Jump to content
Tuts 4 You

[keygenme] KeygenMe1


Recommended Posts

The [keygenme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

Hello, :)

I have been looking at this Keygenme and have a question about the following:

00401340  /$ 83EC 14        SUB ESP,14
00401343 |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C] ; Move string of upto 28 to EDX
00401347 |. C74424 00 0000>MOV DWORD PTR SS:[ESP],0 ; Moves 0 into that stack space
0040134F |. 803A 2B CMP BYTE PTR DS:[EDX],2B ; Checks for a + character (2B)
00401352 |. 75 0D JNZ SHORT KeygenMe.00401361 ; Jump taken if char IS NOT a + (2B)
00401354 |. 807A 01 20 CMP BYTE PTR DS:[EDX+1],20 ; Checks for a ' ' space character (20)
00401358 |. 75 07 JNZ SHORT KeygenMe.00401361 ; Jump taken if char IS NOT a ' ' space (20)
0040135A |. 83C2 02 ADD EDX,2 ; Add 2 to EDX remove the first + and ' ' space chars if they exist but why?
0040135D |. 895424 1C MOV DWORD PTR SS:[ESP+1C],EDX
00401361 |> 8A0A MOV CL,BYTE PTR DS:[EDX] ; Push a char into CL ( for example first time round = I )
00401363 |. 53 PUSH EBX
00401364 |. 55 PUSH EBP
00401365 |. 56 PUSH ESI
00401366 |. 80F9 0D CMP CL,0D ; Compare contents of CL to (0D) ???
00401369 |. 57 PUSH EDI
0040136A |. 75 0A JNZ SHORT KeygenMe.00401376
0040136C |. 5F POP EDI
0040136D |. 5E POP ESI
0040136E |. 5D POP EBP
0040136F |. 33C0 XOR EAX,EAX
00401371 |. 5B POP EBX
00401372 |. 83C4 14 ADD ESP,14
00401375 |. C3 RETN

Why does the above code check for a + character followed by a space and then remove them if they exist? If I make my input: '+ 123' it becomes '123' but if i make my input '+ + + 123' it becomes '+ + 123' I do not really understand why it only bothers to remove the first '+ ' and yet will leave the extra ones should I input them, why bother removing and checking for the first two chars being a '+ '? Anyway hope my question is clear enough for someone to be able to answer me.


Edited by ISquishWorms
Link to comment
Share on other sites

Nothing is not functional there!

try continue tracing to discover what does the entire call do.

Edited by N1ghtm4r3
Link to comment
Share on other sites

  • 3 weeks later...


If you are still interested in this keygenme, It's been solved on Crackmes.de, try to check the solution :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...