Jump to content

[Keygenme] Keygenme #?

Go to solution Solved by sama,

Recommended Posts

Hey guys,

A friend of mine wanted to learn some keygenning, so I crafted this small challenge for him, hope you guys will enjoy it too.

Probably level 2, depending on your skill.



Mr. eXoDia


Edited by Mr. eXoDia
  • Like 1
Link to comment

Gen proc hWnd:HWND invoke RND_Digits,addr szRand,6
invoke lstrcat,addr szRand, CTEXT("-")
invoke lstrcpy,addr szStr_To_Hash, addr szRand
invoke RtlZeroMemory,addr szRand,10h
invoke RND_Digits,addr szRand,2
invoke lstrcat,addr szStr_To_Hash, addr szRand
invoke lstrcat,addr szStr_To_Hash, CTEXT("1")
invoke RtlZeroMemory,addr szRand,10h
invoke RND_Digits,addr szRand,3
invoke lstrcat,addr szStr_To_Hash, addr szRand
invoke lstrcat,addr szStr_To_Hash, CTEXT("-3")
invoke RtlZeroMemory,addr szRand,10h
invoke RND_Digits,addr szRand,3
invoke lstrcat,addr szStr_To_Hash, addr szRand invoke lstrcpy,addr szName, addr szStr_To_Hash
invoke lstrcat,addr szStr_To_Hash, CTEXT("DE-ADBEEF")
invoke MD5Init
invoke lstrlen,addr szStr_To_Hash
invoke MD5Update,addr szStr_To_Hash,eax
invoke MD5Final
add eax,4
mov edx,[eax]
invoke wsprintf,addr szKey, CTEXT("%.8X"),edx
invoke lstrcpyn,addr szRand,addr szKey,3
invoke lstrcat,addr szRand, CTEXT("-")
invoke lstrcat,addr szName,addr szRand
invoke wsprintf,addr szRand, CTEXT("%s%s"), addr szName, addr szKey +2
invoke SetDlgItemText,hWnd,IDC_KEY,addr szRand ret
Gen endp


thank for challange

Link to comment

@sama: could you please post an executable I can run? I dont have any delphi installed thanks (algo looks good though)


edit: it would be nice when you generate serials with just one constant in them though :D



Edited by Mr. eXoDia
Link to comment
  • Solution

Here is an executable file. I have no delphi excuse .
Why work with only one constant when only 3 things to be tested, the rest is irrelevant.
However, it should be remembered that if a divisor have the value 0
a "division by zero exception" follows


Exception InformationCode: 0xc0000094      Flags: 0x00000000Record: 0x0000000000000000      Address: 0x000000000040155d

sorry for my bad english I use google translator


Edited by sama
Link to comment

@sama: you're right, I just wanted to fool guys who enter 000000-000000-000000-000000 :D good job anyway, your keygen works perfectly! and oh lol, it was asm xD

@jack: yours I like better, but sama was first so hehe :D

@atom0s: nice work fishing also

Keygenme solved!

Link to comment

@vic4key: your keygen appears to be working good, great job!

@chixiaojie: try and post where you get stuck, somebody will help you for sure

Link to comment

Here is a short explanation of the routine if this helps with some issues.   If something is not clear, I'll try to clarify it.


The key routine can be in hex digit separated by hyphens by 4 sets of 6 character length. I treated the values as 3 sets of Dword.   Using as Dword the leading zeros must hold a space value. Ex 00123DEF That holds space for one set of 8 hexdigits. The second set of 8 is more like 1 and 7. Will get to that in a minute. Then you have a third set of 8 which is determined by MD5. So you have 3 sets of 8 hexdigits that will be divided up into 4 groups of 6 separated by hyphens. The hyphens and length are tested for right from the beginning.

31E37770 18683257 84861989  // three sets of 8
31E377-701868-325784-861989  // grouped into 4 sets of 6 with hyphensThe MD5 comes into play by hashing the first two sets of 8 with DEADBEEF used as the third set of 8.

31E37770 18683257 DEADBEEF
Create the string 31E377-701868-3257DE-ADBEEF which gives you an MD5 hash of
The last set of 8 is now tested with a portion of the MD5 hash. MD5 will be in 16 groups of 2.
11 16 1A 6B 89 19 86 84 E4 3D CD 57 BD FD 60 2B So an array of byte, index [0 to 15] your last set of 8 is created by choosing array index 7 down to 4 So 84, 86, 19, 89 creating Dword 84861989. The last set of 8 of our serial is tested with this value, if match this passes the check.Now the values for the first 8 and second 8 need to be verified. The first 8 must be a divider of the 1st value of the second set with no remainder. I am referring to values as left to right like an index, 12345678. [1]8683257 1 being the 1st value, 8683257 the remaining 7 (2 to 8). Take the 1st set 31E37770 MOD 1 (1st value) = 0 This must equal 0 or we fail the check. Well if 1 is used, remainder will always be 0. :)  This is what sama’s solution does and what was meant by the one constant comment. So the first set of 8 can be any Dword value as long as the MOD of the 1st value of the second set results in 0.The second set of 8 also contains a constant value of ‘3’ as the 5th value. ABCD3111 As long as the first value results in MOD 0 and the 5th value is equal to '3', this passes all the checks. Testing for 3 is the last check.  So now you have everything needed to make your valid serial.The keygen I wrote, I did random number generation of the first set of 8, random range generation of the 1st value of the second set and random/random range for the rest. Random of the 1st value would be range of 1 to F. I wrote the random of the first set to loop generating numbers until MOD of the 1st value = 0. Really this isn’t needed. If you just take the 1st value and multiply it by the remaining 7 of the second set, you have a valid 1st set of 8. How you decide to do it is up to you. Just make sure the value divided by (MOD) isn't 0 and you can pass the constant value of 3, get the md5 hash value and add it to your string.Example of choosing second set of 8 first, random Dword taking care of not 0 and using constant of 3. EE8[3]122
BEE83122 as 2nd set of 8. B * EE83122 = A3FA1C76. So A3FA1C76 MOD B = 0: A3FA1C76 now becomes the 1st set. A3FA1C76 BEE83122 DEADBEEF
Create string to be hashed. A3FA1C-76BEE8-3122DE-ADBEEF
MD5 hash = B6 A1 68 86 CD B8 7B 1E A0 EC 06 23 E4 FA DA 05 Select index 7 to 4. 1E7BB8CD replaces DEADBEEF
The 3 groups of Dword become A3FA1C76 BEE83122 1E7BB8CD
Add your hyphens and make 4 groups of 6:  A3FA1C-76BEE8-31221E-7BB8CD

Check if valid...   Cheers - jack

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...