Jump to content
Tuts 4 You

[keygenme] KeygenMe1


N1ghtm4r3

Recommended Posts

The [keygenme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

Hello, :)

I have been looking at this Keygenme and have a question about the following:

00401340  /$ 83EC 14        SUB ESP,14
00401343 |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C] ; Move string of upto 28 to EDX
00401347 |. C74424 00 0000>MOV DWORD PTR SS:[ESP],0 ; Moves 0 into that stack space
0040134F |. 803A 2B CMP BYTE PTR DS:[EDX],2B ; Checks for a + character (2B)
00401352 |. 75 0D JNZ SHORT KeygenMe.00401361 ; Jump taken if char IS NOT a + (2B)
00401354 |. 807A 01 20 CMP BYTE PTR DS:[EDX+1],20 ; Checks for a ' ' space character (20)
00401358 |. 75 07 JNZ SHORT KeygenMe.00401361 ; Jump taken if char IS NOT a ' ' space (20)
0040135A |. 83C2 02 ADD EDX,2 ; Add 2 to EDX remove the first + and ' ' space chars if they exist but why?
0040135D |. 895424 1C MOV DWORD PTR SS:[ESP+1C],EDX
00401361 |> 8A0A MOV CL,BYTE PTR DS:[EDX] ; Push a char into CL ( for example first time round = I )
00401363 |. 53 PUSH EBX
00401364 |. 55 PUSH EBP
00401365 |. 56 PUSH ESI
00401366 |. 80F9 0D CMP CL,0D ; Compare contents of CL to (0D) ???
00401369 |. 57 PUSH EDI
0040136A |. 75 0A JNZ SHORT KeygenMe.00401376
0040136C |. 5F POP EDI
0040136D |. 5E POP ESI
0040136E |. 5D POP EBP
0040136F |. 33C0 XOR EAX,EAX
00401371 |. 5B POP EBX
00401372 |. 83C4 14 ADD ESP,14
00401375 |. C3 RETN

Why does the above code check for a + character followed by a space and then remove them if they exist? If I make my input: '+ 123' it becomes '123' but if i make my input '+ + + 123' it becomes '+ + 123' I do not really understand why it only bothers to remove the first '+ ' and yet will leave the extra ones should I input them, why bother removing and checking for the first two chars being a '+ '? Anyway hope my question is clear enough for someone to be able to answer me.

ISquishWorms.

Edited by ISquishWorms
Link to comment
  • 3 weeks later...

@ISquishWorms:

If you are still interested in this keygenme, It's been solved on Crackmes.de, try to check the solution :)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...