Jump to content
Tuts 4 You

[KeygenMe] KeyGen Me #3


GioTiN

Recommended Posts

[EDIT] (really badly formatted) Source removed.

Added as attachment. Anybody got an idea why this function doesn't run properly when it's compiled into a winGui project? Works fine in the console, but sux serious a$$ when used to provide the string for a messagebox or an edit control..

_GioTiN__KeyGen_Me__3.zip

Edited by enhzflep
Link to comment
  • 5 weeks later...

I am stuck;

not sure how to calculate middle section, I see it changes by how many characters there are in name?

1 1234567890

2 -1825831516

3 -591263626

4 643304264

5 1877872154

6 52040638

7 1286608528

8 -1773790878

9 -177379087

10 -539222988

11 695344902

12 1929912792

Can some one point me in the correct direction here?

Thanx

Link to comment
Length of name * 1234567890d

Doc

I still cant find it

2 * 1234567890 = 2469135780 not -1825831516

probably so simple, but I just dont get it?

Link to comment

where is the D char ?!

and the result is 2 * 1234567890 = 2468ACF121A and not 2469135780 !! do you know why cuz you calculate it in Decimal value O_o so that it's Hexadecimal !!

Link to comment

Thanx HVC for that link and 32 bit Calc.

I have alsoread that page (twice) but still not completely comprehending it.

Could some one explain how to use this Calc? (32 bit) Can only input 8 characters.

I have tried 1 character at a time, and every option.

Thanx for the help guyz.

Link to comment

The calculator's operand inputs are in hexidecimal, so being 32bits n all, you can only enter 8 chars

e.g FFFFFFFF

It is used to show the numerical/bit result of using any of the instructions, without having to use a debugger

or your head/a calculator. Also, note that the decimal displays of all numbers are in signed notation so FFFFFFFF = -1, not 4294967295, like you may expect.

Link to comment

Ok, I am getting closer

1234567890 to hex = 499602D2

499602D2 *(len of name - eg 20 characters) 20 to hex = 14

499602D2h * 20h = BFB83868

32BIT calc -01078445976d

I am asuming -01078445976d is Decimal

However, is I use my calculator

499602D2h * 14h = BFB83868

Now if I convert BFB83868 to Decimal I get 3216521320

not -1078445976

So it must not be decimal??

I am getting closer, just not there yet.

Thanx

Link to comment

Put down your calculator, and use the one HVC gave you.

Here is source for keygen, if u notice after the multiplication it calls wsprintf with format string "%d"

if you switch that to "%lu" it will line up with results from your calculator. Which would be wrong.

here is a link to msdn about the wsprintf function http://msdn.microsoft.com/en-us/library/ms647550(VS.85).aspx

use in conjunction with the wiki page above and things should clear up.

.data 
sFormat db "%d",00
.data?
NameBuffer db 100 dup(?)
SerialBufferX db 100 dup(?)
SerialBuffer db 100 dup(?)
.codeKeygen proc hWnd:DWORDLocal sLen:DWORD
Local sSum:DWORD
Local Local3:DWORD
Local Local4:DWORD
Local Serial1:DWORDinvoke RtlZeroMemory,addr NameBuffer,sizeof NameBuffer *3
invoke GetDlgItemText,hWnd,IDC_NAME,addr NameBuffer,sizeof NameBuffer
.if eax
mov sLen,eax
mov edi,eax
.repeat
add byte ptr ds:[NameBuffer +edi -1],3
dec edi
.until edi == 00
mov eax,sLen
dec eax
mov byte ptr ds:[NameBuffer +eax],00
mov eax,sLen
mov ebx,499602D2h
imul eax,ebx
mov sSum,eax
invoke wsprintf,addr SerialBuffer,addr sFormat,eax
invoke lstrcat,addr NameBuffer,addr SerialBuffer
invoke lstrcat,addr NameBuffer,SADD("UnderSEH")
invoke SetDlgItemText,hWnd,IDC_SERIAL,Addr NameBuffer
.endif Ret
Keygen EndP
Link to comment

I guess my main problem is I do not know Asembly Lang, I work with VB

(I have downloaded and am currently reading a book on ASM)

So I have been trying to figure out how to convert BFB83868 to -1078445976 in VB6

Thanx for all your help guyz, very appreciated!!!

Link to comment
I guess my main problem is I do not know Asembly Lang, I work with VB

(I have downloaded and am currently reading a book on ASM)

So I have been trying to figure out how to convert BFB83868 to -1078445976 in VB6

Thanx for all your help guyz, very appreciated!!!

Here is what you are looking for. UnsignedToLong imul is signed Signed: −2,147,483,648 to +2,147,483,647 vs Unsigned: 0 to +4,294,967,295

.http://support.microsoft.com/kb/189323

Edited by redblkjck
Link to comment

it is so simple if a last bit of number be 1 (in sign number) it mean it's negative

so BFB83868h in binary is 10111111101110000011100001101000 the last bit is 1 thus it's negative

for converting to negative decimal we use this algo

mov eax, BFB83868
dec eax
not eax

eax now is 4047C798h and 1078445976 in decimal, and we know it's negative -1078445976

Edited by Hoax3r
Link to comment
it is so simple if a last bit of number be 1 (in sign number) it mean it's negative

so BFB83868h in binary is 10111111101110000011100001101000 the last bit is 1 thus it's negative

for converting to negative decimal we use this algo

mov eax, BFB83868
dec eax
not eax

eax now is 4047C798h and 1078445976 in decimal, and we know it's negative -1078445976

Thank you, I have it now.

I am just working out the procedure for the Ceasar Cypher in VB^ and I will post my keygen.

Link to comment

Well, this was pretty easy to fish;

however, Keygenning proved to be difficult for me.

The "Simple" math wasn't so simple for me to grasp.

I think the hardest for me, was coming up with a function in VB6 to handle Hex strings larger than 8 characters.

Ne ways, here is my Keygen.

Please check it out and let me know if it is working for you, I almost gave up lol, this was quite the task for this Newb!

http://rapidshare.com/files/138496693/KeyG...netHax.zip.html

To help out others with this if they use VB6, here is the core of the code used;

DO NOT LOOK IF YOU DONT WANT THE ANSWERS!!!!

Private Sub Command1_Click()
Dim P1 As String
Dim P2 As String
Dim P3 As String
Dim P4 As String
Dim P5 As String
Dim P7 As String
If Text1.Text = "" Then
MsgBox "Entering a Name is required"
Else
P1 = Text1.Text 'name
P2 = Len(P1) ' name length
P3 = P2 - 1 ' name length - 1
P4 = Mid(P1, 1, P3) ' name - 1
P5 = Ceasar(P4)
P7 = HexMulti(CLng("&H499602D2"), CCur(Len(Text1.Text)))
Text2.Enabled = True
Text2.Text = P5 & P7 & "UnderSEH"
End If
End Sub
Function Ceasar(sText As String) As String
Dim i As Long
Ceasar = Space$(Len(sText))
For i = 1 To Len(sText)
Mid$(Ceasar, i, 1) = Chr$((Asc(Mid$(sText, i, 1)) + 3) Mod 256)
Next
End Function
Public Function HexMulti(ByVal Value As Long, ByVal Multiplier As Currency) As Long
If Value < 0 Then
Multiplier = (CCur(Value And &H7FFFFFFF) + 2147483648@) * Multiplier
Else
Multiplier = Value * Multiplier
End If
Do While Multiplier >= 4294967296@
Multiplier = Multiplier - 4294967296@
Loop
If Multiplier >= 2147483648@ Then
HexMulti = Multiplier - 4294967296@
Else
HexMulti = Multiplier
End If
End Function

KeyGen_Me__3_PlanetHax.zip

Edited by planethax
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...