Jump to content
Tuts 4 You
  • 0
r00t0

r00t0's KeygenMe

Rate this question

Question

r00t0

Difficulty : 8
Language : C/C++
Platform : Windows 32bit
OS Version : Windows 7+
Packer / Protector : UPX 3.91

Description :

The goal is to write a keygen for it without patching the file. Key must have 5 characters.

Screenshot :

i9BXmX1wQw2v6VuqmJWroA.png

Download :

keygenme.zip

Edited by r00t0 (see edit history)

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 0
SmilingWolf

Yeah, I meant it as "one correct key (among the many possible ones)".

Attached my keygen in python 2.7
Some more sample keys:

cbdmn
aaatj
gaama

In general anything that can be solved by hand like that shouldn't get a difficulty rating above 2.

If I may and you're willing to, can I ask you now to explain how/why my keygen works? :)

keygen.py

Edited by SmilingWolf (see edit history)
  • Like 1

Share this post


Link to post
  • 0
SmilingWolf
One correct key: ajjag

Last letter appears to be unused, the sum of the indexes of the first 4 letters inside the alphabet

abcdefghijklmnopqrtuvwxyz

must equal the index of letter "t" inside said alphabet.

In the serial above:
a = 0 + j = 9 + j = 9 + a = 0 -> 18
Alpha[18] = t
Serial check passed.

How is this a difficulty 8 KeygenMe? Is that some kind of bait? Am I missing something?

  • Like 2

Share this post


Link to post
  • 0
r00t0

It's not a bait, maybe difficult is 2. And it's not one correct key.

You correctly solved how to work algorithm. Good work.

Edited by r00t0 (see edit history)

Share this post


Link to post
  • 0
r00t0

Keygen randomize 4 character from pattern (max array length / 3) from array and append to empty array, 5 character are randomized because is not used.

I understood the question well ?

There's my algorith to checking key

Spoiler

	fgets(read,5,stdin);
	int key = 0;
	for (int i=0; i<5; i++)
		for (int j=0; j<25; j++)
			if (read[i] == array2[j])
				key+=j;


 

Edited by r00t0 (see edit history)

Share this post


Link to post
  • 0
SmilingWolf

Yeah you got the question.

I'm generating the first 3 characters randomly, making sure that the sum of their indexes doesn't exceed 18 by simply using indexes between 0 and 6 (len(alpha) - 1 = 18; 18 / 3 = 6). This way the worst case scenario is that I've got 6 + 6 + 6 = g + g + g.
Then I'm subtrating from the max allowed index (18) the sum of the first three. This way, if the sum was 18 here I simpy get 0, which means "a" gets chosen as fourth letter.

You said the serial should be 5 letters long, but there's actually no check on the serial's length. Moreover, fgets(char * str, int num, FILE * stream) only memorizes num - 1 entered characters and appends a null byte at the end, which means the last iteration of the loop always checks a null byte instead of a letter, so my keygen would do just as well generating only 4 letters. This totally slipped past me :P

Edited by SmilingWolf (see edit history)
  • Like 1
  • Thanks 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...