Archive for the ‘Solution for NrZ0e1’s CrackMe #1’ Category


It’s very simple:
Just solve the program will end after pressing ‘enter’.
Enjoy! 🙂

Additional ( no must ):
Write a patch!

Difficulty: 1 – Very easy, for newbies
Platform: Windows
Language: C/C++

Download crackme : http://www.crackmes.de/users/nrz0e1/crackme_1

———

Solution :

///////////////////////////////////////////////////////////////////////////////////////////
Program : NrZ0e1’s CrackMe #1
Description : It’s very simple:Just solve the program will end after pressing ‘enter’.Enjoy! 🙂
Tools       : OllyDbg
Difficult   :  Easy
Packer/Protector/Compiler : N/A
Objective : Patch
Cracker   :  kienmanowar
///////////////////////////////////////////////////////////////////////////////////////////

1. First, run this crackme and press Enter, blah blah the crackme disappear.

2. Okie, Load to Olly. Scroll down and i find the start point of this crackme here :

00401150  /.  55                          PUSH    EBP
00401151  |.  8BEC                        MOV     EBP, ESP
00401153  |.  68 28A14000                 PUSH    CrackMe.0040A128  ; /Arg1 = 0040A128 ASCII " CrackMe #1 by NrZ0e1
;14/09/2007
Solve the program is stopping from now!
[Enter]"
00401158  |.  E8 A32B0000                 CALL    CrackMe.00403D00  ; \CrackMe.00403D00

3. Look down, we will see the Good boy :

00401184  |.  68 84A14000                 PUSH    CrackMe.0040A184   ; /Arg1 = 0040A184 ASCII
;"You solved the problem !!!! I am proud of you ! ;-)"
00401189  |.  E8 722B0000                 CALL    CrackMe.00403D00   ; \CrackMe.00403D00

4. Ok now, i set bp at 00401150, F9 to run and stop at the bp. Use F8 key to trace downward, after trace over this call

00401176  |.  E8 75290000                 CALL    CrackMe.00403AF0

The crackeme run, back to Crackme and press Enter, blah we return to OllyDbg. Continue to trace downward and stop at this call :

0040117C  |> \6A 01                       PUSH    1                  ; /Arg1 = 00000001
0040117E  |.  E8 C1610000                 CALL    CrackMe.00407344   ; \CrackMe.00407344 <== Stop here
00401183  |.  59                          POP     ECX
00401184  |.  68 84A14000                 PUSH    CrackMe.0040A184   ; /Arg1 = 0040A184 ASCII
;"You solved the problem !!!! I am proud of you ! ;-)"
00401189  |.  E8 722B0000                 CALL    CrackMe.00403D00   ; \CrackMe.00403D00

5. The Call at 0040117E will call ExitProcess Api to terminate this crackme, so i nop this call like this :

0040117C  |> \6A 01                       PUSH    1                                 ; /Arg1 = 00000001
0040117E      90                          NOP                                       ; \CrackMe.00407344
0040117F      90                          NOP
00401180      90                          NOP
00401181      90                          NOP
00401182      90                          NOP

6. Press F9 to Run, wow the Good boy appear!!!

That’s all. Thanx for reading my tutor.
Sorry for my bad English!!! 😐

–++–==[ Greatz Thanks To ]==–++–
My family, Computer_Angel, Moonbaby , Zombie_Deathman, Littleboy, Benina, QHQCrker,
the_Lighthouse, Merc, Hoadongnoi, Nini … all REA‘s members, TQN, HacNho, RongChauA,
Deux, tlandn, light.phoenix, dqtln, ARTEAM …. all my friend, and YOU.

–++–==[ Thanks To ]==–++–
iamidiot, WhyNotBar, trickyboy, dzungltvn, takada, hurt_heart, haule_nth, hytkl, moth, XIANUA, nhc1987 v..v..

I want to thank Teddy Roggers for his great site, Reversing.be folks(especially haggar),
Arteam folks(Shub-Nigurrath, MaDMAn_H3rCuL3s) and all folks on crackmes.de, thank
to all members of unpack.cn (especially fly and linhanshi). Great thanks to lena151(I like your tutorials).
And finally, thanks to RICARDO NARVAJA and all members on CRACKSLATINOS.

>>>> If you have any suggestions, comments or corrections email me: kienmanowar[at]reaonline.net

Advertisements