Jump to content
Tuts 4 You

[Keygenme] KGM!DE #1

DE!

By DE!
in KeygenMe

 Share

Recommended Posts

DE!

DE!

Posted
Posted

Here's a thingie i made some long time ago, nothing fancy and not so difficult i guess so go ahead :)

No patching, only a solution is a keygen

I used UPX to compress

Note : When using an invalid name and code combination, you'll get an access violation.

Have fun.

KGM!DE_1.rar

  • 4 months later...
DE!

DE!

Posted
  • Author
Posted (edited)

Ok...

This is how it works...

A valid serial would for example be

Username : Dyers Eve
Serial : 3C82-5903-0806-4357-344C-9401-3E3D-0269

First we'll calculate the MD5 of the username. This gives us 4 dwords (md5_1, md5_2, md5_3 and md5_4)

Next we remove all the dashes in the serial : 3C82590308064357344C94013E3D0269

And we split them in 4 dwords :

0x3C825903, 0x08064357, 0x344C9401 and 0x3E3D0269

Then we xor all of these dwords with their MD5 part

newdw1 = md5_1 xor 0x3C825903
newdw2 = md5_2 xor 0x08064357
newdw3 = md5_3 xor 0x344C9401
newdw4 = md5_4 xor 0x3E3D0269

So we end up with :

newdw1 = 0xC3D3FFDB
newdw2 = 0xF7D3F703
newdw3 = 0xCBC108C3
newdw4 = 0xC125F383

Now, when you look at those 4 dwords as being CODE and not as data bytes you'll see :

00553C30	  83F3 25	   xor	 ebx, 25
00553C33	  C1C3 08	  rol	 ebx, 8
00553C36	  C1CB 03	  ror	 ebx, 3
00553C39	  F7D3		   not	 ebx
00553C3B	  F7DB		  neg	 ebx
00553C3D	  FFD3		  call	ebx
00553C3F	  C3			   retn

We then do a jump to the ptr of our last dword (newdw4). So the serialnumber is actually a piece of ASM code (16 bytes) xor'd with the MD5 of your registration name. When the serialnumber is good, the ASM code will be correct. If not, you'll get an exception.

I added the code for the verification and keygen aswell...

KGM!DE_1_solution.rar

Edited by DE!
mudlord

mudlord

Posted
Posted

I take it Delphi is not capable of proper exception handling (which explains the access violation)?

DE!

DE!

Posted
  • Author
Posted (edited)

I take it Delphi is not capable of proper exception handling (which explains the access violation)?

Delphi/lazarus has proper exception handling, just didn't add it to this keygenme.. but yes, an exception handler could have been used to display something like 'bad serial' ... Only problem is that you don't know what code you're generating with a bad serial... It doesn't always throw an exception...but it does most of the time....

Edited by DE!
mudlord

mudlord

Posted
Posted

Ah, fair enough. Nice idea with dynamically generating code based on the serial.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...