; ---------------------------------------------------------------------------
struct_cplx struc ; (sizeof=0x8, standard type)
real dd ? ; base 10
imag dd ? ; base 10
struct_cplx ends
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
;
; File Name : Crackme.exe
; Format : Portable executable for IBM PC (PE)
; Section 1. (virtual address 00001000)
; Virtual size : 0000031E ( 798.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : 16 bytes ?
model flat
; ---------------------------------------------------------------------------
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
public start
start proc near
push 0 ; lpModuleName
call GetModuleHandleA
mov hInstance, eax
push 0 ; dwInitParam
push offset DialogFunc ; lpDialogFunc
push 0 ; hWndParent
push 3E9h ; lpTemplateName
push hInstance ; hInstance
call DialogBoxParamA
push eax ; uExitCode
call ExitProcess
start endp
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
; BOOL __stdcall DialogFunc(HWND,UINT,WPARAM,LPARAM)
DialogFunc proc near ; DATA XREF: start+Eo
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
cmp eax, WM_INITDIALOG
jz short loc_40104A
cmp eax, WM_COMMAND
jz short loc_401060
cmp eax, WM_CLOSE
jz short loc_401050
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40104A: ; CODE XREF: DialogFunc+Bj
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
loc_401050: ; CODE XREF: DialogFunc+17j
; DialogFunc+48j
push 0 ; nResult
push [ebp+hWnd] ; hDlg
call EndDialog
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
loc_401060: ; CODE XREF: DialogFunc+12j
mov eax, [ebp+arg_8]
cmp ax, 400h
jz short loc_40107B
cmp ax, 3FEh
jz short verify_serial
cmp ax, 3FFh
jz short loc_401050
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40107B: ; CODE XREF: DialogFunc+3Cj
push 40h ; uType
push offset aCrackme ; lpCaption
push offset aJustALittleCra ; lpText
push [ebp+hWnd] ; hWnd
call MessageBoxA
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
verify_serial: ; CODE XREF: DialogFunc+42j
push 100h ; nMaxCount
push offset lpName ; lpString
push 3EAh ; nIDDlgItem
push [ebp+hWnd] ; hDlg
call GetDlgItemTextA
mov esi, offset lpName
xor eax, eax
xor edx, edx
@@bcl1: ; CODE XREF: DialogFunc+91j
mov dl, [esi]
add eax, edx
inc esi
test edx, edx
jnz short @@bcl1
mov name1.real, eax
dec eax
imul eax, 3
mov name1.imag, eax
mov esi, offset lpName
mov eax, 12345678h
xor edx, edx
@@bcl2: ; CODE XREF: DialogFunc+B7j
mov dl, [esi]
xor eax, edx
rol eax, 5
inc esi
test edx, edx
jnz short @@bcl2
xor edx, edx
mov ecx, 7A69h
div ecx
mov name2.real, edx
and eax, 0FFFh
mov name2.imag, eax
push 24h ; nMaxCount
push offset lpName ; lpString
push 3EBh ; nIDDlgItem
push [ebp+hWnd] ; hDlg
call GetDlgItemTextA
cmp eax, 23h
jnz bad_serial
mov edi, offset lpName
mov byte ptr [edi+8], 0
push edi
call ascii_to_dword
mov s1.real, eax
add edi, 9
mov byte ptr [edi+8], 0
push edi
call ascii_to_dword
mov s1.imag, eax
add edi, 9
mov byte ptr [edi+8], 0
push edi
call ascii_to_dword
mov s2.real, eax
add edi, 9
mov byte ptr [edi+8], 0
push edi
call ascii_to_dword
mov s2.imag, eax
xor ecx, ecx
mov edx, 4E21h
@@test_loop: ; CODE XREF: DialogFunc+190j
add ecx, 3
sub edx, 2
mov c1.real, ecx
mov c1.imag, edx
push offset c1
push offset c2
call ComputeComplex1 ; calcule:
; c2 = c1^2 + c1*s1 + s2
;
push offset c1 ; struc_cplx *
push offset c3 ; struc_cplx *
call ComputeComplex2 ; calcule:
; c3 = (n1+c1)*(n2+c1)
; = c1^2+(n1+n2)*c1+n1*n2
mov eax, c2.real
xor eax, c3.real
jnz short bad_serial ; et on doit avoir les parties
; réelles et imaginaires de c2 et c3 égales,
; ie c2=c3
mov eax, c2.imag
xor eax, c3.imag
jnz short bad_serial
cmp ecx, 4E21h ; pour plein de valeurs de c1
jnz short @@test_loop ; c'est à dire:
; c1^2+c1*s1+s2 = (n1+c1)*(n2+c1)
; c1^2+c1*s1+s2 = c1^2+(n1+n2)*c1+n1*n2
;
; soit:
; s1 = n1+n2
; s2 = n1*n2
push 40h ; uType
push offset aCrackme ; lpCaption
push offset aRoeoeoeoechtoe ; lpText
push [ebp+hWnd] ; hWnd
call MessageBoxA
xor eax, eax
leave
retn 10h
; ---------------------------------------------------------------------------
bad_serial: ; CODE XREF: DialogFunc+E9j
; DialogFunc+17Bj ...
push 10h ; uType
push offset aCrackme ; lpCaption
push offset aWrongSerial_ ; lpText
push [ebp+hWnd] ; hWnd
call MessageBoxA
xor eax, eax
leave
retn 10h
DialogFunc endp ; sp = 4
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
; int __stdcall ComputeComplex1(struct_cplx *,struct_cplx *)
ComputeComplex1 proc near ; CODE XREF: DialogFunc+15Cp
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
lea ebx, [ebp+var_8]
lea ecx, [ebp+var_10]
push esi
push esi
push ebx
call cplx_mul
push offset s1
push esi
push ecx
call cplx_mul
push ecx
push ebx
push edi
call cplx_add
push offset s2
push edi
push edi
call cplx_add
popa
leave
retn 8
ComputeComplex1 endp
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
; int __stdcall ComputeComplex2(struc_cplx *,struc_cplx *)
ComputeComplex2 proc near ; CODE XREF: DialogFunc+16Bp
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
lea ebx, [ebp+var_8]
lea ecx, [ebp+var_10]
push offset name1
push esi
push ebx
call cplx_add
push offset name2
push esi
push ecx
call cplx_add
push ecx
push ebx
push edi
call cplx_mul
popa
leave
retn 8
ComputeComplex2 endp
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
; int __stdcall cplx_add(struct_cplx *,struct_cplx *,struct_cplx *)
cplx_add proc near ; CODE XREF: ComputeComplex1+2Ap
; ComputeComplex1+36p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_4]
mov ebx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, [esi]
add eax, [ebx]
mov [edi], eax
mov eax, [esi+4]
add eax, [ebx+4]
mov [edi+4], eax
popa
leave
retn 0Ch
cplx_add endp
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
; int __stdcall cplx_mul(struct_cplx *,struct_cplx *,struct_cplx *)
cplx_mul proc near ; CODE XREF: ComputeComplex1+16p
; ComputeComplex1+22p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_4]
mov ebx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov edx, [esi]
mov eax, [ebx]
imul edx, eax
mov eax, [esi+4]
mov ecx, [ebx+4]
imul eax, ecx
sub edx, eax
mov [edi], edx
mov edx, [esi]
mov eax, [ebx+4]
imul edx, eax
mov eax, [esi+4]
mov ecx, [ebx]
imul eax, ecx
add edx, eax
mov [edi+4], edx
popa
leave
retn 0Ch
cplx_mul endp
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
; Attributes: bp-based frame
ascii_to_dword proc near ; CODE XREF: DialogFunc+F9p
; DialogFunc+10Bp ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
xor eax, eax
xor edx, edx
mov ecx, 8
mov esi, [ebp+arg_0]
loc_4012D5: ; CODE XREF: ascii_to_dword+28j
mov dl, [esi]
test dl, dl
jz short loc_4012EF
sub dl, 30h
cmp dl, 0Ah
jb short loc_4012E6
sub dl, 7
loc_4012E6: ; CODE XREF: ascii_to_dword+1Cj
shl eax, 4
or eax, edx
inc esi
dec ecx
jnz short loc_4012D5
loc_4012EF: ; CODE XREF: ascii_to_dword+14j
mov [ebp+arg_0], eax
popa
mov eax, [ebp+arg_0]
leave
retn 4
ascii_to_dword endp
; [00000006 BYTES: COLLAPSED FUNCTION DialogBoxParamA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION EndDialog. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 100h
_text ends
; Section 2. (virtual address 00002000)
; Virtual size : 000000F6 ( 246.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00000800
; Flags 40000040: Data Readable
; Alignment : 16 bytes ?
;
; Imports from kernel32
;
; ---------------------------------------------------------------------------
; Segment type: Externs
; _idata
; HMODULE __stdcall __imp_GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleAr
; void __stdcall __imp_ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcessr
;
; Imports from user32
;
; int __stdcall __imp_MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxAr
; UINT __stdcall __imp_GetDlgItemTextA(HWND hDlg,int nIDDlgItem,LPSTR lpString,int nMaxCount)
extrn __imp_GetDlgItemTextA:dword ; DATA XREF: GetDlgItemTextAr
; BOOL __stdcall __imp_EndDialog(HWND hDlg,int nResult)
extrn __imp_EndDialog:dword ; DATA XREF: EndDialogr
; int __stdcall __imp_DialogBoxParamA(HINSTANCE hInstance,LPCSTR lpTemplateName,HWND hWndParent,DLGPROC lpDialogFunc,LPARAM dwInitParam)
extrn __imp_DialogBoxParamA:dword ; DATA XREF: DialogBoxParamAr
; Create a modal dialog box from a
; dialog box template resource
; ---------------------------------------------------------------------------
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 402020h
db 68h ; h
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0BAh ; ¦
db 20h ;
db 0 ;
db 0 ;
db 0Ch ;
db 20h ;
db 0 ;
db 0 ;
db 5Ch ; \
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0E8h ; Þ
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0D4h ; È
db 20h ;
db 0 ;
db 0 ;
db 0C6h ; ã
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0ACh ; ¼
db 20h ;
db 0 ;
db 0 ;
db 9Ah ; Ü
db 20h ;
db 0 ;
db 0 ;
db 8Eh ; Ä
db 20h ;
db 0 ;
db 0 ;
db 7Ch ; |
db 20h ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 8Ah ; è
db 0 ;
aDialogboxparam db 'DialogBoxParamA',0
db 0ADh ; ¡
db 0 ;
aEnddialog db 'EndDialog',0
db 0F4h ; ¶
db 0 ;
aGetdlgitemtext db 'GetDlgItemTextA',0
db 9Dh ; Ø
db 1 ;
aMessageboxa db 'MessageBoxA',0
aUser32_dll db 'user32.dll',0
db 0 ;
db 80h ; Ç
db 0 ;
aExitprocess db 'ExitProcess',0
db 9 ;
db 1 ;
aGetmodulehandl db 'GetModuleHandleA',0
db 0 ;
aKernel32_dll db 'kernel32.dll',0
db 10Bh dup(0)
_rdata ends
; Section 3. (virtual address 00003000)
; Virtual size : 000001B0 ( 432.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00000A00
; Flags C0000040: Data Readable Writable
; Alignment : 16 bytes ?
; ---------------------------------------------------------------------------
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 403000h
aCrackme db 'Crackme',0 ; DATA XREF: DialogFunc+52o
; DialogFunc+194o ...
aWrongSerial_ db 'Wrong serial.',0 ; DATA XREF: DialogFunc+1B3o
aRoeoeoeoechtoe db 'Roeoeoeoechtoeoeoeoech!',0 ; DATA XREF: DialogFunc+199o
aJustALittleCra db 'Just a little Crackme.',0Dh,0Ah ; DATA XREF: DialogFunc+57o
db 'by Bratalarm',0
aABCDAcBdAdBc db '(a,b) * (c,d) = (ac-bd, ad+bc)',0
align 4
; HINSTANCE hInstance
hInstance dd 0 ; DATA XREF: start+7w start+1Ar
name1 dd 0 ; real ; DATA XREF: DialogFunc+93w
; ComputeComplex2+13o ...
dd 0 ; imag
name2 dd 0 ; real ; DATA XREF: DialogFunc+C2w
; ComputeComplex2+1Fo ...
dd 0 ; imag
s1 dd 0 ; real ; DATA XREF: DialogFunc+FEw
; ComputeComplex1+1Bo ...
dd 0 ; imag
s2 dd 0 ; real ; DATA XREF: DialogFunc+122w
; ComputeComplex1+2Fo ...
dd 0 ; imag
; struct_cplx c1
c1 dd 0 ; real ; DATA XREF: DialogFunc+146w
; DialogFunc+152o ...
dd 0 ; imag
; struct_cplx c2
c2 dd 0 ; real ; DATA XREF: DialogFunc+157o
; DialogFunc+170r ...
dd 0 ; imag
; struc_cplx c3
c3 dd 0 ; real ; DATA XREF: DialogFunc+166o
; DialogFunc+175r ...
dd 0 ; imag
; CHAR lpName
lpName db 0 ; DATA XREF: DialogFunc+6Fo
; DialogFunc+81o ...
align 200h
_data ends
end start