[KeyGenMe] BrainKiller KeyGenMe

[Mouradpr]

hi friends and welcome .

today we r going to see a classic KeyGenMe, it's a little bit meduim to hard.

Required :

- Serial for Lite Verion [newbies]

- Serial for Standard Version [Meduim]

- Serial for Professional Version or KeyGen [Meduim + 1]

cya!

================

please redownload the challenge.. there was a bug.. i fixed it

BrainKiller KeyGenMe Fixed.rar

Edited August 13, 2009 by Mouradpr

[HVC]

Thanks.

kg.rar

Edit: fixed a minor bug

Edited August 13, 2009 by HVC

[Mouradpr]

wow!! excellent...

[BoRoV]

Thx, I love keygen with math (maybe because I mathematician )

my KeyGen, pass on src: 1234567890

Edit: fixed a minor bug, too

keygen.rar

keygen_src.rar

Edited August 14, 2009 by BoRoV

[Mouradpr]

Thx, I love keygen with math

ya. ... There is some bugs in your KeyGen... but good work boy..

if you like maths i'm going to make some keyGenMes about different domain in maths

cya!

[thisistest]

004012F0 /. 55 push ebp

004012F1 |. 31D2 xor edx,edx

004012F3 |. 89E5 mov ebp,esp

004012F5 |. 81EC 48050000 sub esp,548

004012FB |. 8B45 0C mov eax,[arg.2]

004012FE |. 897D FC mov [local.1],edi

00401301 |. 8B7D 08 mov edi,[arg.1]

00401304 |. 83F8 10 cmp eax,10

00401307 |. 895D F4 mov [local.3],ebx

0040130A |. 8975 F8 mov [local.2],esi

0040130D |. 8995 E0FAFFFF mov [local.328],edx

00401313 |. 0F84 27010000 je BrainKil.00401440

00401319 |. 3D 11010000 cmp eax,111

0040131E |. 74 11 je short BrainKil.00401331

00401320 |> 8B5D F4 mov ebx,[local.3]

00401323 |. 31C0 xor eax,eax

00401325 |. 8B75 F8 mov esi,[local.2]

00401328 |. 8B7D FC mov edi,[local.1]

0040132B |. 89EC mov esp,ebp

0040132D |. 5D pop ebp

0040132E |. C2 1000 retn 10

[thisistest]

0040140D |. 83F9 0C cmp ecx,0C

00401410 |. 74 50 je short BrainKil.00401462

00401412 |> 893C24 mov dword ptr ss:[esp],edi ; |

00401415 |. 31C9 xor ecx,ecx ; |

00401417 |. BA 00304000 mov edx,BrainKil.00403000 ; |ASCII "Error"

0040141C |. 894C24 0C mov dword ptr ss:[esp+C],ecx ; |

00401420 |. B8 06304000 mov eax,BrainKil.00403006 ; |ASCII "Bad Boy"

00401425 |. 895424 08 mov dword ptr ss:[esp+8],edx ; |

00401429 |. 894424 04 mov dword ptr ss:[esp+4],eax ; |

0040142D |. E8 B6010000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA

00401547 |. /74 3A je short BrainKil.00401583

00401549 |. |83BD E0FAFFFF>cmp [local.328],3

00401550 |.^|0F85 CAFDFFFF jnz BrainKil.00401320

00401556 |. |BE 10304000 mov esi,BrainKil.00403010 ; ASCII "Registered to : Professional Version"

0040155B |. |897424 08 mov dword ptr ss:[esp+8],esi

0040155F |> |893C24 mov dword ptr ss:[esp],edi ; |

00401562 |. |BB E8030000 mov ebx,3E8 ; |

00401567 |. |895C24 04 mov dword ptr ss:[esp+4],ebx ; |

0040156B |. |E8 80000000 call <jmp.&USER32.SetDlgItemTextA> ; \SetDlgItemTextA

00401570 |. |83EC 0C sub esp,0C

00401573 |.^|E9 A8FDFFFF jmp BrainKil.00401320

00401578 |> |B8 35304000 mov eax,BrainKil.00403035 ; ASCII "Registered to : Lite Version"

0040157D |> |894424 08 mov dword ptr ss:[esp+8],eax

00401581 |.^|EB DC jmp short BrainKil.0040155F

00401583 |> \B8 54304000 mov eax,BrainKil.00403054 ; ASCII "Registered to : Standard Version"

00401588 |.^ EB F3 jmp short BrainKil.0040157D

0040158A |> 8B85 E0FAFFFF mov eax,[local.328]

00401590 |. 85C0 test eax,eax

00401592 |.^ 0F85 88FDFFFF jnz BrainKil.00401320

00401598 \.^ E9 75FEFFFF jmp BrainKil.00401412

0040159D 90 nop

[ali.yekta]

could anyone explain whats with the floating point calculation for first 3 digits part of serial which determines version of registeration?

Edited August 15, 2009 by ali.yekta

[Mouradpr]

could anyone explain whats with the floating point calculation for first 3 digits part of serial which determines version of registeration?

there's an equation of Third degree...

x^3 - 8x^2 + 19x - 12 =0

solutions of this equation are 1 , 3 and 4...

if the first bytes of serial contain one solution then it's a lite Version

if there is two solutions then Standard Version

if 3 solutions then the Professional Version..

byte 4 of serial must be '-'

byte4+byte5+byte6+byte7 must be 8

and then Byte8 must be '-'

B9+B10+B11+B12 = 19

b13 = '-'

b14+b15+b16+b17 = 12

8 and 19 and 12 are the equation's Arguments

serial example

102-2222-9901-1254 Lite Version

130-2222-9901-1254 Standard Version

134-2222-9901-1254 Professional Version

===============

use IDA + HexArray Plugin

=======================================

that's all ... and thank you for all

===============================

[ali.yekta]

wow tnx dude , nice keygenme and nicer tut

[Eviler]

wow~~it looks nice,let me try it!