Crack me!

[Joakim Christiansen]

This should be rather easy since this is my first try at making something which is "hard" to crack. It's compiled with PureBasic and I have done nothing more with the exe! The goal is to get the "you entered the right serial message"!

http://www.jlc-software.com/unsorted/crackme.exe

[Joakim Christiansen]

I think there is a bug in it, I must fix it!

EDIT: Fixed!

[PB]

It would've been a better test if you didn't tell us the message that appears!

[Joakim Christiansen]

Maybe, but you can't find it's string anyway

[MrMat]

hehe, it appears to be:
d0caee2de418f0b4ab89c75702850503
I'm glad i didn't try brute force
The serial was visible in memory when checked against the serial entered so the hardest part was finding where the check was.
Edit: That is with username Name

[MrMat]

Is the serial some transformation of the MD5 of the username?

[Joakim Christiansen]

Sweet, you got the job done!
One more challenge is to try to make it accept any key.

Now... how do I hide stuff from the memory?

[Joakim Christiansen]

Is the serial some transformation of the MD5 of the username?

It kinda is, but it would make it too easy, so I made a string of the ASCII values and MD5'ed it. But I did some secret tricks with the ASCII values too.

[MrMat]

One more challenge is to try to make it accept any key.

I haven't checked this thoroughly but it seems ok to generate the serial for any username:

Code: Select all

username.s = InputRequester("Serial generator", "Enter username", "Name")

var.s = ""
For loopy = 1 To Len(username)
    var + Str(Asc(Mid(username, loopy, 1)) / 3)
Next

serial.s = MD5Fingerprint(@var, Len(var))
SetClipboardText(serial)
MessageRequester("Serial copied to clipboard", serial)

[Joakim Christiansen]

That's exactly my code!

Code: Select all

String$ = "1"
For i=1 To Len(String$)
  Result$ + Str(Asc(Mid(String$,i,1))/3)
Next
Debug String$
Debug MD5Fingerprint(@Result$,Len(Result$))

But I know /3 was a bad idea, should make it better.

[MrMat]

hehe! I entered the alphabet in lower and uppercase to see what was getting MD5ed, so the / 3 jumped out from that. You could add loads to complicate it!

[Joakim Christiansen]

I guess I should make a new crackme now, but does anybody recommend any good exe cryptors/protectors I could use? (hopefully freeware)

[PB]

> Maybe, but you can't find it's string anyway

That's open to debate.

But you're missing the point: if you didn't tell us the message, and someone
cracked it and told you the message, then you'd know they were right.

[thefool]

> Maybe, but you can't find it's string anyway

That's open to debate.

But you're missing the point: if you didn't tell us the message, and someone
cracked it and told you the message, then you'd know they were right.

Personally i don't like "please restart the program" and then after that either run registered or not

But i just got a cruel idea for a crackme:

I protect the procedure that runs yes or no with a key. Self modifying. But if you enter the wrong key, calling the proc will do a huge mess and i will put an exception catcher wich then says "wrong password!". In this case, you wouldn't be able to read the password from the exe as it isnt in. Problem is that it is hard to do with a keygen, but possible. I've made procedures to generate different key's from different names which all end up in the same thing. Problem: you can read how it makes the final string.

Oh well, i'll do the crackme today or this weekend

[PB]

> Personally i don't like "please restart the program" and then after that
> either run registered or not

That's not what I meant, but doing that is the best method of registering
because it makes the app that little bit harder for the cracker to succeed.