Code:
PUSH EBP ; In here we are asked to enter our name and then it will calculate some kind of serial based on the name given.
MOV EBP,ESP ; IDK
PUSH ECX ; Well, we all know this.
PUSH ECX ; Don't quite understand, why does it push ecx two times in a row?
AND DWORD PTR [EBP-4],0 ; Clear the address I guess?
PUSH ESI
MOV ESI,DWORD PTR [EBP+8]
PUSH EDI
PUSH ESI
CALL DWORD PTR [<&KERNEL32.lstrlenA>] ; kernel32.lstrlenA
MOV EDI,EAX ; Number of characters in our name.
XOR EDX,EDX
TEST EDI,EDI
JLE @crackme8_00401047
MOVSX ECX,BYTE PTR [EDX+ESI] ; Assign the currently working-on character to ecx.
ADD DWORD PTR [EBP-4],ECX ; Add ecx to the base pointer - 4
MOV DWORD PTR [EBP-8],ECX ; Do the same at bp-8
ROL DWORD PTR [EBP-4],1 ; Rotate the character bits by 1.
MOV EAX,ECX ; Assign the character to eax.
IMUL EAX,DWORD PTR [EBP-4] ; Multiplicate the character by the rotated bits.
MOV DWORD PTR [EBP-4],EAX ; Assign the result at bp-4
MOV EAX,DWORD PTR [EBP-8] ; Assign the character back to eax.
ADD DWORD PTR [EBP-4],EAX ; Modified byte + original byte.
XOR DWORD PTR [EBP-4],ECX ; XOR the result above with the old byte.
INC EDX ; i++
CMP EDX,EDI ; Are we done with each character?
JL @crackme8_0040101D
CMP DWORD PTR [EBP-4],0
JNZ @crackme8_00401063 ; Skip..
PUSH 0
PUSH Crackme8_0040230C ; ASCII "A problem has occurred"
PUSH Crackme8_004022CC ; ASCII "There is no valid key for this name, please use another one."
PUSH DWORD PTR [04023ACh]
CALL DWORD PTR [<&USER32.MessageBoxA>] ; apphelp.72C08650
XOR EAX,EAX
JMP @crackme8_0040107F
XOR DWORD PTR [EBP+0Ch],01337C0DEh ; EPB+C=Our given serial (when we run the app), so it's <ENTERED SERIAL> XOR 0x1337C0DE
SUB DWORD PTR [EBP+0Ch],0BADC0DE5h ; Substract.
MOV EAX,DWORD PTR [EBP-4] ; Assign our calculated value to EAX.
NOT DWORD PTR [EBP+0Ch] ; Reverse the XORed thing above.
XOR EAX,DWORD PTR [EBP+0Ch] ; CALCULATED VALUE XOR REVERSED XORed thing. Looking at the lines below this is probably to check whether EAX matches EBP+C
NEG EAX ; Since EAX is not 0, CF will be set to 1.
SBB EAX,EAX ; Since CF=1, this will result in -1.
INC EAX ; Increment EAX, which will be set to 0, therefore ZF=1 !!!!
POP EDI
POP ESI
LEAVE
RET
Now I don't quite understand, the serial is neither at EBP+C or calculated by the name's bytes. Strange but I fail to see a proper serial verification =/