Extreme crackme for cracker

"I can see,that the 2015 year cracker generation will
measure their knowledge on YOUR protection DD"

Well, I think I got something from 2015.It's not Armadillo and the
algoritm is very week,but I want only to make your work harder.
And I want to recommend it to the cracker named guys...
Well,we will see, how can you handle it...

The goal is to get the correct serial and register it on my
page.I measure thru this registration,who can solve this mistery.
So I think with this,It's become a competition.

WORKS ONLY ON NT/2000/XP/ AND ABOVE!!!
The level of the crackme is 8/10.
I made it for crack it,so it's not too hard,but not too easy.

By Northfox

funny, is that x86-to-text algorithm home made or is there already an existing snippet to do that?

[upb]

lifewire: search for shellcode encoders
iirc one was named dissembler.
its a long known technique to bypass input restrictions & ids

[softworm]

Interesting stuff

It run happily on WinXP but crashed on my W2K SP4.

[peleon]

Nice crackme

I just have the time to have a very short look at it. What the hell the crackme is doing in the Entrypoint. I just get out of the crackme after tracing 6 instructions

Shellcode? Hmm...never heard of that one. Just found a bit of information and now I know a bit more of it. So, how Windows starts executing that crackme? Anyone familiar with Shellcodes are welcome

Regards.

Quote:

Originally Posted by peleon

Nice crackme

Shellcode? Hmm...never heard of that one. Just found a bit of information and now I know a bit more of it. So, how Windows starts executing that crackme? Anyone familiar with Shellcodes are welcome

Regards.

shellcodes are something totally different, those are used when exploiting a buffer overflow and give the exploiter a shell. that's why they are called shellcode.

[peleon]

lifewire, thanks for info.

But, how the shell is created? I have debugged the first instructions and it's not related with creating a "cmd.exe" or similart, I'm just debugging ASCII code! and the program cannot be run if I just stop on EntryPoint with SICE and leave the program running after that

[ajron]

Program has anti-debugging tricks. Simply use SoftIce with IceExt and '!protect on' to avoid problem ;)

[upb]

hehe, sorry for making it even more cofusing.
I was just saying that the technique to encode arbitary code into code represented only with ascii charset (with some restrictions, like < 0x80), is used to encode 'shellcode'. Shellcode is the payload that is executed by an exploit that attacks a bug. When the bug is in a text-based protocol service, like httpd or smtpd, the protocol has restrictions on data it accepts, thats why an encoder is used to turn the 'shellcode' into ascii text.

The same kind of technique is used here, to encode a part of the 'crackme' binary into ascii text.

[softworm]

Got it.

It took me quite some time to defeat the checksum.

[bilbo]

Well, that was really amusing...

Just one note: surely your deallocation mistakes are expressely wanted (nice antidebugging trick by the way, BUT the program is leaking memory, look with Task Manager...); but I'm sure that registering a font which is called "Lucia Console" is a real mistake! LOL

Quote:

Originally Posted by lifewire

funny, is that x86-to-text algorithm home made or is there already an existing snippet to do that?

another C2T converter (different algo):
h..p://home19.inet.tele.dk/jibz/f4f/asm/c2t.zip

Thanks for the fun, bilbo