juansacco's CrackMe J1



10:32 AM 01/09/2019




This is a multi-staged crackme that implements several protections for antidebugging. Objective: Find the keys ( 3 ) to solve the crackme and make a keygen Hint: Run it on a VM :-)

s4r on 2:54 PM 01/10/2019: Pretty easy, I set its level to 2.

K2000 on 12:17 AM 01/14/2019: I removed the shutdowns and the the checks for debugger but it's still not working. The program just loads and then it quits. A video tutorial would be nice.

juansacco on 9:15 AM 01/15/2019: There are some other protections than isDebuggerPresent() to bypass :-) Keep trying!

juansacco on 4:53 PM 01/15/2019: Password for the crackme:

K2000 on 7:04 PM 01/15/2019: Ok i will try again from the begining but this time I will do it in a VirtualBox because it shutdown my computer multiple times. LOL

K2000 on 10:57 PM 01/15/2019: I tried VirtualBox Version 6.0.2 r128162 and in WindowsXP SP3 and the crackme is not working. It says it's not a valid windows application. Then i tried VirtualBox + Win10 64bit from Microsoft and Windows 10 gives installation error saying OOBEREGION error. How can i test it and debug it in VirtualBox 6.0.2 ?

K2000 on 6:39 AM 01/16/2019: The first serial number is 1337.

K2000 on 7:06 AM 01/16/2019: The second serial number is my computer name.

K2000 on 9:20 AM 01/16/2019: I can not find the third serial because the program quits.

juansacco on 3:40 PM 01/16/2019: @K2000 you need to bypass the protection so the program doesn't quits or restart your PC hehe

K2000 on 10:24 PM 01/16/2019: What virtual machine do you use to run it ? VirtualBox is not working for me.

juansacco on 10:26 AM 01/17/2019: @K2000 Besides other protections this crack me checks if you are running it inside a VM and if it does, then it quits, you need to bypass this in order to make it run

juansacco on 10:26 AM 01/17/2019: HINT: This crack me uses antidebugging techniques such as: VM Detection , Traps and IsDebuggerPresent

K2000 on 11:21 AM 01/17/2019: You should make a video tutorial about cracking it.

K2000 on 9:37 AM 01/18/2019: Can you include the source code ? I want to see if i understand the source first.

K2000 on 9:20 PM 01/18/2019: I patched the file so much that i completely broke it. Can you include the source code ? Please ?

K2000 on 5:53 PM 01/20/2019: I have a question. Why is it copying itself in memory multiple times ? Is that part of the protection ?

K2000 on 7:14 PM 01/21/2019: The 3rd serial number is: nuf-si-gnireenigne-esrever I had to patch the exit in order to accept it.

S01den on 6:51 PM 01/22/2019: Bro, just relax

K2000 on 8:08 PM 01/22/2019: LOL. Did anybody try to see if that's the last serial ? It only works if you patch the exit and send it back to ask for the 3rd serial.

coyote_0x90 on 6:21 AM 05/22/2019: That looks like last serial. [*] You Won! Happy Cracking! I only had to patch over the conditional jumps after the IsDebuggerPresent calls while I was debugging it. Otherwise, it does not seem to detect that it is running in a VM (VirtualBox 6.0.8). There is an exception thrown, but if it is passed to the program, then the proper exception handler is used and it does not seem to exit.