Underground InformatioN Center [&articles] 
[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]

Solution for Mogul Crack Me 2

Hi all, i'm Corbio and it's my first work for Genocide Crew.
My english is veeery bad, but i think you understand me. :-)

Tools
SmartCheck 6.03
SoftICE
IDA
brain ... i use version 1.0 SE :)

Lets go....
First i should to disassemble my target.
Now stars SC and enter the Name(Corbio) and the Serial(1).
Lets look what we have.
Hmm. Lot of ' _Change' here. Look at the last one:


     Str(VARIANT:ByRef Long:3030)         ;????
     Len(String:"Corbio")return LONG:6    
     Str(VARIANT:Long:6)
     Trim(VARIANT:String:"6")
     Long(3035)--> Integer(3035)          ;????
     Str(VARIANT:ByRef Integer: 3035)     ;????
     Trim(VARIANT:String:"3030")          ;????
     Trim(VARIANT:ByRef String:"3030-Corbio-6") 
                   ;Wow! Its the correct serial!
Enter '3030-Corbio-6' and you get the message "you did it". Easy? Yes. But i want to code the keygen for that crackme, not single serial. Try to delete last char in my name, "o":

     Str(VARIANT:ByRef Long:2475)         ;hmm. some changes
     Len(String:"Corbi")return LONG:5    
     Str(VARIANT:Long:5)
     Trim(VARIANT:String:"5")
     Long(2480)--> Integer(2480)          
     Str(VARIANT:ByRef Integer: 2480)     
     Trim(VARIANT:String:"2480")          
     Trim(VARIANT:ByRef String:"2475-Corbi-5")
I have some ideas about last string. 'Corbio' is 6 chars long and '-6' in the end of the serial, 'Corbi' is 5 chars and '-5' in the end.Ok. Last char is the length of my name.
Lets look at the previous 'Change':
Hmm .Mid, Asc, Mid, Asc...
first Mid - CRACKME2.EXE!000028E3 (in Details window)
Look at 000028E2 in IDA
Go down until you see:

00402991    call    ds:MSVBVM60_516     
00402997    imul    ax, 5                                                       
0040299B    mov     edx, [esi+44h]   
                    ;[esi+44h] is address of checksym
0040299E    jo      loc_402A4E
004029A4    movsx   ecx, ax
004029A7    add     ecx, edx
004029A9    lea     edx, [ebp-0ACh]
004029AF    jo      loc_402A4E
004029B5    mov     [esi+44h], ecx   	
                    ; for  'Corbio'   chacksym=BD6h
Set bpx at 402991 and trace some time. Do you understand what
happend? I do : )

After that i can code the keygen.
Thats all.

Greets...
Genocide Crew members...
Acid Bytes,[X-Ray] and all my german friends(you know who you are)...
All crackers in the world...

Corbio
corbio@mail.ru
uinC Member
[c]uinC

Download Key Generator for Mogul CrackMe 2 here

Все документы и программы на этом сайте собраны ТОЛЬКО для образовательных целей, мы не отвечаем ни за какие последствия, которые имели место как следствие использования этих материалов\программ. Вы используете все вышеперечисленное на свой страх и риск.

Любые материалы с этого сайта не могут быть скопированы без разрешения автора или администрации.


[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive][home]
 Underground InformatioN Center [&articles] 
2000-2015 © uinC Team