Encrypto Posted December 28, 2007 Posted December 28, 2007 (edited) hello again Here is my new KeyGenme.7.0 Hope you like this. people who think this is easy ... stay away .. id love to get feedback .. incidentally 7 is my lucky number http://www.mediafire.com/?8mnbb0d0uzs ECrypt7.2008._FOFF.zip Edited December 28, 2007 by Encrypto
Ahmed18 Posted December 28, 2007 Posted December 28, 2007 seems to be a good challenge.thank u Encrypto
Encrypto Posted December 30, 2007 Author Posted December 30, 2007 seems to be a good challenge.thank u Encrypto Thanks my friend
ChupaChu Posted January 8, 2008 Posted January 8, 2008 hehe did you try clicking on link on bottom of initial post?Attached File(s) ECrypt7.2008._FOFF.zip ( 376.27K ) Number of downloads: 35:(it works for me..)BR, ChupaChu!
Melatonin Posted January 17, 2008 Posted January 17, 2008 (edited) Well, I found the name manipulation and the RSA part straight forward and easy. I coded a keygen to do all but the MD5 part in c++, however, I don't know if I can be bothered to do the modified MD5 bit. Did you really have to change ALL the constants? name: melatonin sn: 89945942253298C96BD5B1AFE4ADD0C01C46586E2B77778D88E82B30F3F20CE2 For those that are interested, I whipped up an IDA flirt lib based off of latest FGint since I could only find some older sigs by bLaCk-eye from around ~2004. FGintPackage.rar Edited January 17, 2008 by Melatonin
Loki Posted January 17, 2008 Posted January 17, 2008 For those that are interested, I whipped up an IDA flirt lib based off of latest FGint since I could only find some older sigs by bLaCk-eye from around ~2004.Great stuff, thanks for the share Mel, much appreciated mate!
ChupaChu Posted January 17, 2008 Posted January 17, 2008 (edited) Well, I found the name manipulation and the RSA part straight forward and easy. I coded a keygen to do all but the MD5 part in c++, however, I don't know if I can be bothered to do the modified MD5 bit. Did you really have to change ALL the constants? Watch for FF, GG, II and HH functions, they are changed, now there are 2 dword arguments more, also new Init values are added so there are > 6 < of them so take care to add two more lines in Transform procedure (e.g. State[4] and State[5]) to make it work.. I'v coded it myself but i havent done an 100% correct md5 match, on long strings i get wrong hashes, i havent been able to figure it completely whats cousing it Have fun with it, its a pretty good keygen me because of this heavy modified md5, im sure Ziggy would have phun reversing it also BR, ChupaChu! Edited January 17, 2008 by ChupaChu
ChupaChu Posted January 17, 2008 Posted January 17, 2008 Just few more IDA sig files.. for Loki FGint.rar BR, ChupaChu!
Encrypto Posted January 17, 2008 Author Posted January 17, 2008 Hehe i thought it would be fun to test some stuff out @ melatonin Thanks for trying this. and your key is correct good work
Melatonin Posted January 18, 2008 Posted January 18, 2008 (edited) @ChupaChu: Yep I know, I already did a batch of analysis on MD5 function and started to code it. Granted since I've already done most of it, I think I'll try to sort MD5 when I'm not too busy. Also, those sigs you posted were the ones by bLaCk-eye and they don't pick up functions as well as the newer one I made. Well, atleast for this keygenme. You only really need to save FGintPackage.sig which is the AIO sig. There were only three overlapping functions and atleast in mine I correctly did it so one of em would be picked up (ithey were identical so didn't matter) instead of ignoring both. It might be useful to have those on hands if you run into an older target.@Encrypto: Thanks for making the keygenme. :smile: Edited January 18, 2008 by Melatonin
Ox87k Posted January 18, 2008 Posted January 18, 2008 Melatonin, i tried to code the whole md5 routine, from delphi to C butit seems to be not working good. If you want, i can send you my md5.c/md5.h files.Regards!
Ox87k Posted January 19, 2008 Posted January 19, 2008 Zool@nder, good one but i think you ripped the whole md5 routine
Zool@nder Posted January 19, 2008 Posted January 19, 2008 (edited) Zool@nder, good one but i think you ripped the whole md5 routine I don't think ripping was forbiden, Any way, ripping is always a good thing, especially when an algorithm suth MD5 (if we can call it an MD5) was wrecked/destroyed Try to collect the modf values and U will see that it takes much more time than ripping the hole stuff and because of my laziness, I've chosen the easiest way (After all, Why should I choose the difficult one, This is not brainy at all) Although, It was a nice crackme, THANK YOU ENCRYPTO Edited January 19, 2008 by Zool@nder
ChupaChu Posted January 19, 2008 Posted January 19, 2008 You ripped it badly.. try name: ChupaaaaaaChuuuuuyour keygen spits out: 91CEB44C891469604663151ACE4220F13C51FA7B62AFC77CBC9AD06A9C554DB1and correct shud be : 505D16E4D3EDB8D9B569377EA5AE9B6D4031C5A804C9C55AD377846A631A091ABR, ChupaChu!
Zool@nder Posted January 19, 2008 Posted January 19, 2008 (edited) You ripped it badly.. try name: ChupaaaaaaChuuuuuyour keygen spits out: 91CEB44C891469604663151ACE4220F13C51FA7B62AFC77CBC9AD06A9C554DB1 and correct shud be : 505D16E4D3EDB8D9B569377EA5AE9B6D4031C5A804C9C55AD377846A631A091A BR, ChupaChu! Don't expect form a 1h10 keygen to work as it shoud And don't talk about ripping (The algo wasn't a new one neither the scheme) There was no rule (nor in this challenge nor elsewhere that says : ripping when keygening is forbiden) and correct shud be : 505D16E4D3EDB8D9B569377EA5AE9B6D4031C5A804C9C55AD377846A631A091A bizzare, that's what it gave me AND IF YOU WANT, I CAN DELETE THE KEYGEN, NOT BECAUSE IT WAS "partialy ripped" BUT TO TO SATISFY YOU Edited January 19, 2008 by Zool@nder
ChupaChu Posted January 19, 2008 Posted January 19, 2008 (edited) No man you got me totaly wrong, i dont have anything against you or the way you wrote it. I like your work and your keygen is cool. Keep up the good work I just wonted to point out the problem with this keygenMe, as 4 persons (me included) have keygenend it and none of them was able to keygen it 100% working versions (to my knowledge). I think i have found where problem was. TRy doing this in exact order: 1. load your keygen fresh 2. enter generate for default name you get: 16B90FA0C0EAED72C1DF72A9DE03B2D0B1380D2C1D3134F1D02670A8203DC713 3. enter "ouumfxshnfdsicwreonfcwoqzcw9twcfqown3fo8qw3" for name and generate will give you: 44C8DF0C2CC254BBD172631D74F2C5E9D5812B585009C8A6044223E39703C966 4. enter "2g9c2j3962j3c26t4rj94384wt0E7EJO7Z5O87W4EZ" for name nad generate will give you: D36B411C0AA6DAAD8CBA1FBB56E82040A371472D06828569579EF57CE84A5F3C Now *restart* your keygenerator and try: 5) enter "2g9c2j3962j3c26t4rj94384wt0E7EJO7Z5O87W4EZ" for name nad generate will give you: 5450BFB2E282401A1F84F584776E1A0DB5A207EA58B008CED97552121E57701B and not the value it gave you earlier D36B411C0AA6DAAD8CBA1FBB56E82040A371472D06828569579EF57CE84A5F3C I think this md5 is so heawy moded that it does not clean up correctly, acording to Encrypto his personal keygen gives out correct numbers, so it must be still a small thing that we have overseen. I just cant find what it is BR, ChupaChu! Edited January 19, 2008 by ChupaChu
Zool@nder Posted January 20, 2008 Posted January 20, 2008 (edited) Soory for the misundestanding In fact, The problem was not the ModMD5 It was just an overflow between the 4 buffers that will recieve the first 4 name transformations (the 4 transf before entering in the ModMD5 algo) that will be concatenated as delphi take cares of the size of the buffers so no problem with the KGme, But I've coded the KG in ASM, so I had to dynamically allocate buffers following the calculated ones, thing that I haven't do. So when a first produced string is too large, there is a buffer overflow, and when the next string is generated, it overwrite a part of the precedent now, I have just increased the size of the buffer so the the largest entered name can't cause this behaviour (theoritically ) dEcrypt7_Fixed__I_hope____.zip Edited January 20, 2008 by Zool@nder
Ox87k Posted January 20, 2008 Posted January 20, 2008 Hey Zool@ander, i don't have anything against you or the way you wrote it as Chupa already said! With "ripping" i didn't want to accuse you, sorry if you understand this! Rip is allowed so no problem
ChupaChu Posted January 20, 2008 Posted January 20, 2008 Hey Zool@nder, You still have the problem of buffer overwriting the md5 hash at 4049C0t, and when it gets overwriten RSA part canot be correct.Second and more important thing is i checked md5 validity also; and it seems you have not ripped it good enough. Check it out wit this simple example:Name: "11111111111111aaaaaaaaaaaaaaaaa22222222222defrgt333333335555555555777777777777777777" without "" marksMD5 part (easy way to check is at 00480DAB inside crackme) shud be: 843149029FC78D63D789BBC00FEB0E25.. but in your case it wil be like this: 9095D4511C87209FFC30D280BDE99246so RSA part cannot be correct, this is what i wanted to point out, nobody seems to be able to reproduce the whole md5 moded part corectly, at least not for longer names.BTW what tools did you use to ripp so big chunks of code, can you share it maybe?BR, ChupaChu!
Zool@nder Posted January 20, 2008 Posted January 20, 2008 Hey Zool@ander, i don't have anything against you or the way you wrote it as Chupa already said!With "ripping" i didn't want to accuse you, sorry if you understand this! Rip is allowed so no problem No prob when I've read the replays, I was very nervous , so maybe I took them with +/- sensitivity Sorry again
ChupaChu Posted January 20, 2008 Posted January 20, 2008 (edited) Fiersome fire in background, the angry look, the pointing finger.. LOL its havin subcontious psyho effects on people i guess But let us return to the topic BR, ChupaChu! Edited January 20, 2008 by ChupaChu
Zool@nder Posted January 20, 2008 Posted January 20, 2008 (edited) Second and more important thing is i checked md5 validity also; and it seems you have not ripped it good enough. Check it out wit this simple example:Name: "11111111111111aaaaaaaaaaaaaaaaa22222222222defrgt333333335555555555777777777777777777" without "" marksI still don't agree with you, recheck the stuff and you will notice that it's still the buffer overflowing problmTo ovoid this, we have to allocate dinamically a buffer that is exactly == NameLen * 5and in your expml above, The generated string that will be hashed is 420 byte while my buffer is just 400 bytes, that's why.OK, now to solve the problem, I'll add a file hasher with the same algo. Then I'll allocate the needd space and you'll see that it will be OKBTW what tools did you use to ripp so big chunks of code, can you share it maybe?BR, ChupaChu!It's still an alpha stage ollyPlgin, and it needs some more optimisation and some fixup. I hope to complete it soonerAnd Of course it will be published.BTW, It's also possible to rip the code with IDA and even code ripper because of the relative contiguity of the different parts of the algo Edited January 20, 2008 by Zool@nder
Encrypto Posted January 24, 2008 Author Posted January 24, 2008 Good work people you are actually right. code ripping was allowed. i can post my personal keygen that works.. i just need to find it in my collection of harddrives lol... just a note : i just developed a selfmade crypto... its not the best but it is original lol ... hopefully i can finish up soon and code Keygenme 8 Thanks to all for trying this Keygenme and keep up the good work people.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now