Page 1 of 2
Crack me!
Posted: Wed Mar 21, 2007 7:54 am
by Joakim Christiansen
This should be rather easy since this is my first try at making something which is "hard" to crack. It's compiled with PureBasic and I have done nothing more with the exe! The goal is to get the "you entered the right serial message"!
http://www.jlc-software.com/unsorted/crackme.exe
Posted: Wed Mar 21, 2007 9:29 am
by Joakim Christiansen
I think there is a bug in it, I must fix it!
EDIT: Fixed!
Posted: Wed Mar 21, 2007 10:02 am
by PB
It would've been a better test if you didn't tell us the message that appears!
Posted: Wed Mar 21, 2007 5:01 pm
by Joakim Christiansen
Maybe, but you can't find it's string anyway
Posted: Wed Mar 21, 2007 5:49 pm
by MrMat
hehe, it appears to be:
d0caee2de418f0b4ab89c75702850503
I'm glad i didn't try brute force
The serial was visible in memory when checked against the serial entered so the hardest part was finding where the check was.
Edit: That is with username Name
Posted: Wed Mar 21, 2007 5:53 pm
by MrMat
Is the serial some transformation of the MD5 of the username?
Posted: Wed Mar 21, 2007 5:55 pm
by Joakim Christiansen
Sweet, you got the job done!
One more challenge is to try to make it accept any key.
Now... how do I hide stuff from the memory?
Posted: Wed Mar 21, 2007 5:57 pm
by Joakim Christiansen
MrMat wrote:Is the serial some transformation of the MD5 of the username?
It kinda is, but it would make it too easy, so I made a string of the ASCII values and MD5'ed it. But I did some secret tricks with the ASCII values too.
Posted: Wed Mar 21, 2007 6:19 pm
by MrMat
Joakim Christiansen wrote:One more challenge is to try to make it accept any key.
I haven't checked this thoroughly but it seems ok to generate the serial for any username:
Code: Select all
username.s = InputRequester("Serial generator", "Enter username", "Name")
var.s = ""
For loopy = 1 To Len(username)
var + Str(Asc(Mid(username, loopy, 1)) / 3)
Next
serial.s = MD5Fingerprint(@var, Len(var))
SetClipboardText(serial)
MessageRequester("Serial copied to clipboard", serial)
Posted: Wed Mar 21, 2007 6:24 pm
by Joakim Christiansen
That's exactly my code!
Code: Select all
String$ = "1"
For i=1 To Len(String$)
Result$ + Str(Asc(Mid(String$,i,1))/3)
Next
Debug String$
Debug MD5Fingerprint(@Result$,Len(Result$))
But I know /3 was a bad idea, should make it better.
Posted: Wed Mar 21, 2007 6:27 pm
by MrMat
hehe! I entered the alphabet in lower and uppercase to see what was getting MD5ed, so the / 3 jumped out from that. You could add loads to complicate it!
Posted: Wed Mar 21, 2007 9:17 pm
by Joakim Christiansen
I guess I should make a new crackme now, but does anybody recommend any good exe cryptors/protectors I could use? (hopefully freeware)
Posted: Thu Mar 22, 2007 12:45 am
by PB
> Maybe, but you can't find it's string anyway
That's open to debate.
But you're missing the point: if you didn't tell us the message, and someone
cracked it and told you the message, then you'd know they were right.
Posted: Thu Mar 22, 2007 9:24 am
by thefool
PB wrote:> Maybe, but you can't find it's string anyway
That's open to debate.
But you're missing the point: if you didn't tell us the message, and someone
cracked it and told you the message, then you'd know they were right.
Personally i don't like "please restart the program" and then after that either run registered or not
But i just got a cruel idea for a crackme:
I protect the procedure that runs yes or no with a key. Self modifying. But if you enter the wrong key, calling the proc will do a huge mess and i will put an exception catcher wich then says "wrong password!". In this case, you wouldn't be able to read the password from the exe as it isnt in. Problem is that it is hard to do with a keygen, but possible. I've made procedures to generate different key's from different names which all end up in the same thing. Problem: you can read how it makes the final string.
Oh well, i'll do the crackme today or this weekend
Posted: Thu Mar 22, 2007 10:02 am
by PB
> Personally i don't like "please restart the program" and then after that
> either run registered or not
That's not what I meant, but doing that is the best method of registering
because it makes the app that little bit harder for the cracker to succeed.