Shindanaide's CrackME_15lug2015 Tutorial

July 29, 2015 - Reading time: 4 minutes

Target: Shindanaide's CrackME_15lug2015

URLhttp://crackmes.de/users/shindanaide/crackme_15lug2015/

Protection: Serial.

Description: Crackme with a serial protection

Tools: CFR Java Decompiler

Decompile the crackme with CFR Java Decompiler, and we end up with five Java-classes in three packages.

B (package ABC) B (package ABC) B (package ABC) B (package ABC.D) <- Empty class, ignore that. C (package ABC_.KL)

Take a look at the class C in package ABC_.KL and you'll find the main-method and some other methods including some GUI set up.

package ABC_.KL;

import ABC.B;
import ABC.B_;
import javafx.application.Application;
import javafx.event.ActionEvent;
import javafx.event.Event;
import javafx.event.EventHandler;
import javafx.scene.Node;
import javafx.scene.Parent;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.control.TextField;
import javafx.scene.layout.GridPane;
import javafx.stage.Stage;

public class C
extends Application {
    GridPane R;
    B a;
    Scene assalabalaba;
    B_ i = new B_();
    Button g = new Button();
    private static TextField AS = new TextField();
    public static String hk = "CrackME_15lug2015";

    public static void main(String[] args) {
        C.launch((String[])args);
        int importantNumber = 536898; // importantNumber is not used. Ignore that variable.
        ++importantNumber;
        importantNumber*=103;
    }

    public void start(Stage arg0) throws Exception { // Set up GUI.
        this.a = new B();
        this.G(); // Setup GridPane and Scene objects.
        this.T(); // Nothing.
        this.R.add((Node)this.g, 0, 0); // Add button.
        this.R.add((Node)C.setAS(), 1, 0); // Add TextField
        this.g.setOnAction(e -> { // Add event listener to the button
            this.w();
        }
        );
        arg0.setScene(this.assalabalaba);
        arg0.setTitle(String.valueOf(hk) + " ");
        arg0.show();
    }

    public void RR() {
        this.R = new GridPane();
    }

    public void G() {
        this.RR();
        this.g.setText("OK");
        this.assalabalaba = new Scene((Parent)this.R);
    }

    public void T() {
    }

    public void w() { // Button click event
        boolean m = !this.i.T(); // m = B_.T()
        String m1 = !m ? "NICE;BRO" : "TRY;AGAIN"; // if (m == true) m1 = "NICE;BRO" else m1 = "TRY;AGAIN"
        AS.setText(m1); // Set m1 as the textbox-text
    }

    public static TextField setAS() {
        return AS;
    }

    public void getAS(TextField aS) {
        AS = aS;
    }
}

So now we've found the button click event that validates the serial. We see that a method in the B_-class is used, so lets take a look at B_.

package ABC;

import ABC.B;
import ABC.B__;
import ABC_.KL.C;

public class B_ {
    B B___ = new B();

    public boolean T() {  // Check if entered serial is an integer and matches the return-value of B__.B_().
        if (Integer.parseInt(C.setAS().getText()) == B__.B_()) {
            return true;
        }
        if (Integer.parseInt(C.setAS().getText()) != B__.B_()) {
            return false;
        }
        return true;
    }
}

Now we know that the serial is an integer and that it has to be equal to the return-value of B__.B_(). So lets take a look at the B__-class.

package ABC;

import ABC.B;
import ABC.B_;
import ABC_.KL.C;

public class B__ {
    public static int B_() {
        B_ B__ = new B_(); 
        String k = C.hk; //window title, "CrackME_15lug2015"
        int i = k.length(); // 17
        i*=40; // 680
        i-=52; // 628
        i+=219; // 847
        i+=9608; // 10455
        i+=208; // 10663
        i-=229; // 10434
        if (B__.B___.t) { // Will be true
            return i; // return 10434
        }
        return i * 57; // Will never be reached
    }
}

A quick look at the B___-class lets us know that the if-statement will always be true.

package ABC;

import javafx.scene.control.Button;
import javafx.scene.control.TextField;

public class B { // Initialize some fields.
    Button button = new Button("NICE BUTTON");
    TextField TX = new TextField("NICE TEXTFIELD");
    boolean t = true;
}

So the serial is calculated from the lenght of the window title. After we've calculated the correct serial we end up with 10434.
If we enter that in the crackme we get the "NICE;BRO"-message.