mudlord Posted February 4, 2013 Share Posted February 4, 2013 sorry for taking so long.mudlord_keygenme2.zip Link to comment Share on other sites More sharing options...
atom0s Posted February 4, 2013 Share Posted February 4, 2013 Virus scanners detects:TrojanDropper:Win32/Jevafus.A Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 That would be the packer. I used obfuscation in the packer, as well as the keygenme. Link to comment Share on other sites More sharing options...
deepzero Posted February 4, 2013 Share Posted February 4, 2013 (edited) easy unpack, never seen the packer before, though. What is this? Edited February 4, 2013 by deepzero Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 That would be my own packer. It does give positive feedback on a proper serial though, is that what you mean? Link to comment Share on other sites More sharing options...
NikolayD Posted February 4, 2013 Share Posted February 4, 2013 MessageBoxA. I think it was meant. Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 Yes, a MessageBox is given on valid serial. Link to comment Share on other sites More sharing options...
NikolayD Posted February 4, 2013 Share Posted February 4, 2013 I always have same value: CMP DWORD PTR SS:[EBP-0x358],EAX [EBP-0x358]=00000060 It's correct? Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 (edited) Odd, any exact address? EDIT: tried debugging my code, my keygen works on my system :/ Edited February 4, 2013 by mudlord Link to comment Share on other sites More sharing options...
deepzero Posted February 4, 2013 Share Posted February 4, 2013 yeah, that looks like a off-by-4 bug to me, too. Looks like you are comparing the return address instead of the serial dword. e.g. 00402929 . 3985 9CFCFFFF CMP DWORD PTR SS:[EBP-364],EAX stack: 0012F554 2A323106 //value that is in eax, too0012F558 E9988CC8 //actual part of serial0012F55C 77F16BF2 RETURN to GDI32.77F16BF2 //some return addresss state/pane: EAX=2A323106Stack SS:[0012F55C]=77F16BF2 (GDI32.77F16BF2) Or mybe it`s just a nifty trick? Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 Matches fine in my keygen.... Link to comment Share on other sites More sharing options...
deepzero Posted February 4, 2013 Share Posted February 4, 2013 Ah, so it is a trick?Anyways, it`ll have to wait for tomorrow... :tired: Link to comment Share on other sites More sharing options...
NikolayD Posted February 4, 2013 Share Posted February 4, 2013 For this address 0040267B value always 60. But it is set earlier this address 00403387. Ok? Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 (edited) looks like you are running into issues with the obfu/antidebug (used BeaJunker macros ported to C) :< If people prefer, I could leave the packing code as-is and remove the obfu in the checking code? Not sure why it would be interfering though. Edited February 4, 2013 by mudlord Link to comment Share on other sites More sharing options...
deepzero Posted February 4, 2013 Share Posted February 4, 2013 could you drop off an example name/serial combo to verify that it actually owkrs? (only if it doesnt ruin the challenge, ofcourse...) Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 (edited) For my hardwaremudlordN+NGKVDLDk+8pESolBZYNNvZVQHqd6oNQTpQn+Mf2Gs= was intending the crackme to be HWID based, should have added a HWID label in the crackme :< Edited February 4, 2013 by mudlord Link to comment Share on other sites More sharing options...
NikolayD Posted February 4, 2013 Share Posted February 4, 2013 Don't know. I unpack and kill obfu/antidebug. Link to comment Share on other sites More sharing options...
mudlord Posted February 4, 2013 Author Share Posted February 4, 2013 (edited) Okay, so it was not working properly at all.Sorry for the issues, should have tested more. Back to the drawing board I suppose. :<mudlord_keygen.zip Edited February 4, 2013 by mudlord Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now