Skip to content
Tags

crackme_nop – Full Solution by alex_ls

September 6, 2007

Been inactive for quite a while, real life stuff made my life real busy. Finally a little break to update this dying blog.

Few things to update. First, I decided to move to another file hosting as the old file hosting been down for a long time. (and their promise to move to new server results in lost of all my uploaded files. -_-“) Now all the uploaded files is located in easy-share.com. Some files is lost, as I dont have a copy in my hard drive. If you are interested with that project, let me know. I might consider to recode the whole thing.


Okay back to the topic. Finally someone who is really good (or probably have to much time to kill, lol j/k) solved my first crackme.Here is a snip of his solution. (only the hash/algorithm part)

 


The generating key algorythm is very simple as it’s getting from the code above
Well, try it for example. Let’s our serial is 6 length “012345” (Numbers 0,1,2,3,4,5 – is variables just not the numbers) The last symbol in serial string is always 0Dh. Examine the last loop (i’ve took the DWORD’s in the reversing mode)

 

SERIAL: 0123450D0000000000000

Step 1
0123 XOR 0123 = 0000

Step 2
0000 XOR 1234 = 1234

Step 3
1234 XOR 2345 = 1^2 2^3 3^4 4^5

Step 4
1^2 2^3 3^4 4^5 XOR 345D =1^2^3 2^3^4 3^4^5 4^5^0Dh

Step 5
1^2^3 2^3^4 3^4^5 4^5^0Dh XOR 45D0 = 1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh

Step 6
1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh XOR 5D00 = 1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh

Step 7
1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh XOR D000= 1^2^3^4^5^D 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh

After the LOOP The last XOR must be 4d3e5732h
Well, take out some conclusions:

1^2^3^4^5^D=32h
2^3^4^5^D= 57h
3^4^5^0Dh= 3Eh
4^5^0Dh= 4Dh

The variable 0 may be any char, because it’s not used in the loop, in my key generator it’s equal ‘a’!
The variable 1 =57 XOR 32h = 65h ‘e’
The variable 2 =57 XOR 3Eh = 69h ‘i’
The variable 3 =4D XOR 3Eh = 73h ‘s’
The last variables 4 and 5 may be compute randomly and correspond the condition 4 XOR 5 XOR Dh = 4Dh
That’s all! Detailed algo you can find in my key generator sources code.


See the zip file for full solution. (ignore false alarm by AV, if any)Greets, opcode0x90.

 


crackme_nop
http://crackmes.de/users/opcode0x90/crackme_nop/

 

Solution by alex_ls
http://crackmes.de/users/opcode0x90/crackme_nop/solutions/alex_ls

Advertisements
4 Comments
  1. King Kj52 permalink

    Kool.I Expect good things to come from u.Now,i no hakr but would lik 2 learn how…anyways,good job.Hope this nvr dies out…(or u). Anyways,good job.Keep it up!!!:)

  2. Nerssus permalink

    hi
    i cant find the crackme file could you send it to me, i already have it but i think its correpted coze i cant open it in Ollydbg
    10x

  3. Thats the anti-debug trick 🙂

  4. Hi Dear
    May You Share Your Source Of VM Crackme ?
    Thanks Dear

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: