[KeygenME] XorRanger's KeygenME 7

[XorRanger]

Here is a KeygenME i put together today when i had some free time.
 
I know some set of people will solve this under 5 minutes. RulesNo rules.Solutions A working keygen  : Gold A Working Serial : SilverPatching : Bronze
A Tutorial would be appreciated.Please Do Solve.
 
** Sorry about the Size. 
 
Edit : just Fixed the bug reported by xSRTsect, sorry about that and thanks xSRTsect for reporting.
 
Edit2 : Fixed Another Bug (Hopefully the Last ) that made it impossible to get a valid key even through bruteforce).
 
XorRanger's KeygenME #7 Fixed Final.zip
 
Valid Solutions so Far

 

Office Jesus

 

xSRTsect

Edited January 17, 2015 by XorRanger

[xSRTsect]

perhaps you should revise this line:

 

  if ( ((*(_WORD *)v6 - 0x10) ^ 0x3D) != 0x4C )

[sama]

 

perhaps you should revise this line:

 

  if ( ((*(_WORD *)v6 - 0x10) ^ 0x3D) != 0x4C )

 

well this is the lower problem, ALT+0129,

but few checks later i think is not reversible

[xSRTsect]

No. I am pretty sure you have screwed this up because of the chartset encoding in utf-16 is different from windows charset versions, mine , the latin alphabet contains no char equivalent to 0x81, for example.

 

http://en.wikipedia.org/wiki/Windows-1252

 

http://en.wikipedia.org/wiki/Windows_code_page

[sama]

if the author use unprintable chars, thats not our fault

as for info i know what you say.

But one option to use the 0x81 (is like a space)

just do it the way i said above

click and hold the ALT key then on number Key click 0129 == (0x81)

cuz this is what he used as dilimiter.

[xSRTsect]

if the author use unprintable chars, thats not our fault as for info i know what you say. But one option to use the 0x81 (is like a space) just do it the way i said above click and hold the ALT key then on number Key click 0129 == (0x81) cuz this is what he used as dilimiter.

 

I dont think the message is passing. Did you even read what I just say? if there is no char for 0x81 in the char set, windows will get you another char (I think it chooses the closest one) and program simply no longer reads the value it was supposed to in the first place.

[XorRanger]

perhaps you should revise this line:

 

  if ( ((*(_WORD *)v6 - 0x10) ^ 0x3D) != 0x4C )

 

First post Updated with fixed version.

Thanks.

[Nucleus]

@XorRanger KeygenMe size is big, what IDE you used to code this, DelphiXE5?

[XorRanger]

@XorRanger KeygenMe size is big, what IDE you used to code this, DelphiXE5?

 

XE7.

[Nucleus]

How you made this skin?Do you used Castalia when coding?

Edited January 17, 2015 by Nucleus

[XorRanger]

How you made this skin.Do you used Castalia when coding?

 

They are VCL Skins and yes i use Castalia.

[xSRTsect]

No offense here, but have you actually tested the crackme, and are you sure you have a working key?

[Office Jesus]

Well, something is better than nothing, I suppose. Hopefully my message is humorous.

 

Solution.zip

[XorRanger]

No offense here, but have you actually tested the crackme, and are you sure you have a working key?

 

I just fixed a bug that made it impossible to get a valid key without patching.

sorry about that, i have also tested the version i just fixed and have a valid key for it.

please download "XorRanger's KeygenME #7 Fixed Final.zip"  in the first post and try again.

thanks.

[XorRanger]

Well, something is better than nothing, I suppose. Hopefully my message is humorous.

 

Solution.zip

 

nice solution. lol.

please try again with the fixed version.

thanks.

[xSRTsect]

I just fixed a bug that made it impossible to get a valid key without patching.

sorry about that, i have also tested the version i just fixed and have a valid key for it.

please download "XorRanger's KeygenME #7 Fixed Final.zip"  in the first post and try again.

thanks.

 

Unbelievable. I mean I try not to be rude, but who the hell makes a keygen.me and doesn't test the damn program after? **NO F.UCKING SENSE**

[XorRanger]

Unbelievable. I mean I try not to be rude, but who the hell makes a keygen.me and doesn't test the damn program after? **NO F.UCKING SENSE**

 

i did test it but later made some modifications. my bad.

[xSRTsect]

XR2015-131-0000-XYYYYYYY-46-0Y123456789X

 

here goes a script to calculate the first part

y = "aloinE"

s = ";@#y!Z"

i = 0

l = ""

for x in y:

	l = l + chr(((ord(s[i])- ord(x)) % 94)+32)

	i = i + 1

print l

And here is the final part, where the calculations on the genral matrix are made (unfortunate that you don't do anything else with it, aside from hashing).

int __fastcall chck_final(int a1, int a2, signed __int32 a3, int a4, int a5, int a6, int a7, int a8, int a9)

{

  signed __int32 v9; // edi@1

  int v10; // esi@1

  int v11; // ebx@1

  int j_; // esi@1

  int j; // ebx@2

  int v14; // eax@6

  __int64 v15; // rax@7

  int v16; // ebx@7

  unsigned int v18; // [sp-Ch] [bp-3Ch]@1

  _UNKNOWN *v19; // [sp-8h] [bp-38h]@1

  int *v20; // [sp-4h] [bp-34h]@1

  int i; // [sp+Ch] [bp-24h]@1

  int x; // [sp+10h] [bp-20h]@2

  int *C_; // [sp+14h] [bp-1Ch]@2

  int *C; // [sp+18h] [bp-18h]@1

  int *C_arr; // [sp+1Ch] [bp-14h]@1

  int *KeyArray; // [sp+20h] [bp-10h]@1

  int c_arr_cpy; // [sp+24h] [bp-Ch]@1

  int *keyArr_cpy; // [sp+28h] [bp-8h]@1

  int **M; // [sp+2Ch] [bp-4h]@1

  int savedregs; // [sp+30h] [bp+0h]@1
  v9 = _InterlockedExchange((volatile signed __int32 *)&M, a3);

  v10 = a2;

  v11 = a1;

  v20 = &savedregs;

  v19 = &loc_5E9758;

  v18 = __readfsdword(0);

  __writefsdword(0, (unsigned int)&v18);

  System::__linkproc__ DynArraySetLength(3, 3);

  System::__linkproc__ DynArraySetLength(9, v18);

  DynArrayMake((int)&KeyArray, (int)&var_11h);

  System::__linkproc__ DynArraySetLength(9, v18);

  *KeyArray = v11;

  KeyArray[1] = v10;

  KeyArray[2] = v9;

  KeyArray[3] = a4;

  KeyArray[4] = a5;

  KeyArray[5] = a6;

  KeyArray[6] = a7;

  KeyArray[7] = a8;

  KeyArray[8] = a9;

  copy((int)&keyArr_cpy, (int)KeyArray, (int)&var_11h);

  DynArrayMake((int)&C_arr, (int)&var_11h);

  System::__linkproc__ DynArraySetLength(3, v18);

  *C_arr = 0;

  C_arr[1] = 1;

  C_arr[2] = 2;

  copy((int)&c_arr_cpy, (int)C_arr, (int)&var_11h);

  j_ = 0;

  copy((int)&C, c_arr_cpy, (int)&var_11h);

  for ( i = 0; ; ++i )

  {

    v14 = System::__linkproc__ LStrLen(C);

    if ( v14 <= i )

      break;

    x = C[i];

    copy((int)&C_, c_arr_cpy, (int)&var_11h);

    for ( j = 0; j < System::__linkproc__ LStrLen(C_); ++j )

    {

      M[x][C_[j]] = j_ + keyArr_cpy[j_];

      ++j_;

    }

    DynArrayMake((int)&C_, (int)&var_11h);

  }

  DynArrayMake((int)&C, (int)&var_11h);

  v15 = (M[2][1] * *M[1] - *M[2] * M[1][1]) * (*M)[2]

      + (M[2][2] * M[1][1] - M[2][1] * M[1][2]) * **M

      - (M[2][2] * *M[1] - M[1][2] * *M[2]) * (*M)[1];

  v16 = (HIDWORD(v15) ^ v15) - HIDWORD(v15);

  __writefsdword(0, v18);

  v20 = (int *)&loc_5E975F;

  sub_40A7A8(&C_, &var_11h, 6);

  DynArrayMake((int)&M, (int)&byte_5E9498);

  return v16;

}