Jump to content
Tuts 4 You

[keygenme] VM KeygenMe #1


Hyperlisk

Recommended Posts

Hyperlisk

Well, I been experimenting with writing a little pet VM, just for fun, and I plan on releasing little KeygenMe's as I add new features. Right now it supports quite a few op codes, though not all of them are used in this algo. The EXE is not compressed or protected and it was compiled without optimizations, so it's just straight reversing. I kept the algo simple so that the focus is mainly on actual reversing and figuring out how my VM works. If there's any problems with it, let me know, thanks!

Well, have fun! And here's an example key:

Name: Hyperlisk

Serial: 1C3A-FE0A

VM.zip

Edited by Hyperlisk
Link to comment
  • 2 weeks later...

thanx for keygenme :D

interesting VM, it is yours?

Thanks for trying it, your keygen looks good! :thumbsup:

Yep, it's my VM, just a little side project I'm working on :turned: Nicely done!

Link to comment

why your vm is 16 bit, why you dont make x32 VM?

It keeps things interesting :P That and I don't plan on needing 32-bit addresses anytime. Though I do miss 32-bit registers/operations...

Link to comment
  • 2 weeks later...

can anyone explain the proper way to find the routine for this. i've traced thought it a long time and found what appears to be the spot, but am unsure, i wrote a keygen - its seems to work. any tuts on vm would help.

Thanks

T-rad

Link to comment
can anyone explain the proper way to find the routine for this.

yeah, that would be nice.

Also, mind posting the source for the vm crackme? Would be interesting to some people, i think. :)

dp0 .)

Edited by deepzero
Link to comment

this VM is very simple, it has no obfuscation, garbage code and other tricks, to disassemble a pleasure :D

Edited by BoRoV
Link to comment

yeah, that would be nice.

Also, mind posting the source for the vm crackme? Would be interesting to some people, i think. :)

dp0 .)

Yeah, no problem. I wasn't sure if you meant the actual VM source or the keygenme source, so I just threw them both in there :P Just excuse the ugliness :P Also, I haven't had time to work on this more yet, but I promise there will be more :turned:

Also, I'm pretty sure there's some bugs in there too... Like I'm pretty sure I set up my stack frames wrong, so ENTER/LEAVE are probably broken for subroutines needing anything but one parameter lol, and you can't actually adjust the stack pointer in code, either without ENTER/LEAVE, so... Yeah... :sorc:

Also also: I threw my assembler in there too, it's written in PHP though, so to use it you just do "php PopVM_ASM.php my_source.asm". There's a bug in my lexer too, for the assembler, making it match mnemonics before labels, which I never got around to fixing. I just prefix labels with '@' or '_' as a workaround.

Anyway, here you go, I rambled on much more than I thought I would.

PopVM.zip

Edited by Hyperlisk
Link to comment

this VM is very simple, it has no obfuscation, garbage code and other tricks, to disassemble a pleasure :D

how did u find the routine???. i thick i found it by plain dumb luck...

Link to comment

main handler of all pcode


.text:00402DAF sub_402DAF proc near ; CODE XREF: sub_4027ED+13p
.text:00402DAF push ebp
.text:00402DB0 mov ebp, esp
.text:00402DB2 sub esp, 8
.text:00402DB5 jmp short loc_402DBC
.text:00402DB7 ; ---------------------------------------------------------------------------
.text:00402DB7
.text:00402DB7 loc_402DB7: ; CODE XREF: sub_402DAF+14j
.text:00402DB7 call sub_40273D ; <-- read instructions from pcode
.text:00402DBC
.text:00402DBC loc_402DBC: ; CODE XREF: sub_402DAF+6j
.text:00402DBC mov al, ds:byte_40BA23
.text:00402DC1 test al, al
.text:00402DC3 jz short loc_402DB7
.text:00402DC5 mov eax, ds:VM_Result
.text:00402DCA leave
.text:00402DCB retn
.text:00402DCB sub_402DAF endp
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...