Jump to content
Tuts 4 You

[keygenme] Drpepur #4


DrPepUr

Recommended Posts

It's buggy (but it has some good points, nevertheless).

mov	 CheckForTools, offset fCheckForTools
call CheckForTools
movsx eax, al
push eax
jmp short loc_403D0Fdb 'crap'loc_403D0F:
push offset OutputString; "Thank You For Taking The Time To CrackM"...
call OutputDebugStringA
pop ebx
add al, bl
movsx eax, al
mov byte ptr ds:loc_401D39+2, al
add al, 25h
mov byte ptr ds:loc_401DE0+2, al
xor al, 34h
sub byte_40320F, al

After the call to OutputDebugString, a (non-consistent) value is returned to eax (propably because the OutputDebugString function is hooked by goddamn Zonealarm, the value is a pointer to the stack area).

Then, the last byte of that value, is added to bl, and then the three values that take part in the serial number calculation, get modified (come on, you know what i mean... ;) ).

As a side-note, this is the first time i saw someone categorizing an IDE as a "cracker's tool". :blink:

Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools).

Well, guess what, once i restart my PC, the keygen is invalidated. :rolleyes:

DrPepUr.KeyGenMe.No.4.Keymaker.zip

Edited by HVC
Link to comment
Here's what i have so far - it works ok on my PC for the last 15 minutes (without running any of the black-listed tools).

Well, guess what, once i restart my PC, the keygen is invalidated. :rolleyes:

Works fine here - nice work.

Here's my lill code contribution:

CRC32_to_ASCII_BruteForcer.rar

It's NOT a solution.. just some code for getting the first part.

Could be easily modified for other hashes..

Link to comment

Nice and optimized.

I just hacked up something in the keygen source, initializing a DWORD to 20202020h, and then i put a conditional int 3 after CRC to get the original value...

Anyway, antidebugging is used in the TLS function that modifies the generation algorithm.

Even if someone puts all the antidebugging techniques in the keygen (in order to ensure the same algorithm for the key generation), there is no way to ensure that the keygen + keygenme were run under the same environmental conditions (i.e. a black-listed tool was not run in-between).

In order to ensure the same environmental conditions, IMHO, the target needs to be initialized from the keygen, which will hook some APIs (IAT method) to always return the same result. (FindWindowA, OutputDebugStringA).

Anyway, as far as CRC goes, in some cases that the buffer whose CRC needs to be matched is bigger than four bytes, this method can be used, instead of bruteforcing.

(Note: this is not the anarchriz article, although that one is listed as a reference).

Usable C Code is included in the appendix.

Reversing CRC – Theory and Practice

Link to comment

@UFO:

Nice brueforcer, it is a-lot faster than the way I was doing it.

@HVC:

I don't know what the problem is but I still can't get your keygen to work, I have tried it on vista & xp but nada......

You never replyed back did the keygen I sent you work on your machine?

Dustyh1981

Link to comment

It worked for me one time........I dunno this is a screwed up keygenme anyways, I thought I had done my homework on the OutputDebugStringA, everything I read said under normal conditions EAX should be 1, I tested it before I even got started coded a little program to feed me the value of eax after calling OutputDebugStringA, and every time it came back 1. I never tried it on my Vista laptop until after I spoke with HVC, on the laptop it always came back 0.....so I thought this was constant..

I never anticipated any other processes interfering with this, I run as little on my system as I can get by with, no AV,Firewall,themes.ect.....

Any have a nice day,

Dustyh1981

Link to comment

@Dustin: Yes, your keygen works on my machine, although it's restricted to what i have posted above.

PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listed classes. :busted_cop:

Edited by HVC
Link to comment
PS: My keygen doesn't work on your machine, prolly because you have Winasm Studio running, which contains one of the black-listed

Nope nuttin runnin.....like I said above its a screwedup keygenme anyways lol

I dunno WTF I was thinkin.

p.s. My desktop window contains the blacklisted class.

Edited by dustyh1981
Link to comment

It's not a screwed-up keygenme, it's good for beginners, and you have at least demonstrated good usage of hashing/CRC'ing in a key verification algo.

But it's also a good example as to why one should avoid antidebugging tricks, such as the one included here, in key generation / verification algos.

Imagine if that algo was used in a commercial product...

How much pain would that bring to the support group? :sweatdrop:

Link to comment
  • 2 months later...
KeygenMe!

If by some chance I caught a whiff of a crack pipe and this is a keygen, then excuse me. However it looks like a crackme so let me help you out a little.

1. Start your own thread.

2. A descriptin would be nice.

3. Make sure it runs......... Very Important I can not stress this enough.

4. Might want to check this out Rules

5. Put down your peace pipe :marinheiro:

:bangin:

DrPepUr

Edited by DrPepUr
Link to comment

I don't like it. He's posting in random threads and the file goes to a homepage when you click order. As LCF-AT said in the other thread, I think this is a request.

Link to comment
  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...