1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[PLAY] Crack My Delphi Protection

Discussion in 'General Programming Chat' started by kokoloko75, Apr 22, 2012.

  1. kokoloko75

    kokoloko75 Elite Member

    Joined:
    Jan 1, 2011
    Messages:
    1,628
    Likes Received:
    1,935
    Occupation:
    Design director
    Location:
    Paris (France)
    Hi everybody,

    I built a CrackMe with the protection I use in my commercial softwares.
    The goal of this thread is educational, so we can discuss about protection systems and development.

    If some of you want to try to crack it, feel free, but the work will be hard :D
    To succeed you have to access to the second window with some controls (button, radio button, ...).

    Validation uses server checking.
    This system can easily generate a crypted licence file (possibly locked on one PC via hard-disk ID).

    Download :
    Code:
    http://www.mediafire.com/?ab1kyw7b2mcml0b
    VirusTotal :
    Code:
    The EXE is packed with PECompact, so some anti-virus (AhnLab, ClamAV, eSafe) can flag it as suspicious but I guarantee that the file is clean (not packed version included).
    https://www.virustotal.com/file/60edc3529cccb9f56251694d21cb207450293438ea535dd29af1e1f5cd5fc273/analysis/
    :)

    Beny

    PS : Is CrackMe games allowed on BHW ? Not found rules against...
     
  2. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
    yes1.png

    yes2.png
     
    • Thanks Thanks x 12
  3. kokoloko75

    kokoloko75 Elite Member

    Joined:
    Jan 1, 2011
    Messages:
    1,628
    Likes Received:
    1,935
    Occupation:
    Design director
    Location:
    Paris (France)
    Lol !Wtf ?! :D
    Congratulations (Thanks + Rep given).

    How did you do that ?

    Beny
     
  4. Piotr__11

    Piotr__11 Junior Member

    Joined:
    Mar 13, 2012
    Messages:
    122
    Likes Received:
    69
    It's amazing ;]
    You spent much time on protecting it and he cracked it within a few hours :D[FONT=arial, sans-serif][/FONT]
     
  5. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
    hehe,
    i write you a pm
     
  6. arsaltheman

    arsaltheman Power Member

    Joined:
    Aug 2, 2011
    Messages:
    536
    Likes Received:
    263
  7. Nookie Monster

    Nookie Monster Senior Member

    Joined:
    Mar 28, 2010
    Messages:
    968
    Likes Received:
    463
    Location:
    USA
    Buy that man a beer!
     
    • Thanks Thanks x 1
  8. kokoloko75

    kokoloko75 Elite Member

    Joined:
    Jan 1, 2011
    Messages:
    1,628
    Likes Received:
    1,935
    Occupation:
    Design director
    Location:
    Paris (France)
    Lol, yes he deserves !
    I was ridiculed... :D

    Beny
     
  9. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    That should be a good lesson for all those who think their homebrew solution is better than solutions made by specialists in the field with huge experience in software protection (and whose protections still get cracked despite that).

    +rep @sockpuppet for taking the time and effort to do it.
     
    • Thanks Thanks x 1
    Last edited: Apr 22, 2012
  10. bk071

    bk071 Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 24, 2010
    Messages:
    3,104
    Likes Received:
    7,914
    Occupation:
    I don't have a job
    Location:
    .............
    I have a very little idea of what you guys are talking about but from what I understood, that dude "sockpuppet" did it LIKE A BAWS!!

    Well done, dude.
     
  11. kokoloko75

    kokoloko75 Elite Member

    Joined:
    Jan 1, 2011
    Messages:
    1,628
    Likes Received:
    1,935
    Occupation:
    Design director
    Location:
    Paris (France)
    Screenshot by Sockpuppet :

    [​IMG]

    Beny
     

    Attached Files:

    • Thanks Thanks x 1
  12. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,059
    crackme.png
     
    • Thanks Thanks x 3
  13. kokoloko75

    kokoloko75 Elite Member

    Joined:
    Jan 1, 2011
    Messages:
    1,628
    Likes Received:
    1,935
    Occupation:
    Design director
    Location:
    Paris (France)
    Congratulations Chris !
    Like Sockpuppet you used IDA.

    I have to hide the condition and strings...

    Beny
     
  14. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,059
    I use OllyDbg.
     
  15. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    You didn't even bother encrypting the strings in your protection scheme? :eek: First thing you look to locate where the validation check exists, is to find the registration strings and see what part of the code uses them.

    That 's a screenshot from IDA Pro. The jnz in the red line is the assembly command that means "Jump short if not zero". All he had to do is use the debugger to flip the Zero Flag (ZF) from 1 to 0


    Edit: Just saw the new posts, congrats to Chris22 as well:)
     
    • Thanks Thanks x 1
    Last edited: Apr 22, 2012
  16. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,059
    Another thing you should take note of is that you are using a HTTP GET to send the key to your server, I'd encrypt this and the response if I were you. You also have authentication details hard coded in there, you should encrypt these too.
     
  17. Gmk1212

    Gmk1212 Newbie

    Joined:
    Apr 1, 2012
    Messages:
    32
    Likes Received:
    19
    Location:
    Southern California ก็็็็็็็็็็
    Home Page:
    What add-ons are you running in Olly? It has been a few years since I ran it (donned my white hat).
     
  18. Gmk1212

    Gmk1212 Newbie

    Joined:
    Apr 1, 2012
    Messages:
    32
    Likes Received:
    19
    Location:
    Southern California ก็็็็็็็็็็
    Home Page:
    Who uses Delphi anymore anyway??

    Just kidding. I have used it since 1996. I still use it and have several programs still on the market!
     
  19. dewaz

    dewaz Regular Member

    Joined:
    Nov 27, 2011
    Messages:
    399
    Likes Received:
    47
    Home Page:
    now we know who need to contact when we need to protect our software.
     
  20. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,059
    Just Stealth64
     
    • Thanks Thanks x 1