Posted March 15, 200817 yr Rules 1. No Patching 2. No Self-Keygens (Refer to rule #1) 3. Write A Tutorial If You Feel Like It Good Luck Dustyh1981 DrPepUr__4_KeyGenMe.zip
March 16, 200817 yr It's buggy (but it has some good points, nevertheless). mov CheckForTools, offset fCheckForToolscall CheckForToolsmovsx eax, alpush eaxjmp short loc_403D0Fdb 'crap'loc_403D0F:push offset OutputString; "Thank You For Taking The Time To CrackM"...call OutputDebugStringApop ebxadd al, blmovsx eax, almov byte ptr ds:loc_401D39+2, aladd al, 25hmov byte ptr ds:loc_401DE0+2, alxor al, 34hsub byte_40320F, al After the call to OutputDebugString, a (non-consistent) value is returned to eax (propably because the OutputDebugString function is hooked by goddamn Zonealarm, the value is a pointer to the stack area). Then, the last byte of that value, is added to bl, and then the three values that take part in the serial number calculation, get modified (come on, you know what i mean... ). As a side-note, this is the first time i saw someone categorizing an IDE as a "cracker's tool". Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools). Well, guess what, once i restart my PC, the keygen is invalidated. DrPepUr.KeyGenMe.No.4.Keymaker.zip Edited March 16, 200817 yr by HVC
March 19, 200817 yr Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools).Well, guess what, once i restart my PC, the keygen is invalidated. Works fine here - nice work.Here's my lill code contribution: CRC32_to_ASCII_BruteForcer.rar It's NOT a solution.. just some code for getting the first part. Could be easily modified for other hashes..
March 19, 200817 yr Nice and optimized. I just hacked up something in the keygen source, initializing a DWORD to 20202020h, and then i put a conditional int 3 after CRC to get the original value...Anyway, antidebugging is used in the TLS function that modifies the generation algorithm. Even if someone puts all the antidebugging techniques in the keygen (in order to ensure the same algorithm for the key generation), there is no way to ensure that the keygen + keygenme were run under the same environmental conditions (i.e. a black-listed tool was not run in-between). In order to ensure the same environmental conditions, IMHO, the target needs to be initialized from the keygen, which will hook some APIs (IAT method) to always return the same result. (FindWindowA, OutputDebugStringA). Anyway, as far as CRC goes, in some cases that the buffer whose CRC needs to be matched is bigger than four bytes, this method can be used, instead of bruteforcing.(Note: this is not the anarchriz article, although that one is listed as a reference). Usable C Code is included in the appendix.Reversing CRC – Theory and Practice
March 19, 200817 yr Author @UFO:Nice brueforcer, it is a-lot faster than the way I was doing it.@HVC:I don't know what the problem is but I still can't get your keygen to work, I have tried it on vista & xp but nada......You never replyed back did the keygen I sent you work on your machine?Dustyh1981
March 20, 200817 yr Author It worked for me one time........I dunno this is a screwed up keygenme anyways, I thought I had done my homework on the OutputDebugStringA, everything I read said under normal conditions EAX should be 1, I tested it before I even got started coded a little program to feed me the value of eax after calling OutputDebugStringA, and every time it came back 1. I never tried it on my Vista laptop until after I spoke with HVC, on the laptop it always came back 0.....so I thought this was constant..I never anticipated any other processes interfering with this, I run as little on my system as I can get by with, no AV,Firewall,themes.ect.....Any have a nice day,Dustyh1981
March 20, 200817 yr @Dustin: Yes, your keygen works on my machine, although it's restricted to what i have posted above. PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listed classes. Edited March 20, 200817 yr by HVC
March 20, 200817 yr Author PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listedNope nuttin runnin.....like I said above its a screwedup keygenme anyways lol I dunno WTF I was thinkin.p.s. My desktop window contains the blacklisted class. Edited March 20, 200817 yr by dustyh1981
March 20, 200817 yr It's not a screwed-up keygenme, it's good for beginners, and you have at least demonstrated good usage of hashing/CRC'ing in a key verification algo. But it's also a good example as to why one should avoid antidebugging tricks, such as the one included here, in key generation / verification algos. Imagine if that algo was used in a commercial product... How much pain would that bring to the support group?
June 6, 200817 yr Author KeygenMe! If by some chance I caught a whiff of a crack pipe and this is a keygen, then excuse me. However it looks like a crackme so let me help you out a little. 1. Start your own thread. 2. A descriptin would be nice. 3. Make sure it runs......... Very Important I can not stress this enough. 4. Might want to check this out Rules 5. Put down your peace pipe DrPepUr Edited June 6, 200817 yr by DrPepUr
June 6, 200817 yr I don't like it. He's posting in random threads and the file goes to a homepage when you click order. As LCF-AT said in the other thread, I think this is a request.
September 11, 200817 yr didn't submited in crackmes.de http://crackmes.de/users/drpepur/drpepur_4/ ?!?! Edited September 11, 200817 yr by Xspider
September 15, 200817 yr thanks, nice crackme i'm learning cracking, and it helped me progress a bit (at least now i can recognize some crypto )
Create an account or sign in to comment