Underground InformatioN Center [&articles] 
[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]

Solution for Yado's Krypton

Tools
SoftICE
maybe brain ;)

"We Will, We Will Crack You"
First, dont try to disasm krypton, coz is have polymorphic code. You dont get correct dead-listing. So, load krypton into SI Symbol Loader and start the trace. F10. Trace until you get:


00401048:   CALL  KERNEL32!CreateProcessA
0041104D:   PUSH  FF
0040104F:   CALL  KERNEL32!ExitProcess
Stop at 0040104F. F8,F10,F11. Trace again.
You found some operations with the registry. Forget about it. Its YaDo's joke. Trace down.

0040185B:   MOV   AH,43    ;  mov ah,43 ;)
0040185D:   INT   68       ;  interesting. SI detection
0040185F:   CMP   AX,F386  ;  AX return F386 if SI is loaded and
                           ;  4300 if not loaded. 
            JZ    @Cracker used SI. I change my own code and confuse him/her@
What to do with this? Unload SI and then crack krypton.;-) Joke. Load FrogsIce or change JZ with JNZ.
After some steps:

004010f4:       ; peace of code where calculating name of keyfile
........ripped  ; if SI is loaded name is wrong ;)
00401149:       ; if SI isnt loaded name is 'ya.do'
Start tracing until you get:

00401162:  CALL   KERNEL32!CreateFileA
           CMP    EAX, -01  ;file exist?
           JZ     004011B3  
....ripped some instructions
00401179:  CALL   KERNEL32!GetFileSize
           CMP    EAX,15    ;is file 15h bytes long ?  
           JNZ    004011B3
Ok. Keyfile should be 21 bytes long and its name is ya.do . Create ya.do and write something like this: '!!Corbio is a lamer!!' or
'!Corbio is a cracker!'
What you best like? Me second ;)
Trace until you get:

00401423:  MOV  CL,[ECX-01]    ;?
           SUB  CL,10
           MOV  CH,[EBX]       ;??
           XOR  CH,CL
           MOV  DH,[EAX]       ;???
           ADD  CL,0D
           XOR  DH,CL
           CMP  CH,DH
           JNZ  00401797       ;Go Out, Bad Cracker!
           MOV  DL,[004022B1]  ;????
           XOR  DL,DH
           MOV  [004022E8],DL  ;?????
           ADD  EAX,01
           ADD  EBX,01    

.......and 20 times like this........

?      : type 'd ecx-1' and you see  63495D1840. Its used for name
         of the keyfile and here too.
??     : type 'd ebx'   and you see 04213A27360A32373C133B3C273E323A3F
         7D303C3E 
???    : type 'd eax'. Wow! You see '!Corbio is a cracker!'  ;)
????   : type 'd 4044B1'and you see 102026353100744C443D052F262739243B
         296A4342
?????  : Its string where  'GREAT' and '--REGISTERED--' stored if you
         keyfile is correct. If no you got a lot of garbage.
Can you create correct keyfile now? I can.
37120914053901040F20080F140D01090C4E030F0D
Best created with Hiew. ;)
Thats all.
Uh.I'm tired.
Thanx for reading and.......
.......sorry my terrible english :)

Greets to...
Genocide Crew members
All my friends (you know who you are)
All crackers in the world :-)

15 Aug 2000

Corbio
corbio@mail.ru
uinC Member
[c]uinC

Все документы и программы на этом сайте собраны ТОЛЬКО для образовательных целей, мы не отвечаем ни за какие последствия, которые имели место как следствие использования этих материалов\программ. Вы используете все вышеперечисленное на свой страх и риск.

Любые материалы с этого сайта не могут быть скопированы без разрешения автора или администрации.


[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]
 Underground InformatioN Center [&articles] 
2000-2015 © uinC Team