This is the part where the crackme gets the text from the edit box(particulary our name)...so this would be a good
place to put a breakpoint(press F2).Now run the crackme F9 and enter the following data:Name:Tanatos Serial:1234567890
and press Check.It breaks...well start...
Now i will try to explain what does each section of code do:
00401075 . 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C] <--This has our name in it
00401079 . 8D50 01 LEA EDX,DWORD PTR DS:[EAX+1] <--Our name without the first letter
0040107C . 5E POP ESI
0040107D . 8D49 00 LEA ECX,DWORD PTR DS:[ECX]
00401080 > 8A08 MOV CL,BYTE PTR DS:[EAX] <-
00401082 . 40 INC EAX | This section is the section where
00401083 . 84C9 TEST CL,CL | the crackme counts the number of chars
00401085 .^75 F9 JNZ SHORT KGNME2-K.00401080 <- that our name has.
00401087 . 2BC2 SUB EAX,EDX
00401089 . 83F8 03 CMP EAX,3 <--Compares the number of chars he found with 3
0040108C . 7F 20 JG SHORT KGNME2-K.004010AE <--If our name is > than 3 chars we go on else we get a error
We are gonna jump the explaining of the case when you entered less than 3 chars.The next section is the serial calculation
section..so pay atention!(EDI,EDX=0 at starters):
004010B4 > 0FBE540C 08 MOVSX EDX,BYTE PTR SS:[ESP+ECX+8] <--Gets the char in the current position
004010B9 . 03FA ADD EDI,EDX <--Adds his hex value to EDX
004010BB . 41 INC ECX <--Rises the couter with one
004010BC . 3BC8 CMP ECX,EAX <--Compares ECX with the leght of the name(in our case 7)
004010BE .^7E F4 JLE SHORT KGNME2-K.004010B4 <--Goes back to 4010B4 if its lower or equal to 7
004010C0 > 69FF 39050000 IMUL EDI,EDI,539 <--The EDI we obtained from the algo above will be multipyed
with 539(thats the hex value)
That is the way the serial is calculated...if you just wanted to fish it...the right place is just coming up:
If you want to keygen it take a look here this is the algo you need to put for a Visual C++ coder so you can keygen it:
long int serial=0;
if(n>3 && n<=32)
printf("Please enter a name with more than 3 chars and less than 32");
Now a bit more explenations you may wonder what does 1337 mean? well think well above i said that the EDI obtained from
the loop in our case the variable serial...will be multiplyed with 539 well 1337 is actually the value of 539 in decimal.
Done explaining for this one hope you understood something of this tutorial and that you liked it...