOV [LOCAL.25],EBX
00402BDC  |.  74 68         JE SHORT 00402C46
00402BDE  |.  8B35 FC104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;  MSVBVM60.__vbaVarDup
00402BE4  |.  BB 08000000   MOV EBX,8
00402BE9  |.  8D95 6CFFFFFF LEA EDX,[LOCAL.37]
00402BEF  |.  8D4D AC       LEA ECX,[LOCAL.21]
00402BF2  |.  C785 74FFFFFF>MOV [LOCAL.35],00402444                  ;  UNICODE "error kang!"
00402BFC  |.  899D 6CFFFFFF MOV [LOCAL.37],EBX
00402C02  |.  FFD6          CALL ESI                                 ;  MSVBVM60.__vbaVarDup; <&MSVBVM60.__vbaVarDup>
00402C04  |.  8D95 7CFFFFFF LEA EDX,[LOCAL.33]
00402C0A  |.  8D4D BC       LEA ECX,[LOCAL.17]
00402C0D  |.  C745 84 18244>MOV [LOCAL.31],00402418                  ;  UNICODE "Olala, masih salah"
00402C14  |.  899D 7CFFFFFF MOV [LOCAL.33],EBX
00402C1A  |.  FFD6          CALL ESI                                 ;  MSVBVM60.__vbaVarDup
00402C1C  |.  8D45 8C       LEA EAX,[LOCAL.29]
00402C1F  |.  8D4D 9C       LEA ECX,[LOCAL.25]
00402C22  |.  50            PUSH EAX
00402C23  |.  8D55 AC       LEA EDX,[LOCAL.21]
00402C26  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402C27  |.  52            PUSH EDX
00402C28  |.  8D45 BC       LEA EAX,[LOCAL.17]
00402C2B  |.  6A 10         PUSH 10
00402C2D  |.  50            PUSH EAX
00402C2E  |.  FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]     ;  MSVBVM60.rtcMsgBox
00402C34  |.  8D4D 8C       LEA ECX,[LOCAL.29]
00402C37  |.  8D55 9C       LEA EDX,[LOCAL.25]
00402C3A  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402C3B  |.  8D45 AC       LEA EAX,[LOCAL.21]
00402C3E  |.  52            PUSH EDX
00402C3F  |.  8D4D BC       LEA ECX,[LOCAL.17]
00402C42  |.  50            PUSH EAX
00402C43  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402C44  |.  EB 66         JMP SHORT 00402CAC
00402C46  |>  8B35 FC104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVa>;  MSVBVM60.__vbaVarDup
00402C4C  |.  BB 08000000   MOV EBX,8
00402C51  |.  8D95 6CFFFFFF LEA EDX,[LOCAL.37]
00402C57  |.  8D4D AC       LEA ECX,[LOCAL.21]
00402C5A  |.  C785 74FFFFFF>MOV [LOCAL.35],004024A0                  ;  UNICODE "congrats"
00402C64  |.  899D 6CFFFFFF MOV [LOCAL.37],EBX
00402C6A  |.  FFD6          CALL ESI                                 ;  MSVBVM60.__vbaVarDup; <&MSVBVM60.__vbaVarDup>
00402C6C  |.  8D95 7CFFFFFF LEA EDX,[LOCAL.33]
00402C72  |.  8D4D BC       LEA ECX,[LOCAL.17]
00402C75  |.  C745 84 60244>MOV [LOCAL.31],00402460                  ;  UNICODE "i want to know how u do that!"
00402C7C  |.  899D 7CFFFFFF MOV [LOCAL.33],EBX
00402C82  |.  FFD6          CALL ESI                                 ;  MSVBVM60.__vbaVarDup
00402C84  |.  8D55 8C       LEA EDX,[LOCAL.29]
00402C87  |.  8D45 9C       LEA EAX,[LOCAL.25]
00402C8A  |.  52            PUSH EDX
00402C8B  |.  8D4D AC       LEA ECX,[LOCAL.21]
00402C8E  |.  50            PUSH EAX
00402C8F  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402C90  |.  8D55 BC       LEA EDX,[LOCAL.17]
00402C93  |.  6A 40         PUSH 40
00402C95  |.  52            PUSH EDX
00402C96  |.  FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>]     ;  MSVBVM60.rtcMsgBox
00402C9C  |.  8D45 8C       LEA EAX,[LOCAL.29]
00402C9F  |.  8D4D 9C       LEA ECX,[LOCAL.25]
00402CA2  |.  50            PUSH EAX
00402CA3  |.  8D55 AC       LEA EDX,[LOCAL.21]
00402CA6  |.  51            PUSH ECX                                 ;  ntdll.7C91005D
00402CA7  |.  8D45 BC       LEA EAX,[LOCAL.17]
00402CAA  |.  52            PUSH EDX
00402CAB  |.  50            PUSH EAX
00402CAC  |>  6A 04         PUSH 4
00402CAE  |.  FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>;  MSVBVM60.__vbaFreeVarList
00402CB4  |.  83C4 14       ADD ESP,14
00402CB7  |>  897D FC       MOV [LOCAL.1],EDI
00402CBA  |.  68 162D4000   PUSH 00402D16
00402CBF  \.  EB 44         JMP SHORT 00402D05



[/CODE]













Chữ k c nhn của khonel_00 myblog : belajar-cracking.blogspot.com

  Reply With Quote
Old 13-05-2011, 10:57 PM   #2
User Profile
idid231

 
idid231's Avatar
 
Join Date: Mon Aug 2010
Location: Hà Ḷi
Posts: 291

Cấp bậc: 15 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 373
Hoạt động: 97 / 8377
Kinh nghiệm: 95%

Tiểu sử: depend on you :)
Địa chỉ: Hà Ḷi
Sở thch: Fishing YOU ;))
Nghề nghiệp: Learn :)

Thanks: 788
Thanked 642 Times in 277 Posts
Default

This crackme will be solved by Brute method
Let's trace into here
00402B3C |. FF92 FC060000 CALL [EDX+6FC]
This function will encrypt part1.
and here is part2
00402B6E |. FF92 F8060000 CALL [EDX+6F8]

i don't know about Brute method so i will show you where is "important address" to understand what coder did

- Encrypt1
AX is pointer of Input serial, ESI will be increased by 1 (ESI = ESI + 1)

Quote:
+ 00402FF0 . 66:8BF8 MOV DI,AX
+ 00402FF3 . 33FE XOR EDI,ESI
Take length of Input serial, added by ECX, ECX will be increased by 1 (ECX = ECX + 1)

Quote:
+ 00402FF8 . FF15 14104000 CALL [<&MSVBVM60.__vbaLenBstr>] ;
00402FFE . 8BC8 MOV ECX,EAX
00403000 . 03CB ADD ECX,EBX
+ 0040300B . 33C8 XOR ECX,EAX

- Encrypt2
AX is pointer of Encrypt1, ESI will be increased by 1

Quote:
00402E24 |. 0FBFC0 |MOVSX EAX,AX
00402E27 |. 33C6 |XOR EAX,ESI
00402E2C |. 83F0 0A |XOR EAX,0A
Quote:
"Code demo"
- Take length of Input Serial _ I call it's "len"
//Create Encrypt1
- x = y = 1
for i=1 to len do
b = y + len
Temp1 = Ascii(Input serial) xor x
Temp1 = Temp1 xor b
x = x + 1
y = y + 1
=> Encrypt1 = Temp1 + Sum(Temp1)
// Create Encrypt2
x = 1
for i=1 to length(Temp1) do
Temp2 = ascii(Temp1[i]) xor x
Temp2 = Temp2 xor 10
x = x + 1
=> Temp2 = Encrypt2. Compare with "lrj|miui`zfxdrg,.\"
I hope you understand all my explained













Chữ k c nhn của idid231

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


Improve my vocabularay
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

  Reply With Quote
The Following 2 Users Say Thank You to idid231 For This Useful Post:
Old 14-05-2011, 01:51 AM   #3
User Profile
vic4key
>>> CiN1-TeAm <<<

 
vic4key's Avatar
 
Join Date: Wed Nov 2009
Location: /dev/null
Posts: 723

Cấp bậc: 24 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 584
Hoạt động: 241 / 14390
Kinh nghiệm: 37%

Tiểu sử: NOTHING
Địa chỉ: /dev/null
Sở thch: Reversing, Programming, ...
Nghề nghiệp: IT-er

Thanks: 3,043
Thanked 2,638 Times in 824 Posts
Default

idid231 ln level đág k̉ \m/ Phát huy nha kưg.













Chữ k c nhn của vic4key
NOTHING

  Reply With Quote
The Following User Says Thank You to vic4key For This Useful Post:
Old 14-05-2011, 02:09 PM   #4
User Profile
idid231

 
idid231's Avatar
 
Join Date: Mon Aug 2010
Location: Hà Ḷi
Posts: 291

Cấp bậc: 15 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 373
Hoạt động: 97 / 8377
Kinh nghiệm: 95%

Tiểu sử: depend on you :)
Địa chỉ: Hà Ḷi
Sở thch: Fishing YOU ;))
Nghề nghiệp: Learn :)

Thanks: 788
Thanked 642 Times in 277 Posts
Default

Quote:
Originally Posted by vic4key View Post
idid231 ln level đág k̉ \m/ Phát huy nha kưg.
Ln đu a, Level ṽn ở below zer0 thi, bùn 2'













Chữ k c nhn của idid231

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


Improve my vocabularay
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

  Reply With Quote
Old 14-05-2011, 02:11 PM   #5
User Profile
khonel_00

 
khonel_00's Avatar
 
Join Date: Sun Oct 2010
Location: http://127.0.0.1
Posts: 277

Cấp bậc: 15 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 364
Hoạt động: 92 / 8041
Kinh nghiệm: 57%

Tiểu sử: my is newbie and wish study cracking :D
Địa chỉ: http://127.0.0.1
Sở thch: play video game, try making something program and study all about computer
Nghề nghiệp: university student

Thanks: 1,165
Thanked 1,576 Times in 214 Posts
Default

thank's brother....
i try your solution... :D :D













Chữ k c nhn của khonel_00 myblog : belajar-cracking.blogspot.com

  Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +8. The time now is 09:12 PM.


Powered by vBulletin® Version 3.xx
Copyright ©2000 2018, Jelsoft Enterprises Ltd. Help
Licensed to: cin1team.biz