Jump to content
Tuts 4 You

[KeygenMe] KeygenMe #10 [Hard]

Saduff

By Saduff
in KeygenMe

 Share

Recommended Posts

Saduff

Saduff

Posted
Posted (edited)

Since this is my tenth KeygenMe, it has to be Very Hard.

No, I did not use any cryptos, but it is protected with hardcore math. :D

Note: You will find a MD5 reference, but MD5 is only used in serial checking.

Rules:

Patching is not allowed!

Accepted Solutions:

Serial (Silver)

Self-Keygen (Silver)

Keygen (Gold)

Solved by:

1. HVC - Keygen (Gold)

2. BoRoV - Keygen (Gold)

3. Frie1960 - Serial (Silver)

4. Seee - Serial (Silver)

KeygenMe__10.zip

Edited by Saduff
Link to comment
Share on other sites
GioTiN

GioTiN

Posted
Posted 
00485168		E8 A316FBFF	 CALL 00436810
0048516D		837D C8 00	  CMP DWORD PTR SS:[EBP-38],0
00485171		75 15		   JNZ SHORT 00485188
00485173		BA 1C564800	 MOV EDX,0048561C					  ; ASCII "Enter a name!"
00485178		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
0048517E		E8 BD16FBFF	 CALL 00436840
00485183		E9 DF030000	 JMP 00485567
00485188		8D55 C4		 LEA EDX,DWORD PTR SS:[EBP-3C]
0048518B		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485191		E8 7A16FBFF	 CALL 00436810
00485196		837D C4 00	  CMP DWORD PTR SS:[EBP-3C],0
0048519A		75 15		   JNZ SHORT 004851B1
0048519C		BA 34564800	 MOV EDX,00485634					  ; ASCII "Enter your serial!"
004851A1		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004851A7		E8 9416FBFF	 CALL 00436840
004851AC		E9 B6030000	 JMP 00485567
004851B1		8D55 FC		 LEA EDX,DWORD PTR SS:[EBP-4]
004851B4		8B83 04030000   MOV EAX,DWORD PTR DS:[EBX+304]
004851BA		E8 5116FBFF	 CALL 00436810
004851BF		8D55 F8		 LEA EDX,DWORD PTR SS:[EBP-8]
004851C2		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004851C8		E8 4316FBFF	 CALL 00436810
004851CD		8B45 FC		 MOV EAX,DWORD PTR SS:[EBP-4]
004851D0		E8 47FAF7FF	 CALL 00404C1C
004851D5		85C0			TEST EAX,EAX
004851D7		0F8E E0000000   JLE 004852BD
004851DD		8945 CC		 MOV DWORD PTR SS:[EBP-34],EAX
004851E0		BE 01000000	 MOV ESI,1
004851E5		8B45 FC		 MOV EAX,DWORD PTR SS:[EBP-4]
004851E8		0FB64430 FF	 MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
004851ED		69C0 8A0B0800   IMUL EAX,EAX,80B8A
004851F3		B9 B9C08DDA	 MOV ECX,DA8DC0B9
004851F8		33D2			XOR EDX,EDX
004851FA		F7F1			DIV ECX
004851FC		8BC2			MOV EAX,EDX
004851FE		8DB8 00150000   LEA EDI,DWORD PTR DS:[EAX+1500]
00485204		68 08400000	 PUSH 4008
00485209		68 000040D8	 PUSH D8400000
0048520E		6A 00		   PUSH 0
00485210		E8 6714FAFF	 CALL 0042667C
00485215		037D F4		 ADD EDI,DWORD PTR SS:[EBP-C]
00485218		03C7			ADD EAX,EDI
0048521A		8945 F4		 MOV DWORD PTR SS:[EBP-C],EAX
0048521D		8B45 FC		 MOV EAX,DWORD PTR SS:[EBP-4]
00485220		0FB64430 FF	 MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
00485225		69F8 E4060000   IMUL EDI,EAX,6E4
0048522B		81C7 0FA80000   ADD EDI,0A80F
00485231		68 08400000	 PUSH 4008
00485236		68 000080A0	 PUSH A0800000
0048523B		6A 00		   PUSH 0
0048523D		E8 6A14FAFF	 CALL 004266AC
00485242		69D7 DB020000   IMUL EDX,EDI,2DB
00485248		0355 F0		 ADD EDX,DWORD PTR SS:[EBP-10]
0048524B		03C2			ADD EAX,EDX
0048524D		8945 F0		 MOV DWORD PTR SS:[EBP-10],EAX
00485250		8BD7			MOV EDX,EDI
00485252		B8 3A030000	 MOV EAX,33A
00485257		E8 74D6FFFF	 CALL 004828D0
0048525C		8BC8			MOV ECX,EAX
0048525E		8B45 EC		 MOV EAX,DWORD PTR SS:[EBP-14]
00485261		99			  CDQ
00485262		F77D F0		 IDIV DWORD PTR SS:[EBP-10]
00485265		03CA			ADD ECX,EDX
00485267		894D EC		 MOV DWORD PTR SS:[EBP-14],ECX
0048526A		8B45 FC		 MOV EAX,DWORD PTR SS:[EBP-4]
0048526D		0FB64430 FF	 MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
00485272		69C0 442C3504   IMUL EAX,EAX,4352C44
00485278		05 7D1B0000	 ADD EAX,1B7D
0048527D		8945 C0		 MOV DWORD PTR SS:[EBP-40],EAX
00485280		DB45 C0		 FILD DWORD PTR SS:[EBP-40]
00485283		83C4 F4		 ADD ESP,-0C
00485286		DB3C24		  FSTP TBYTE PTR SS:[ESP]
00485289		9B			  WAIT
0048528A		E8 EDD4FFFF	 CALL 0048277C
0048528F		8BC8			MOV ECX,EAX
00485291		8B45 E8		 MOV EAX,DWORD PTR SS:[EBP-18]
00485294		99			  CDQ
00485295		F7F9			IDIV ECX
00485297		8955 E8		 MOV DWORD PTR SS:[EBP-18],EDX
0048529A		8B45 E4		 MOV EAX,DWORD PTR SS:[EBP-1C]
0048529D		F76D E8		 IMUL DWORD PTR SS:[EBP-18]
004852A0		03C8			ADD ECX,EAX
004852A2		894D E4		 MOV DWORD PTR SS:[EBP-1C],ECX
004852A5		8B45 E4		 MOV EAX,DWORD PTR SS:[EBP-1C]
004852A8		B9 81010000	 MOV ECX,181
004852AD		99			  CDQ
004852AE		F7F9			IDIV ECX
004852B0		0155 E0		 ADD DWORD PTR SS:[EBP-20],EDX
004852B3		46			  INC ESI
004852B4		FF4D CC		 DEC DWORD PTR SS:[EBP-34]
004852B7	  ^ 0F85 28FFFFFF   JNZ 004851E5
004852BD		8B75 F4		 MOV ESI,DWORD PTR SS:[EBP-C]
004852C0		8B7D EC		 MOV EDI,DWORD PTR SS:[EBP-14]
004852C3		8B45 E0		 MOV EAX,DWORD PTR SS:[EBP-20]
004852C6		8945 DC		 MOV DWORD PTR SS:[EBP-24],EAX
004852C9		8D55 BC		 LEA EDX,DWORD PTR SS:[EBP-44]
004852CC		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004852D2		E8 3915FBFF	 CALL 00436810
004852D7		8B55 BC		 MOV EDX,DWORD PTR SS:[EBP-44]
004852DA		B8 50564800	 MOV EAX,00485650
004852DF		E8 7CFCF7FF	 CALL 00404F60
004852E4		85C0			TEST EAX,EAX
004852E6		0F8E 32020000   JLE 0048551E
004852EC		8D45 B8		 LEA EAX,DWORD PTR SS:[EBP-48]
004852EF		50			  PUSH EAX
004852F0		8D55 B4		 LEA EDX,DWORD PTR SS:[EBP-4C]
004852F3		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004852F9		E8 1215FBFF	 CALL 00436810
004852FE		8B55 B4		 MOV EDX,DWORD PTR SS:[EBP-4C]
00485301		B8 50564800	 MOV EAX,00485650
00485306		E8 55FCF7FF	 CALL 00404F60
0048530B		40			  INC EAX
0048530C		50			  PUSH EAX
0048530D		8D55 B0		 LEA EDX,DWORD PTR SS:[EBP-50]
00485310		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485316		E8 F514FBFF	 CALL 00436810
0048531B		8B45 B0		 MOV EAX,DWORD PTR SS:[EBP-50]
0048531E		66:B9 0F27	  MOV CX,270F
00485322		5A			  POP EDX
00485323		E8 A0D3FFFF	 CALL 004826C8
00485328		8B55 B8		 MOV EDX,DWORD PTR SS:[EBP-48]
0048532B		B8 50564800	 MOV EAX,00485650
00485330		E8 2BFCF7FF	 CALL 00404F60
00485335		85C0			TEST EAX,EAX
00485337		0F8E E1010000   JLE 0048551E
0048533D		8D45 D8		 LEA EAX,DWORD PTR SS:[EBP-28]
00485340		50			  PUSH EAX
00485341		8D55 AC		 LEA EDX,DWORD PTR SS:[EBP-54]
00485344		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
0048534A		E8 C114FBFF	 CALL 00436810
0048534F		8B55 AC		 MOV EDX,DWORD PTR SS:[EBP-54]
00485352		B8 50564800	 MOV EAX,00485650
00485357		E8 04FCF7FF	 CALL 00404F60
0048535C		48			  DEC EAX
0048535D		50			  PUSH EAX
0048535E		8D55 A8		 LEA EDX,DWORD PTR SS:[EBP-58]
00485361		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485367		E8 A414FBFF	 CALL 00436810
0048536C		8B45 A8		 MOV EAX,DWORD PTR SS:[EBP-58]
0048536F		33D2			XOR EDX,EDX
00485371		59			  POP ECX
00485372		E8 05FBF7FF	 CALL 00404E7C
00485377		8D45 D4		 LEA EAX,DWORD PTR SS:[EBP-2C]
0048537A		50			  PUSH EAX
0048537B		8D45 A4		 LEA EAX,DWORD PTR SS:[EBP-5C]
0048537E		50			  PUSH EAX
0048537F		8D55 A0		 LEA EDX,DWORD PTR SS:[EBP-60]
00485382		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485388		E8 8314FBFF	 CALL 00436810
0048538D		8B55 A0		 MOV EDX,DWORD PTR SS:[EBP-60]
00485390		B8 50564800	 MOV EAX,00485650
00485395		E8 C6FBF7FF	 CALL 00404F60
0048539A		40			  INC EAX
0048539B		50			  PUSH EAX
0048539C		8D55 9C		 LEA EDX,DWORD PTR SS:[EBP-64]
0048539F		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004853A5		E8 6614FBFF	 CALL 00436810
004853AA		8B45 9C		 MOV EAX,DWORD PTR SS:[EBP-64]
004853AD		66:B9 0F27	  MOV CX,270F
004853B1		5A			  POP EDX
004853B2		E8 11D3FFFF	 CALL 004826C8
004853B7		8B55 A4		 MOV EDX,DWORD PTR SS:[EBP-5C]
004853BA		B8 50564800	 MOV EAX,00485650
004853BF		E8 9CFBF7FF	 CALL 00404F60
004853C4		48			  DEC EAX
004853C5		50			  PUSH EAX
004853C6		8D55 98		 LEA EDX,DWORD PTR SS:[EBP-68]
004853C9		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004853CF		E8 3C14FBFF	 CALL 00436810
004853D4		8B55 98		 MOV EDX,DWORD PTR SS:[EBP-68]
004853D7		B8 50564800	 MOV EAX,00485650
004853DC		E8 7FFBF7FF	 CALL 00404F60
004853E1		40			  INC EAX
004853E2		50			  PUSH EAX
004853E3		8D55 94		 LEA EDX,DWORD PTR SS:[EBP-6C]
004853E6		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
004853EC		E8 1F14FBFF	 CALL 00436810
004853F1		8B45 94		 MOV EAX,DWORD PTR SS:[EBP-6C]
004853F4		5A			  POP EDX
004853F5		59			  POP ECX
004853F6		E8 81FAF7FF	 CALL 00404E7C
004853FB		8D45 90		 LEA EAX,DWORD PTR SS:[EBP-70]
004853FE		50			  PUSH EAX
004853FF		8D55 88		 LEA EDX,DWORD PTR SS:[EBP-78]
00485402		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485408		E8 0314FBFF	 CALL 00436810
0048540D		8B45 88		 MOV EAX,DWORD PTR SS:[EBP-78]
00485410		8D55 8C		 LEA EDX,DWORD PTR SS:[EBP-74]
00485413		E8 70D2FFFF	 CALL 00482688
00485418		8B55 8C		 MOV EDX,DWORD PTR SS:[EBP-74]
0048541B		B8 50564800	 MOV EAX,00485650
00485420		E8 3BFBF7FF	 CALL 00404F60
00485425		48			  DEC EAX
00485426		50			  PUSH EAX
00485427		8D55 80		 LEA EDX,DWORD PTR SS:[EBP-80]
0048542A		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485430		E8 DB13FBFF	 CALL 00436810
00485435		8B45 80		 MOV EAX,DWORD PTR SS:[EBP-80]
00485438		8D55 84		 LEA EDX,DWORD PTR SS:[EBP-7C]
0048543B		E8 48D2FFFF	 CALL 00482688
00485440		8B45 84		 MOV EAX,DWORD PTR SS:[EBP-7C]
00485443		33D2			XOR EDX,EDX
00485445		59			  POP ECX
00485446		E8 31FAF7FF	 CALL 00404E7C
0048544B		8B45 90		 MOV EAX,DWORD PTR SS:[EBP-70]
0048544E		8D55 D0		 LEA EDX,DWORD PTR SS:[EBP-30]
00485451		E8 32D2FFFF	 CALL 00482688
00485456		8D95 7CFFFFFF   LEA EDX,DWORD PTR SS:[EBP-84]
0048545C		8B45 D8		 MOV EAX,DWORD PTR SS:[EBP-28]
0048545F		E8 04E0FFFF	 CALL 00483468
00485464		8B85 7CFFFFFF   MOV EAX,DWORD PTR SS:[EBP-84]
0048546A		50			  PUSH EAX
0048546B		8D95 74FFFFFF   LEA EDX,DWORD PTR SS:[EBP-8C]
00485471		8BC6			MOV EAX,ESI
00485473		E8 6C47F8FF	 CALL 00409BE4
00485478		8B85 74FFFFFF   MOV EAX,DWORD PTR SS:[EBP-8C]
0048547E		8D95 78FFFFFF   LEA EDX,DWORD PTR SS:[EBP-88]
00485484		E8 DFDFFFFF	 CALL 00483468
00485489		8B95 78FFFFFF   MOV EDX,DWORD PTR SS:[EBP-88]
0048548F		58			  POP EAX
00485490		E8 D3F8F7FF	 CALL 00404D68
00485495		0F85 83000000   JNZ 0048551E
0048549B		8D95 70FFFFFF   LEA EDX,DWORD PTR SS:[EBP-90]
004854A1		8B45 D4		 MOV EAX,DWORD PTR SS:[EBP-2C]
004854A4		E8 BFDFFFFF	 CALL 00483468
004854A9		8B85 70FFFFFF   MOV EAX,DWORD PTR SS:[EBP-90]
004854AF		50			  PUSH EAX
004854B0		8D95 68FFFFFF   LEA EDX,DWORD PTR SS:[EBP-98]
004854B6		8BC7			MOV EAX,EDI
004854B8		E8 2747F8FF	 CALL 00409BE4
004854BD		8B85 68FFFFFF   MOV EAX,DWORD PTR SS:[EBP-98]
004854C3		8D95 6CFFFFFF   LEA EDX,DWORD PTR SS:[EBP-94]
004854C9		E8 9ADFFFFF	 CALL 00483468
004854CE		8B95 6CFFFFFF   MOV EDX,DWORD PTR SS:[EBP-94]
004854D4		58			  POP EAX
004854D5		E8 8EF8F7FF	 CALL 00404D68
004854DA		75 42		   JNZ SHORT 0048551E
004854DC		8D95 64FFFFFF   LEA EDX,DWORD PTR SS:[EBP-9C]
004854E2		8B45 D0		 MOV EAX,DWORD PTR SS:[EBP-30]
004854E5		E8 7EDFFFFF	 CALL 00483468
004854EA		8B85 64FFFFFF   MOV EAX,DWORD PTR SS:[EBP-9C]
004854F0		50			  PUSH EAX
004854F1		8D95 5CFFFFFF   LEA EDX,DWORD PTR SS:[EBP-A4]
004854F7		8B45 DC		 MOV EAX,DWORD PTR SS:[EBP-24]
004854FA		E8 E546F8FF	 CALL 00409BE4
004854FF		8B85 5CFFFFFF   MOV EAX,DWORD PTR SS:[EBP-A4]
00485505		8D95 60FFFFFF   LEA EDX,DWORD PTR SS:[EBP-A0]
0048550B		E8 58DFFFFF	 CALL 00483468
00485510		8B95 60FFFFFF   MOV EDX,DWORD PTR SS:[EBP-A0]
00485516		58			  POP EAX
00485517		E8 4CF8F7FF	 CALL 00404D68
0048551C		74 12		   JE SHORT 00485530
0048551E		BA 5C564800	 MOV EDX,0048565C					  ; ASCII "Incorrect Serial.. Try Again!"
00485523		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485529		E8 1213FBFF	 CALL 00436840
0048552E		EB 37		   JMP SHORT 00485567
00485530		BA 84564800	 MOV EDX,00485684					  ; ASCII "Correct Serial.. Well Done!"
00485535		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
0048553B		E8 0013FBFF	 CALL 00436840
00485540		33D2			XOR EDX,EDX
00485542		8B83 04030000   MOV EAX,DWORD PTR DS:[EBX+304]
00485548		8B08			MOV ECX,DWORD PTR DS:[EAX]
0048554A		FF51 64		 CALL DWORD PTR DS:[ECX+64]
0048554D		33D2			XOR EDX,EDX
0048554F		8B83 0C030000   MOV EAX,DWORD PTR DS:[EBX+30C]
00485555		8B08			MOV ECX,DWORD PTR DS:[EAX]
00485557		FF51 64		 CALL DWORD PTR DS:[ECX+64]
0048555A		33D2			XOR EDX,EDX
0048555C		8B83 FC020000   MOV EAX,DWORD PTR DS:[EBX+2FC]
00485562		8B08			MOV ECX,DWORD PTR DS:[EAX]
00485564		FF51 64		 CALL DWORD PTR DS:[ECX+64]
Link to comment
Share on other sites
HVC

HVC

Posted
Posted (edited)

Saduff, it's not as hard as you make it sound.

This keymaker was made entirely out of your code. I simply formatted the appropriate values and output them in the edit control.

I didnt even had to understand the algo...

Anyway, thanks for your effort.

kg.zip

Edited by HVC
Link to comment
Share on other sites
BoRoV

BoRoV

Posted
Posted (edited)

First, why you first packed UPX, and then to unpack ... hands

Secondly, not that it is difficult

My KeyGen (source icl.)

keygen.7z

Edited by BoRoV
Link to comment
Share on other sites
Frie1960

Frie1960

Posted
Posted (edited)

Saduff,

Serial at this point

Frie1960

315340644-226250871-60

Keygen follows as soon as my wife leave me alone :S

Regards, Frie1960

Edited by Frie1960
Link to comment
Share on other sites
Saduff

Saduff

Posted
  • Author
Posted (edited)

Wow, good job! :)

Hmm, was not very difficult? It was for me.

First, why you first packed UPX, and then to unpack ... hands

That's just a protection from DeDe and it makes finding the algo harder. :D

Also, thanks BoRoV for including the source. From the look of that source it looks pretty hard to me.

Edited by Saduff
Link to comment
Share on other sites
Saduff

Saduff

Posted
  • Author
Posted
Protection dont work :D

How's that? When you open it with DeDe and go to Procedures, then there's nothing. ;)

Link to comment
Share on other sites
Saduff

Saduff

Posted
  • Author
Posted

Wtf? What kind of DeDe are you using?

Mine didn't have anything there. :unsure:

My DeDe version is 3.50.04. And it's not green like yours.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...