Comments on: R4ndom’s Tutorial #10: The Levels Of Patching

By: Abutharik

Abutharik — Thu, 12 Sep 2013 14:14:05 +0000

R4ndom, I’m struck at initial stage of the 3rd level. With GetDlgItemTextA password was stored at.0040305D. When I check the register EAX it doesn’t show me that it holds .0040305d, instead it has the number .0040300F(ASCII access granted). I’ve entered the same serial (12121212) as yours for further check. I’m unable to move forward now. Please help me.

By: pornpinoy

pornpinoy — Thu, 08 Aug 2013 07:38:35 +0000

Does the solution of the password is reversing the assembly cmp dx, 42de by setting the value dx = 42de and reversing the structure of the assembly code,like dl=42 and dh=de and so on. I’m a beginner on this that’s y i ask. Thanks random.

By: Jacelyn Balitas

Jacelyn Balitas — Fri, 07 Jun 2013 07:30:44 +0000

It’s a shame you don’t have a donate button! I’d definitely donate to this excellent blog! I guess for now i’ll settle for bookmarking and adding your RSS feed to my Google account. I look forward to fresh updates and will talk about this site with my Facebook group. Chat soon!

By: Panta

Panta — Sun, 02 Jun 2013 23:10:13 +0000

Here’s a full solution for all possible keys (I hope): http://pastebin.com/wpguHZVp

It’s no code but simply a thorough analysis of what the exe does.

By: Raider

Raider — Tue, 07 May 2013 12:30:22 +0000

Thanks, fixed it for me

By: enman

enman — Sun, 17 Feb 2013 20:32:56 +0000

Hi R4ndom,

great tutorial!

I used a pen and a paper to solve this crackme and I found 510 working keys

By: Alex Krycek

Alex Krycek — Tue, 15 Jan 2013 21:20:01 +0000

Hey R4ndom,

This is definitely one of the best series I’ve read on the subject. I’m learning so much with this incremental approach.

Fuck though, I just spent hours trying to reverse-engineer the algorithm to see if I can generate the password. Unfortunately, it took me that long to realize that you can’t actually reverse an AND operation (because bit information is lost).

I suppose that, since you can reverse an XOR operation with another XOR operation, you will be able to recreate most of the password (everything except password[0], password[4] and the final two characters that are used to store the “checksums”). Still, you’ll have an enormous amount of possible passes to try. It’s not the full range of all possible characters (62 ** 10 in total), but I really don’t feel like coding something like that.

Thanks again though!

By: jeeva

jeeva — Mon, 17 Dec 2012 20:20:28 +0000

Hi Random,

Ur tutorials are very much awesome… I like these tutorials… Pls help me to make keygens after cracking softwares…………

Thanks in Advance………..

By: Smurfx

Smurfx — Fri, 14 Dec 2012 21:28:36 +0000

Hi R4ndom,

First of all thanks for yours awesome tutorials.
I’ ve just start to study this now, I’m kind of lost in this tutorial, how to really change the code to jump all the check instructions. What I did it was change 2 lines of the original code.

0040143E JNZ SHORT Crackme6.0040142D
00401440 XOR ECX,ECX

I changed for:
0040143E XOR EAX,EAX
00401440 JMP 00401515

Now my code is always jumping to end of the function. But I would like to know if is this correct? Or anybody could help me out with this.

Thanks guys.

By: Babee

Babee — Thu, 01 Nov 2012 13:56:01 +0000

Super Insane Extra Credit: [spoiler] Password hardcoded in .data section [/spoiler]