[keygenme] Drpepur #4

[DrPepUr]

Rules

1. No Patching

2. No Self-Keygens (Refer to rule #1)

3. Write A Tutorial If You Feel Like It

Good Luck

Dustyh1981

DrPepUr__4_KeyGenMe.zip

[HVC]

It's buggy (but it has some good points, nevertheless).

mov	 CheckForTools, offset fCheckForTools
call	CheckForTools
movsx   eax, al
push	eax
jmp	 short loc_403D0Fdb 'crap'loc_403D0F:
push	offset OutputString; "Thank You For Taking The Time To CrackM"...
call	OutputDebugStringA
pop	 ebx
add	 al, bl
movsx   eax, al
mov	 byte ptr ds:loc_401D39+2, al
add	 al, 25h
mov	 byte ptr ds:loc_401DE0+2, al
xor	 al, 34h
sub	 byte_40320F, al

After the call to OutputDebugString, a (non-consistent) value is returned to eax (propably because the OutputDebugString function is hooked by goddamn Zonealarm, the value is a pointer to the stack area).

Then, the last byte of that value, is added to bl, and then the three values that take part in the serial number calculation, get modified (come on, you know what i mean... ).

As a side-note, this is the first time i saw someone categorizing an IDE as a "cracker's tool".

Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools).

Well, guess what, once i restart my PC, the keygen is invalidated.

DrPepUr.KeyGenMe.No.4.Keymaker.zip

Edited March 16, 2008 by HVC

[Ufo-Pu55y]

Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools).

Well, guess what, once i restart my PC, the keygen is invalidated.

Works fine here - nice work.

Here's my lill code contribution:

CRC32_to_ASCII_BruteForcer.rar

It's NOT a solution.. just some code for getting the first part.

Could be easily modified for other hashes..

[HVC]

Nice and optimized.

I just hacked up something in the keygen source, initializing a DWORD to 20202020h, and then i put a conditional int 3 after CRC to get the original value...

Anyway, antidebugging is used in the TLS function that modifies the generation algorithm.

Even if someone puts all the antidebugging techniques in the keygen (in order to ensure the same algorithm for the key generation), there is no way to ensure that the keygen + keygenme were run under the same environmental conditions (i.e. a black-listed tool was not run in-between).

In order to ensure the same environmental conditions, IMHO, the target needs to be initialized from the keygen, which will hook some APIs (IAT method) to always return the same result. (FindWindowA, OutputDebugStringA).

Anyway, as far as CRC goes, in some cases that the buffer whose CRC needs to be matched is bigger than four bytes, this method can be used, instead of bruteforcing.

(Note: this is not the anarchriz article, although that one is listed as a reference).

Usable C Code is included in the appendix.

Reversing CRC – Theory and Practice

[DrPepUr]

@UFO:

Nice brueforcer, it is a-lot faster than the way I was doing it.

@HVC:

I don't know what the problem is but I still can't get your keygen to work, I have tried it on vista & xp but nada......

You never replyed back did the keygen I sent you work on your machine?

Dustyh1981

[Loki]

HVC's worled fine here.....

[DrPepUr]

It worked for me one time........I dunno this is a screwed up keygenme anyways, I thought I had done my homework on the OutputDebugStringA, everything I read said under normal conditions EAX should be 1, I tested it before I even got started coded a little program to feed me the value of eax after calling OutputDebugStringA, and every time it came back 1. I never tried it on my Vista laptop until after I spoke with HVC, on the laptop it always came back 0.....so I thought this was constant..

I never anticipated any other processes interfering with this, I run as little on my system as I can get by with, no AV,Firewall,themes.ect.....

Any have a nice day,

Dustyh1981

[HVC]

@Dustin: Yes, your keygen works on my machine, although it's restricted to what i have posted above.

PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listed classes.

Edited March 20, 2008 by HVC

[DrPepUr]

PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listed

Nope nuttin runnin.....like I said above its a screwedup keygenme anyways lol

I dunno WTF I was thinkin.

p.s. My desktop window contains the blacklisted class.

Edited March 20, 2008 by dustyh1981

[HVC]

It's not a screwed-up keygenme, it's good for beginners, and you have at least demonstrated good usage of hashing/CRC'ing in a key verification algo.

But it's also a good example as to why one should avoid antidebugging tricks, such as the one included here, in key generation / verification algos.

Imagine if that algo was used in a commercial product...

How much pain would that bring to the support group?

[anhduccec]

KeygenMe!

Loki Edit : file removed. Crack request.

Edited June 6, 2008 by Loki

[DrPepUr]

KeygenMe!

If by some chance I caught a whiff of a crack pipe and this is a keygen, then excuse me. However it looks like a crackme so let me help you out a little.

1. Start your own thread.

2. A descriptin would be nice.

3. Make sure it runs......... Very Important I can not stress this enough.

4. Might want to check this out Rules

5. Put down your peace pipe

DrPepUr

Edited June 6, 2008 by DrPepUr

[Loki]

I don't like it. He's posting in random threads and the file goes to a homepage when you click order. As LCF-AT said in the other thread, I think this is a request.

[andrewl]

keygen+source+tutorial

DrPepUr_DrPepUr_4.zip

[xsp!d3r]

didn't submited in crackmes.de http://crackmes.de/users/drpepur/drpepur_4/ ?!?!

Edited September 11, 2008 by Xspider

[IMPosTOR]

@andrewl

nice one

[SMK]

thanks, nice crackme

i'm learning cracking, and it helped me progress a bit (at least now i can recognize some crypto )