Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[keygenme] keygenme 2

mudlord
mudlord
in KeygenMe

Featured Replies

Posted

sorry for taking so long.


mudlord_keygenme2.zip

Virus scanners detects:


TrojanDropper:Win32/Jevafus.A


  • Author

That would be the packer. I used obfuscation in the packer, as well as the keygenme.


easy unpack, never seen the packer before, though. What is this?

Edited by deepzero

  • Author

That would be my own packer.


 


It does give positive feedback on a proper serial though, is that what you mean?


MessageBoxA. I think it was meant.


  • Author

Yes, a MessageBox is given on valid serial.


I always have same value:


 


 




CMP DWORD PTR SS:[EBP-0x358],EAX

[EBP-0x358]=00000060
 

It's correct?


  • Author

Odd, any exact address?


 


EDIT: tried debugging my code, my keygen works on my system :/


Edited by mudlord

yeah, that looks like a off-by-4 bug to me, too.

Looks like you are comparing the return address instead of the serial dword.

e.g.

 

 

00402929                         .  3985 9CFCFFFF                 CMP DWORD PTR SS:[EBP-364],EAX

 

stack:

 

0012F554      2A323106 //value that is in eax, too0012F558      E9988CC8 //actual part of serial0012F55C      77F16BF2  RETURN to GDI32.77F16BF2 //some return addresss

state/pane:

 

EAX=2A323106Stack SS:[0012F55C]=77F16BF2 (GDI32.77F16BF2)

 


Or mybe it`s just a nifty trick? ;)


 

  • Author

Matches fine in my keygen....;)


Ah, so it is a trick?


Anyways, it`ll have to wait for tomorrow... :tired:


For this address 0040267B value always 60. But it is set earlier this address 00403387. Ok?


  • Author

looks like you are running into issues with the obfu/antidebug (used BeaJunker macros ported to C) :< If people prefer, I could leave the packing code as-is and remove the obfu in the checking code? Not sure why it would be interfering though.


Edited by mudlord

could you drop off an example name/serial combo to verify that it actually owkrs? (only if it doesnt ruin the challenge, ofcourse...)


  • Author

For my hardware


mudlord


N+NGKVDLDk+8pESolBZYNNvZVQHqd6oNQTpQn+Mf2Gs=


 


was intending the crackme to be HWID based, should have added a HWID label in the crackme :<


Edited by mudlord

Don't know. I unpack and kill obfu/antidebug.


  • Author

Okay, so it was not working properly at all.


Sorry for the issues, should have tested more.


 


Back to the drawing board I suppose. :<


mudlord_keygen.zip

Edited by mudlord

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.