Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, March 31 2020 @ 05:28 PM CEST

Keygening tsh33p's Keygenme 1

   

TutorialsLevel : newbie

Learn how to keygen using this easy crackme by tsh33p.
Keygen source included.

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*.....
*Author:Tanatos
|Date:28.12.2004
*Target:KeygenMe by terr0r sh33p(tsh33p)
|Dificulty:Easy
*Tools:Olly Debug,C++ Compiler
|Solution:Fishing/Keygen
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*.....

Introduction:this is another easy keygenme...learn how to keygen it...

The Essay:
Run the keygenme enter any name you like and any serial...the name should be bigger than 3 chars...then press ok...remember the error you get...you don't get one...so we will do the oposite search for the message we should get if the combination would be a good one.
Load the keygenme in olly go to search for->all referenced text strings and look for:"Yeah! You done it." that would be good...double click it...scroll a bit up:

004010DC |. E8 DE000000 CALL <JMP.&USER32.SendMessageA> ; SendMessageA
004010E1 |. 83F8 03 CMP EAX,3
004010E4 |. 0F8C 93000000 JL keygenme.0040117D
004010EA |. 8BD0 MOV EDX,EAX
004010EC |. 33C9 XOR ECX,ECX

ok set a breakpoint on 4010DC and then press F9.Enter the name Tanatos and serial 1234567890 then press ok.It breaks...good to know...after the line we breaked on comes the serial calculation part...so i'll just explain line by line from here:

004010E1 |. 83F8 03 CMP EAX,3 <--Compares the name leght to 3
004010E4 |. 0F8C 93000000 JL keygenme.0040117D <--If its smaller jumps else continues
004010EA |. 8BD0 MOV EDX,EAX <--Moves the leght of the name to EDX
004010EC |. 33C9 XOR ECX,ECX <--Clears ECX(makes it 0)
004010EE |. 33DB XOR EBX,EBX <--Clears EBX
004010F0 |> 0FB681 5020400>/MOVZX EAX,BYTE PTR DS:[ECX+402050] <--takes the value of the curent letter (the hex value)
004010F7 |. 35 37130300 |XOR EAX,31337 <--EAX = EAX ^ 0x31337
004010FC |. 05 EFBEADDE |ADD EAX,DEADBEEF <--EAX+=0xDEADBEEF
00401101 |. 69C0 66060000 |IMUL EAX,EAX,666 <--EAX = EAX *0x666
00401107 |. 2D B3BAAD1B |SUB EAX,1BADBAB3 <--EAX-=0x1BADBAB3
0040110C |. C1E0 03 |SHL EAX,3 <--EAX = EAX << 3
0040110F |. 35 0DD04DD3 |XOR EAX,D34DD00D <--EAX = EAX ^ 0xD34DD00D
00401114 |. 03D8 |ADD EBX,EAX <--This is a variable that will store our serial
00401116 |. 41 |INC ECX <--Rize the counter variable
00401117 |. 3BD1 |CMP EDX,ECX <--Compares the counter to our name leght
00401119 |.^75 D5 JNZ SHORT keygenme.004010F0 <--If its not equal it does the loop again.

That would explain the code now for the keygen code...i coded it in c++ :

#include <stdio.h>
#include <conio.h>
#include <string.h>
char name[32];
int n,i;
long int serial=0,st=0;
void main(void)
{
printf("Name:");scanf("%s",&name);
n=strlen(name);
if(n>2 && n<=32)
{
for(i=0;i<n;i++)
{
st=name[i];
st=st ^ 0x31337;
st+=0xDEADBEEF;
st=st*0x666;
st-=0x1BADBAB3;
st=st << 3;
st=st ^ 0xD34DD00D;
serial=serial+st;
st=0;
}
printf("Serial:%lXn",serial);
}
else
{
printf("Please enter a name with more than 2 chars and less than 32");
}
}

Done explaining hope you understood something out of this...bye

GREETZ:
bLaCk-eye,Detten,Wizzard,Irokos,BuLLet,whole BiW


http://www.reversing.be/binaries/articles/20050306185208836.zip




What's Related

Story Options

Keygening tsh33p's Keygenme 1 | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.74 seconds