Jump to content
Tuts 4 You

[keygenme] KeygenMe1

N1ghtm4r3

By N1ghtm4r3
in KeygenMe

 Share

Recommended Posts

Teddy Rogers

Teddy Rogers

Posted
Posted

The [keygenme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

ISquishWorms

ISquishWorms

Posted
Posted (edited)

Hello, :)

I have been looking at this Keygenme and have a question about the following:

00401340  /$ 83EC 14        SUB ESP,14
00401343  |. 8B5424 1C      MOV EDX,DWORD PTR SS:[ESP+1C]                              ;  Move string of upto 28 to EDX
00401347  |. C74424 00 0000>MOV DWORD PTR SS:[ESP],0                                   ;  Moves 0 into that stack space
0040134F  |. 803A 2B        CMP BYTE PTR DS:[EDX],2B                                   ;  Checks for a + character (2B)
00401352  |. 75 0D          JNZ SHORT KeygenMe.00401361                                ;  Jump taken if char IS NOT a + (2B)
00401354  |. 807A 01 20     CMP BYTE PTR DS:[EDX+1],20                                 ;  Checks for a ' ' space character (20)
00401358  |. 75 07          JNZ SHORT KeygenMe.00401361                                ;  Jump taken if char IS NOT a ' ' space (20)
0040135A  |. 83C2 02        ADD EDX,2                                                  ;  Add 2 to EDX remove the first + and '  ' space chars if they exist but why?
0040135D  |. 895424 1C      MOV DWORD PTR SS:[ESP+1C],EDX
00401361  |> 8A0A           MOV CL,BYTE PTR DS:[EDX]                                   ;  Push a char into CL ( for example first time round = I )
00401363  |. 53             PUSH EBX
00401364  |. 55             PUSH EBP
00401365  |. 56             PUSH ESI
00401366  |. 80F9 0D        CMP CL,0D                                                  ;  Compare contents of CL to (0D) ???
00401369  |. 57             PUSH EDI
0040136A  |. 75 0A          JNZ SHORT KeygenMe.00401376                                   
0040136C  |. 5F             POP EDI
0040136D  |. 5E             POP ESI
0040136E  |. 5D             POP EBP
0040136F  |. 33C0           XOR EAX,EAX
00401371  |. 5B             POP EBX
00401372  |. 83C4 14        ADD ESP,14
00401375  |. C3             RETN

Why does the above code check for a + character followed by a space and then remove them if they exist? If I make my input: '+ 123' it becomes '123' but if i make my input '+ + + 123' it becomes '+ + 123' I do not really understand why it only bothers to remove the first '+ ' and yet will leave the extra ones should I input them, why bother removing and checking for the first two chars being a '+ '? Anyway hope my question is clear enough for someone to be able to answer me.

ISquishWorms.

Edited by ISquishWorms
N1ghtm4r3

N1ghtm4r3

Posted
  • Author
Posted (edited)

Nothing is not functional there!

try continue tracing to discover what does the entire call do.

Edited by N1ghtm4r3
  • 3 weeks later...
N1ghtm4r3

N1ghtm4r3

Posted
  • Author
Posted

@ISquishWorms:

If you are still interested in this keygenme, It's been solved on Crackmes.de, try to check the solution :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...