Underground InformatioN Center [&articles] 
[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]

Solution for LaZaRuS' L2C Crackme1

maybe brain ;)

"We Will, We Will Crack You"
Hi, Cracker!
First pay attention on anti-SI tricks inside crackme.

mov ah,43h
cmp ax,F386h                 ;is debugger active ?
jz  to_fake_part_of_code     ;jmp if yes

Little but strong, isn't it? ;-)
Use FrogsICE or patch the .exe .

Secondary, set bpx hmemcpy when you enter your name and push 'enter'. SI will pop. Ok, now we return to caller (F11,and F10 until you see):
from IDA dead-listing:

00401582 FF 15 A6 31 40 00 call    dword_4031A6      
                           ; caller
00401588 0B C0             or      eax, eax          
                           ; in EAX stored lenght of the name(LoN)
0040158A 75 01             jnz     short loc_40158D  
                           ;jump if LoN<>0
0040158C C3                retn
0040158D                   loc_40158D:               
                           ; CODE XREF: sub_401570+1A.j
0040158D 9C                pushf
0040158E B9 9A 02 00 00    mov     ecx, 29Ah
00401593 0F C8             bswap   eax               
                           ;what does this instruction?
                           ;Long to explain.See the asm book.
00401595 33 D2             xor     edx, edx
00401597 5B                pop     ebx               
                           ;not interestind
00401598 81 E3 00 01 00 00 and     ebx, 100h         
0040159E 0B DB             or      ebx, ebx          
004015A0 74 08             jz      short loc_4015AA  
004015A2 6A 00             push    0                 
                           ;not interesting
004015A4 FF 15 7E 30 40 00 call    dword_40307E      
004015AA                   loc_4015AA:                   
                           ; CODE XREF: sub_401570+30.j
004015AA F7 F9             idiv    ecx
004015AC 0F CA             bswap   edx
004015AE 33 C2             xor     eax, edx
004015B0 81 E1 00 FF 00 00 and     ecx, 0FF00h
004015B6 81 E2 FF 00 FF FF and     edx, 0FFFF00FFh
004015BC 33 CA             xor     ecx, edx
004015BE 0B C2             or      eax, edx
004015C0 0F C8             bswap   eax
004015C2 50                push    eax               
                           ;type 'd eax' and you get the
                           ;correct serial 
As you can see serial is function of the LoN and some constants. You can add this asm code to you keygen and make some changes. My source-codes in the packege.
Thats all.

Thanx for reading and.......
.......sorry my terrible english :)

Greets to....
DSi members
Genocide Crew members
All my friends (you know who you are)
All crackers in the world :-)

8 Sep 2000

uinC Member

Download Key Generator for LaZaRuS's l2c Crackme#1 here

Все документы и программы на этом сайте собраны ТОЛЬКО для образовательных целей, мы не отвечаем ни за какие последствия, которые имели место как следствие использования этих материалов\программ. Вы используете все вышеперечисленное на свой страх и риск.

Любые материалы с этого сайта не могут быть скопированы без разрешения автора или администрации.

[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]
 Underground InformatioN Center [&articles] 
2000-2015 © uinC Team