Jump to content
Tuts 4 You

[Keygenme] XorRanger's KeygenMe 2


Recommended Posts

Hello All,

This is My Second KeygenMe in Delphi

Solution: Only Keygens Are Allowed.

A Tutorial Would Be An Added Bonus.

Language: Delphi

Packer: UPX. Simply Use "upx -d " to Decompress

Level: You Decide.

Please Solve. Thanks


Edited by XorRanger
  • Like 2
Link to comment
Share on other sites

this was very difficult for me, thanks for challenge.

XorString db 'THERMODYNAMICS',0 .code Gen proc uses edi esi ebx hWnd:HWND
local dwLen: DWORD
local lpRes[64]: BYTE invoke GetDlgItemText,hWnd,IDC_NAME,addr szName,SizeOf szName .if eax
mov dwLen,eax
lea esi, szName
xor ecx,ecx
.while byte ptr[esi] != 0
xor eax,eax
xor al, byte ptr[XorString][ecx]
push ecx
invoke wsprintf,addr lpRes,CTEXT("%d"),eax
invoke lstrcat,addr szKey,addr lpRes
pop ecx
inc ecx
.if ecx > 0Dh
xor ecx,ecx
invoke lstrlen,addr szKey
invoke CRC16,0, addr szKey, eax invoke wsprintf,addr lpRes,CTEXT("-%X"), eax
invoke lstrcat,addr szKey,addr lpRes
invoke SetDlgItemText,hWnd,IDC_KEY,CTEXT("Name! ?")
invoke SetDlgItemText,hWnd,IDC_KEY, addr szKey
Gen endp


may be, i did code it the way you thought as in your code is a bug, e.g. if the name is > then the xorstring the next xoring value is taken from nirvana !

but i could be wrong.

Edited by sama
  • Like 1
Link to comment
Share on other sites

@sama, Good Job. It Was Not A Bug, It Was Intentional.

Here is The Snippet



I < Length(Constant)



TempXor := Ord(Name) Xor Ord(Constant);

TempXorString := TempXorString + IntToStr(TempXor);




TempXor := Ord(Name) Xor Ord(Constant[Length(Name) - Length(Constant)]);

TempXorString := TempXorString + IntToStr(TempXor);


  • Like 1
Link to comment
Share on other sites

not need snippet


lets say name is 29 chars

constant is 14 chars


so now 29 -14 == 15 (hope i calculate right)


according to your code now char name[15] is xored with char at constant[15]

but there is nothing except garbage (in this example would be a 00 due the fact that string is zero ended.


anyway, as said before, i could be wrong, maybe a specialist like Chooki(we all know of his capabilities) would enlight us.

Edited by sama
  • Like 1
Link to comment
Share on other sites

It wasn't a big issue, that's why my solution had already taken care of it by:


1) Limiting NameBox to 28 characters.

2) showing message 'Name length should be 1~28'



  • Like 2
Link to comment
Share on other sites

thanks Chooki, now i know why i used this line

invoke GetDlgItem,hWnd, IDC_NAME
invoke SendMessage,eax,EM_LIMITTEXT,28,0
Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...