Target: thetrh51’s simplepin
URL: http://crackmes.de/users/thetrh51/simplepin/
Protection: Serial
Description: Crackme with a serial protection
Tools: objdump
If we take a look at the disassebly of the main-routine of this crackme we find out how the serial check is working and we also find out the correct serial.
0804876c <main>:
804876c: 55 push ebp
804876d: 89 e5 mov ebp,esp
804876f: 83 e4 f0 and esp,0xfffffff0
8048772: 83 ec 20 sub esp,0x20
8048775: c7 44 24 04 c0 88 04 mov DWORD PTR [esp+0x4],0x80488c0 ; offset of "Passcode: "
804877c: 08
804877d: c7 04 24 e0 9b 04 08 mov DWORD PTR [esp],0x8049be0 ; offset of cout
8048784: e8 b7 fe ff ff call 8048640 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@plt> ; print the "Passcode: "-message
8048789: 8d 44 24 1c lea eax,[esp+0x1c]
804878d: 89 44 24 04 mov DWORD PTR [esp+0x4],eax
8048791: c7 04 24 40 9b 04 08 mov DWORD PTR [esp],0x8049b40 ; offset of cin
8048798: e8 b3 fe ff ff call 8048650 <_ZNSirsERi@plt> ; get input from console
804879d: 8b 44 24 1c mov eax,DWORD PTR [esp+0x1c] ; move input to eax
80487a1: 3d d2 04 00 00 cmp eax,0x4d2 ; compare input to 0x4d2 (1234)
80487a6: 74 07 je 80487af <main+0x43> ; jump to the "YOURE IN!!"-message
80487a8: b8 63 00 00 00 mov eax,0x63
80487ad: eb 19 jmp 80487c8 <main+0x5c> ; jump to end
80487af: c7 44 24 04 cb 88 04 mov DWORD PTR [esp+0x4],0x80488cb ; offset of "YOURE IN!!"
80487b6: 08
80487b7: c7 04 24 e0 9b 04 08 mov DWORD PTR [esp],0x8049be0
80487be: e8 7d fe ff ff call 8048640 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@plt>
80487c3: b8 01 00 00 00 mov eax,0x1
80487c8: eb 08 jmp 80487d2 <main+0x66>
80487ca: 89 04 24 mov DWORD PTR [esp],eax
80487cd: e8 9e fe ff ff call 8048670 <_Unwind_Resume@plt>
80487d2: c9 leave
80487d3: c3 ret
All this crackme does is taking the input as an integer and stores it in eax, compares the entered value to 1234 and sends you to either the “YOURE IN!!”-message or the end.
kza 