[Keygenme] XorRanger's KeygenMe 2

[XorRanger]

Hello All,

This is My Second KeygenMe in Delphi

Solution: Only Keygens Are Allowed.

A Tutorial Would Be An Added Bonus.

Language: Delphi

Packer: UPX. Simply Use "upx -d " to Decompress

Level: You Decide.

Please Solve. Thanks

http://up.ht/1dPLT9w

Edited January 22, 2014 by XorRanger

[DimitarSerg]

Very easy :

DS

1627-44BA

[ChOoKi]

Thanks for the challenge.

sol.7z

[sama]

this was very difficult for me, thanks for challenge.

XorString db 'THERMODYNAMICS',0
.code
Gen proc uses edi esi ebx hWnd:HWND

local dwLen:	DWORD

local lpRes[64]: BYTE
	invoke GetDlgItemText,hWnd,IDC_NAME,addr szName,SizeOf szName
	.if eax

		mov dwLen,eax

		lea esi, szName

		xor ecx,ecx		

		.while byte ptr[esi] != 0

			xor eax,eax

			lodsb

			xor al, byte ptr[XorString][ecx]

			push ecx

			invoke wsprintf,addr lpRes,CTEXT("%d"),eax

			invoke lstrcat,addr szKey,addr lpRes

			pop ecx

			inc ecx

			.if ecx > 0Dh

				xor ecx,ecx

			.endif

		.endw

		invoke lstrlen,addr szKey

		invoke CRC16,0, addr szKey, eax
		invoke wsprintf,addr lpRes,CTEXT("-%X"), eax

		invoke lstrcat,addr szKey,addr lpRes

	.else

		invoke SetDlgItemText,hWnd,IDC_KEY,CTEXT("Name! ?")

		ret

	.endif

		invoke SetDlgItemText,hWnd,IDC_KEY, addr szKey

	Ret

Gen endp

 

may be, i did code it the way you thought as in your code is a bug, e.g. if the name is > then the xorstring the next xoring value is taken from nirvana !

but i could be wrong.

Edited January 23, 2014 by sama

[XorRanger]

@DimitarSerg, Nice Try But The Challenge Was a KeygenME, So a Keygen is The Only Valid Solution.

[XorRanger]

@ChOoKi, I Must Confess You are a god at What You Do. Thanks For Solving This..........

[XorRanger]

@sama, Good Job. It Was Not A Bug, It Was Intentional.

Here is The Snippet

Constant := 'THERMODYNAMICS';

if

I < Length(Constant)

then

begin

TempXor := Ord(Name) Xor Ord(Constant);

TempXorString := TempXorString + IntToStr(TempXor);

end

else

begin

TempXor := Ord(Name) Xor Ord(Constant[Length(Name) - Length(Constant)]);

TempXorString := TempXorString + IntToStr(TempXor);

end;

[sama]

not need snippet

 

lets say name is 29 chars

constant is 14 chars

 

so now 29 -14 == 15 (hope i calculate right)

 

according to your code now char name[15] is xored with char at constant[15]

but there is nothing except garbage (in this example would be a 00 due the fact that string is zero ended.

 

anyway, as said before, i could be wrong, maybe a specialist like Chooki(we all know of his capabilities) would enlight us.

Edited January 23, 2014 by sama

[XorRanger]

@sama, It seems You are right. Thanks For Figuring it Out.

[ChOoKi]

It wasn't a big issue, that's why my solution had already taken care of it by:

 

1) Limiting NameBox to 28 characters.

2) showing message 'Name length should be 1~28'

 

[sama]

thanks Chooki, now i know why i used this line

		if 	uMsg == WM_INITDIALOG

		invoke GetDlgItem,hWnd, IDC_NAME

		invoke SendMessage,eax,EM_LIMITTEXT,28,0

[ChOoKi]

Packeged (kgm + kgm unpacked + keygen + tutorial)

packege.7z

[Dreamer]

ChOoKi is the best 

[XorRanger]

Nice Tutorial ChOoki, Thanks For This.

[pnta]

thanks bro ChOoKi