Skip to content

crackme_nop – Full Solution by alex_ls

September 6, 2007

Been inactive for quite a while, real life stuff made my life real busy. Finally a little break to update this dying blog.

Few things to update. First, I decided to move to another file hosting as the old file hosting been down for a long time. (and their promise to move to new server results in lost of all my uploaded files. -_-“) Now all the uploaded files is located in Some files is lost, as I dont have a copy in my hard drive. If you are interested with that project, let me know. I might consider to recode the whole thing.

Okay back to the topic. Finally someone who is really good (or probably have to much time to kill, lol j/k) solved my first crackme.Here is a snip of his solution. (only the hash/algorithm part)


The generating key algorythm is very simple as it’s getting from the code above
Well, try it for example. Let’s our serial is 6 length “012345” (Numbers 0,1,2,3,4,5 – is variables just not the numbers) The last symbol in serial string is always 0Dh. Examine the last loop (i’ve took the DWORD’s in the reversing mode)


SERIAL: 0123450D0000000000000

Step 1
0123 XOR 0123 = 0000

Step 2
0000 XOR 1234 = 1234

Step 3
1234 XOR 2345 = 1^2 2^3 3^4 4^5

Step 4
1^2 2^3 3^4 4^5 XOR 345D =1^2^3 2^3^4 3^4^5 4^5^0Dh

Step 5
1^2^3 2^3^4 3^4^5 4^5^0Dh XOR 45D0 = 1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh

Step 6
1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh XOR 5D00 = 1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh

Step 7
1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh XOR D000= 1^2^3^4^5^D 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh

After the LOOP The last XOR must be 4d3e5732h
Well, take out some conclusions:

2^3^4^5^D= 57h
3^4^5^0Dh= 3Eh
4^5^0Dh= 4Dh

The variable 0 may be any char, because it’s not used in the loop, in my key generator it’s equal ‘a’!
The variable 1 =57 XOR 32h = 65h ‘e’
The variable 2 =57 XOR 3Eh = 69h ‘i’
The variable 3 =4D XOR 3Eh = 73h ‘s’
The last variables 4 and 5 may be compute randomly and correspond the condition 4 XOR 5 XOR Dh = 4Dh
That’s all! Detailed algo you can find in my key generator sources code.

See the zip file for full solution. (ignore false alarm by AV, if any)Greets, opcode0x90.




Solution by alex_ls

  1. King Kj52 permalink

    Kool.I Expect good things to come from u.Now,i no hakr but would lik 2 learn how…anyways,good job.Hope this nvr dies out…(or u). Anyways,good job.Keep it up!!!:)

  2. Nerssus permalink

    i cant find the crackme file could you send it to me, i already have it but i think its correpted coze i cant open it in Ollydbg

  3. Thats the anti-debug trick 🙂

  4. Hi Dear
    May You Share Your Source Of VM Crackme ?
    Thanks Dear

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: