Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Sunday, March 29 2020 @ 08:15 PM CEST

Tutorial for KiTo's KeyGenMe 2

   

TutorialsLevel : newbie

Tutorial for KiTo's KeyGenMe 2

Reversing a simple algorithm, and keygenning it (keygen source included)

I just loaded the crackme in olly and this is the interesting part:

0040104F  MOV ESI,DWORD PTR DS:[;  USER32.GetDlgItemTextA
00401055  PUSH 1E                                  ; /Count = 1E (30.)
00401057  LEA EAX,DWORD PTR SS:[ESP+10]            ; |
0040105B  PUSH EAX                                 ; |Buffer
0040105C  PUSH 3ED                                 ; |ControlID = 3ED (1005.)
00401061  PUSH EBX                                 ; |hWnd
00401062  XOR EDI,EDI                              ; |
00401064  CALL ESI                                 ; GetDlgItemTextA
00401066  PUSH 1E                                  ; /Count = 1E (30.)
00401068  LEA ECX,DWORD PTR SS:[ESP+30]            ; |
0040106C  PUSH ECX                                 ; |Buffer
0040106D  PUSH 3F0                                 ; |ControlID = 3F0 (1008.)
00401072  PUSH EBX                                 ; |hWnd
00401073  CALL ESI                                 ; GetDlgItemTextA
00401075  LEA EAX,DWORD PTR SS:[ESP+C]
00401079  LEA EDX,DWORD PTR DS:[EAX+1]
0040107C  POP ESI
0040107D  LEA ECX,DWORD PTR DS:[ECX]
00401080  MOV CL,BYTE PTR DS:[EAX]
00401082  INC EAX
00401083  TEST CL,CL
00401085  JNZ SHORT KGNME2-K.00401080
00401087  SUB EAX,EDX
00401089  CMP EAX,3
0040108C  JG SHORT KGNME2-K.004010AE
0040108E  PUSH 40                                  ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00401090  PUSH KGNME2-K.00407208                   ; |Title = "Doh!"
00401095  PUSH KGNME2-K.004071EC                   ; |Text = "Gimme atleast 4 letters.."
0040109A  PUSH EBX                                 ; |hOwner
0040109B  CALL DWORD PTR DS:[>; MessageBoxA
004010A1  POP EDI
004010A2  MOV EAX,1
004010A7  POP EBX
004010A8  ADD ESP,60
004010AB  RETN 10
004010AE  XOR ECX,ECX
004010B0  TEST EAX,EAX
004010B2  JL SHORT KGNME2-K.004010C0
004010B4  MOVSX EDX,BYTE PTR SS:[ESP+ECX+8]
004010B9  ADD EDI,EDX
004010BB  INC ECX
004010BC  CMP ECX,EAX
004010BE  JLE SHORT KGNME2-K.004010B4
004010C0  IMUL EDI,EDI,539                         ;  539h == 1337d Im so 31337 for cracking this crackme =)
004010C6  PUSH EDI
004010C7  LEA EAX,DWORD PTR SS:[ESP+4C]
004010CB  PUSH KGNME2-K.004071E8                   ;  ASCII "%d"
004010D0  PUSH EAX
004010D1  CALL KGNME2-K.004011AE
004010D6  ADD ESP,0C
004010D9  LEA ECX,DWORD PTR SS:[ESP+28]
004010DD  PUSH ECX                                 ; /String2
004010DE  LEA EDX,DWORD PTR SS:[ESP+4C]            ; |
004010E2  PUSH EDX                                 ; |String1
004010E3  CALL DWORD PTR DS:[] ; lstrcmpA
004010E9  TEST EAX,EAX
004010EB  JNZ SHORT KGNME2-K.0040110D
004010ED  PUSH 40                                  ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004010EF  PUSH KGNME2-K.004071E0                   ; |Title = "Wee!"
004010F4  PUSH KGNME2-K.00407198                   ; |Text = "Good Boy....."
004010F9  PUSH EBX                                 ; |hOwner
004010FA  CALL DWORD PTR DS:[>; MessageBoxA
00401100  POP EDI
00401101  MOV EAX,1
00401106  POP EBX
00401107  ADD ESP,60
0040110A  RETN 10
0040110D  PUSH 10                                  ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0040110F  PUSH KGNME2-K.00407208                   ; |Title = "Doh!"
00401114  PUSH KGNME2-K.00407188                   ; |Text = "Bad Boy!"
00401119  PUSH EBX                                 ; |hOwner
0040111A  CALL DWORD PTR DS:[>; MessageBoxA
So the only thing this does is to check if the username > 3 chars, sums all the charcodes and multiplies them with 31337.
The result is our serial...

/riX 2005-03-23

I put the tutorial,keygen,crackme and keygen source here:
attachment




What's Related

Story Options

Tutorial for KiTo's KeyGenMe 2 | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.77 seconds