Jump to content
Tuts 4 You

[KeygenME] XorRanger's KeygenME 7


XorRanger

Recommended Posts

Here is a KeygenME i put together today when i had some free time.
 
I know some set of people will solve this under 5 minutes. :)RulesNo rules.Solutions A working keygen  : Gold A Working Serial : SilverPatching : Bronze
A Tutorial would be appreciated.Please Do Solve.

 
** Sorry about the Size.  :scratch:
 
Edit : just Fixed the bug reported by xSRTsect, sorry about that and thanks xSRTsect for reporting.
 
Edit2 : Fixed Another Bug (Hopefully the Last :)) that made it impossible to get a valid key even through bruteforce).
 
XorRanger's KeygenME #7 Fixed Final.zip
 
Valid Solutions so Far

 

Office Jesus

 

xSRTsect

Edited by XorRanger
  • Like 1
Link to comment
Share on other sites

 

perhaps you should revise this line:

 

  if ( ((*(_WORD *)v6 - 0x10) ^ 0x3D) != 0x4C )

 

well this is the lower problem, ALT+0129,

but few checks later i think is not reversible

Link to comment
Share on other sites

if the author use unprintable chars, thats not our fault

as for info i know what you say.

But one option to use the 0x81 (is like a space)

just do it the way i said above

click and hold the ALT key then on number Key click 0129 == (0x81)

cuz this is what he used as dilimiter.

Link to comment
Share on other sites

if the author use unprintable chars, thats not our fault as for info i know what you say. But one option to use the 0x81 (is like a space) just do it the way i said above click and hold the ALT key then on number Key click 0129 == (0x81) cuz this is what he used as dilimiter.

 

I dont think the message is passing. Did you even read what I just say? if there is no char for 0x81 in the char set, windows will get you another char (I think it chooses the closest one) and program simply no longer reads the value it was supposed to in the first place.

Link to comment
Share on other sites

perhaps you should revise this line:

 

  if ( ((*(_WORD *)v6 - 0x10) ^ 0x3D) != 0x4C )

 

First post Updated with fixed version.

Thanks.

Link to comment
Share on other sites

No offense here, but have you actually tested the crackme, and are you sure you have a working key?

 

I just fixed a bug that made it impossible to get a valid key without patching.

sorry about that, i have also tested the version i just fixed and have a valid key for it.

please download "XorRanger's KeygenME #7 Fixed Final.zip"  in the first post and try again.

thanks.

Link to comment
Share on other sites

I just fixed a bug that made it impossible to get a valid key without patching.

sorry about that, i have also tested the version i just fixed and have a valid key for it.

please download "XorRanger's KeygenME #7 Fixed Final.zip"  in the first post and try again.

thanks.

 

Unbelievable. I mean I try not to be rude, but who the hell makes a keygen.me and doesn't test the damn program after? **NO F.UCKING SENSE**

Link to comment
Share on other sites

Unbelievable. I mean I try not to be rude, but who the hell makes a keygen.me and doesn't test the damn program after? **NO F.UCKING SENSE**

 

i did test it but later made some modifications. my bad. :sorry:

Link to comment
Share on other sites

XR2015-131-0000-XYYYYYYY-46-0Y123456789X


 


here goes a script to calculate the first part



y = "aloinE"
s = ";@#y!Z"
i = 0
l = ""
for x in y:
l = l + chr(((ord(s[i])- ord(x)) % 94)+32)
i = i + 1
print l

And here is the final part, where the calculations on the genral matrix are made (unfortunate that you don't do anything else with it, aside from hashing).



int __fastcall chck_final(int a1, int a2, signed __int32 a3, int a4, int a5, int a6, int a7, int a8, int a9)
{
signed __int32 v9; // edi@1
int v10; // esi@1
int v11; // ebx@1
int j_; // esi@1
int j; // ebx@2
int v14; // eax@6
__int64 v15; // rax@7
int v16; // ebx@7
unsigned int v18; // [sp-Ch] [bp-3Ch]@1
_UNKNOWN *v19; // [sp-8h] [bp-38h]@1
int *v20; // [sp-4h] [bp-34h]@1
int i; // [sp+Ch] [bp-24h]@1
int x; // [sp+10h] [bp-20h]@2
int *C_; // [sp+14h] [bp-1Ch]@2
int *C; // [sp+18h] [bp-18h]@1
int *C_arr; // [sp+1Ch] [bp-14h]@1
int *KeyArray; // [sp+20h] [bp-10h]@1
int c_arr_cpy; // [sp+24h] [bp-Ch]@1
int *keyArr_cpy; // [sp+28h] [bp-8h]@1
int **M; // [sp+2Ch] [bp-4h]@1
int savedregs; // [sp+30h] [bp+0h]@1 v9 = _InterlockedExchange((volatile signed __int32 *)&M, a3);
v10 = a2;
v11 = a1;
v20 = &savedregs;
v19 = &loc_5E9758;
v18 = __readfsdword(0);
__writefsdword(0, (unsigned int)&v18);
System::__linkproc__ DynArraySetLength(3, 3);
System::__linkproc__ DynArraySetLength(9, v18);
DynArrayMake((int)&KeyArray, (int)&var_11h);
System::__linkproc__ DynArraySetLength(9, v18);
*KeyArray = v11;
KeyArray[1] = v10;
KeyArray[2] = v9;
KeyArray[3] = a4;
KeyArray[4] = a5;
KeyArray[5] = a6;
KeyArray[6] = a7;
KeyArray[7] = a8;
KeyArray[8] = a9;
copy((int)&keyArr_cpy, (int)KeyArray, (int)&var_11h);
DynArrayMake((int)&C_arr, (int)&var_11h);
System::__linkproc__ DynArraySetLength(3, v18);
*C_arr = 0;
C_arr[1] = 1;
C_arr[2] = 2;
copy((int)&c_arr_cpy, (int)C_arr, (int)&var_11h);
j_ = 0;
copy((int)&C, c_arr_cpy, (int)&var_11h);
for ( i = 0; ; ++i )
{
v14 = System::__linkproc__ LStrLen(C);
if ( v14 <= i )
break;
x = C[i];
copy((int)&C_, c_arr_cpy, (int)&var_11h);
for ( j = 0; j < System::__linkproc__ LStrLen(C_); ++j )
{
M[x][C_[j]] = j_ + keyArr_cpy[j_];
++j_;
}
DynArrayMake((int)&C_, (int)&var_11h);
}
DynArrayMake((int)&C, (int)&var_11h);
v15 = (M[2][1] * *M[1] - *M[2] * M[1][1]) * (*M)[2]
+ (M[2][2] * M[1][1] - M[2][1] * M[1][2]) * **M
- (M[2][2] * *M[1] - M[1][2] * *M[2]) * (*M)[1];
v16 = (HIDWORD(v15) ^ v15) - HIDWORD(v15);
__writefsdword(0, v18);
v20 = (int *)&loc_5E975F;
sub_40A7A8(&C_, &var_11h, 6);
DynArrayMake((int)&M, (int)&byte_5E9498);
return v16;
}
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...