"Enter your serial: " "Invalid serial! Try again." "Correct! Welcome, Adeko." Opening the binary in Ghidra and navigating to entry_140001010 (the default WinMainCRTStartup ) quickly leads to the call:
(A classic “crack‑me” style reverse‑engineering challenge) 1. Overview | Item | Description | |------|-------------| | Challenge name | Adeko 9 Crack 56 | | Category | Reverse Engineering / Binary Cracking | | Platform | Windows 10 (x86‑64) – compiled with Visual Studio 2019 | | File size | ≈ 82 KB (PE32+ executable) | | Protection | No packer, but includes basic anti‑debug tricks and a custom serial‑check routine | | Goal | Produce a valid serial key that makes the program display “Correct!” (or the equivalent success message). | 2. Setup # Create a clean analysis environment mkdir adeko9-crack56 && cd adeko9-crack56 cp /path/to/Adeko9Crack56.exe . Tools used
int __cdecl mainCRTStartup(void) ... return main(__argc, __argv); Adeko 9 Crack 56
If we denote the post‑transform byte as b_i = t(i) , the CRC algorithm is applied to the sequence b_0 … b_8 .
The program uses the insecure gets_s but limits to 63 characters – no overflow. The real work is in check_serial . 3.3. The serial‑checking routine In Ghidra the function is named check_serial (address 0x140001560 ). Its decompiled pseudo‑code (after some renaming) looks like this: "Enter your serial: " "Invalid serial
int main(int argc, char **argv) char input[64]; puts("Enter your serial: "); gets_s(input, sizeof(input)); if (check_serial(input) == 0) puts("Invalid serial! Try again."); return 1; puts("Correct! Welcome, Adeko."); return 0;
| Tool | Purpose | |------|---------| | | Verify that the binary is not packed. | | x64dbg (or OllyDbg ) | Dynamic debugging, breakpoints, watch registers. | | Ghidra 10.2 | Static disassembly & de‑compilation. | | Strings | Quick view of embedded literals. | | Python 3.10 | Write a small key‑generator script (optional). | | procmon / Process Explorer | Observe any hidden anti‑debug syscalls. | Tip: Run the binary once under a debugger to confirm the presence of anti‑debug checks (e.g., IsDebuggerPresent , CheckRemoteDebuggerPresent ). If they crash the program, we’ll patch them out later. 3. Static Analysis 3.1. Basic PE info File Type: PE32+ (64‑bit) Entry point: 0x140001010 Sections: .text 0x2000 (code) .rdata 0x1000 (read‑only data) .data 0x0800 (mutable data) .rsrc 0x0400 (resources – contains UI strings) The .rdata section contains the two strings we’ll see in the UI: Overview | Item | Description | |------|-------------| |
# 4. Verify with the original CRC routine (optional) def crc32
def crc32_step_rev(crc, b): """Reverse one CRC‑32 step (process byte b at the *end* of the stream).""" # The forward step is: crc = (crc >> 8) ^ TABLE[(crc ^ b) & 0xFF] # Reversing: idx = (crc ^ b) & 0xFF prev_crc = (crc ^ TABLE[idx]) << 8 prev_crc |= idx return prev_crc & 0xFFFFFFFF
transformed = reverse_crc_bytes(TARGET, 9) print("[+] Transformed bytes (b_i):", transformed)