thetrh51's simplepin Tutorial

August 1, 2015 - Reading time: 2 minutes

Target: thetrh51's simplepin

URLhttp://crackmes.de/users/thetrh51/simplepin/

Protection: Serial

Description: Crackme with a serial protection

Tools: objdump

If we take a look at the disassebly of the main-routine of this crackme we find out how the serial check is working and we also find out the correct serial.

0804876c <main>:
 804876c:   55                      push   ebp
 804876d:   89 e5                   mov    ebp,esp
 804876f:   83 e4 f0                and    esp,0xfffffff0
 8048772:   83 ec 20                sub    esp,0x20
 8048775:   c7 44 24 04 c0 88 04    mov    DWORD PTR [esp+0x4],0x80488c0    ; offset of "Passcode: "
 804877c:   08 
 804877d:   c7 04 24 e0 9b 04 08    mov    DWORD PTR [esp],0x8049be0    ; offset of cout
 8048784:   e8 b7 fe ff ff          call   8048640 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@plt> ; print the "Passcode: "-message
 8048789:   8d 44 24 1c             lea    eax,[esp+0x1c]
 804878d:   89 44 24 04             mov    DWORD PTR [esp+0x4],eax
 8048791:   c7 04 24 40 9b 04 08    mov    DWORD PTR [esp],0x8049b40    ; offset of cin
 8048798:   e8 b3 fe ff ff          call   8048650 <_ZNSirsERi@plt>     ; get input from console
 804879d:   8b 44 24 1c             mov    eax,DWORD PTR [esp+0x1c]     ; move input to eax
 80487a1:   3d d2 04 00 00          cmp    eax,0x4d2            ; compare input to 0x4d2 (1234)
 80487a6:   74 07                   je     80487af <main+0x43>      ; jump to the "YOURE IN!!"-message
 80487a8:   b8 63 00 00 00          mov    eax,0x63
 80487ad:   eb 19                   jmp    80487c8 <main+0x5c>      ; jump to end
 80487af:   c7 44 24 04 cb 88 04    mov    DWORD PTR [esp+0x4],0x80488cb    ; offset of "YOURE IN!!"
 80487b6:   08 
 80487b7:   c7 04 24 e0 9b 04 08    mov    DWORD PTR [esp],0x8049be0
 80487be:   e8 7d fe ff ff          call   8048640 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@plt>
 80487c3:   b8 01 00 00 00          mov    eax,0x1
 80487c8:   eb 08                   jmp    80487d2 <main+0x66>
 80487ca:   89 04 24                mov    DWORD PTR [esp],eax
 80487cd:   e8 9e fe ff ff          call   8048670 <_Unwind_Resume@plt>
 80487d2:   c9                      leave  
 80487d3:   c3                      ret

All this crackme does is taking the input as an integer and stores it in eax, compares the entered value to 1234 and sends you to either the "YOURE IN!!"-message or the end.