[keygenme] KeygenMe1

[N1ghtm4r3]

No patch, brute force, etc!

Valid solution is only a keygen+tutorial

KeygenMe1.zip

[Teddy Rogers]

The [keygenme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

[ISquishWorms]

Hello,

I have been looking at this Keygenme and have a question about the following:

00401340  /$ 83EC 14        SUB ESP,14
00401343  |. 8B5424 1C      MOV EDX,DWORD PTR SS:[ESP+1C]                              ;  Move string of upto 28 to EDX
00401347  |. C74424 00 0000>MOV DWORD PTR SS:[ESP],0                                   ;  Moves 0 into that stack space
0040134F  |. 803A 2B        CMP BYTE PTR DS:[EDX],2B                                   ;  Checks for a + character (2B)
00401352  |. 75 0D          JNZ SHORT KeygenMe.00401361                                ;  Jump taken if char IS NOT a + (2B)
00401354  |. 807A 01 20     CMP BYTE PTR DS:[EDX+1],20                                 ;  Checks for a ' ' space character (20)
00401358  |. 75 07          JNZ SHORT KeygenMe.00401361                                ;  Jump taken if char IS NOT a ' ' space (20)
0040135A  |. 83C2 02        ADD EDX,2                                                  ;  Add 2 to EDX remove the first + and '  ' space chars if they exist but why?
0040135D  |. 895424 1C      MOV DWORD PTR SS:[ESP+1C],EDX
00401361  |> 8A0A           MOV CL,BYTE PTR DS:[EDX]                                   ;  Push a char into CL ( for example first time round = I )
00401363  |. 53             PUSH EBX
00401364  |. 55             PUSH EBP
00401365  |. 56             PUSH ESI
00401366  |. 80F9 0D        CMP CL,0D                                                  ;  Compare contents of CL to (0D) ???
00401369  |. 57             PUSH EDI
0040136A  |. 75 0A          JNZ SHORT KeygenMe.00401376                                   
0040136C  |. 5F             POP EDI
0040136D  |. 5E             POP ESI
0040136E  |. 5D             POP EBP
0040136F  |. 33C0           XOR EAX,EAX
00401371  |. 5B             POP EBX
00401372  |. 83C4 14        ADD ESP,14
00401375  |. C3             RETN

Why does the above code check for a + character followed by a space and then remove them if they exist? If I make my input: '+ 123' it becomes '123' but if i make my input '+ + + 123' it becomes '+ + 123' I do not really understand why it only bothers to remove the first '+ ' and yet will leave the extra ones should I input them, why bother removing and checking for the first two chars being a '+ '? Anyway hope my question is clear enough for someone to be able to answer me.

ISquishWorms.

Edited February 23, 2011 by ISquishWorms

[N1ghtm4r3]

Nothing is not functional there!

try continue tracing to discover what does the entire call do.

Edited February 23, 2011 by N1ghtm4r3

[N1ghtm4r3]

@ISquishWorms:

If you are still interested in this keygenme, It's been solved on Crackmes.de, try to check the solution