Jump to content
Tuts 4 You

r00t0's KeygenMe

Go to solution Solved by SmilingWolf,

Recommended Posts

Difficulty : 8
Language : C/C++
Platform : Windows 32bit
OS Version : Windows 7+
Packer / Protector : UPX 3.91

Description :

The goal is to write a keygen for it without patching the file. Key must have 5 characters.

Screenshot :


Download :


Edited by r00t0
Link to comment
Share on other sites

One correct key: ajjag

Last letter appears to be unused, the sum of the indexes of the first 4 letters inside the alphabet


must equal the index of letter "t" inside said alphabet.

In the serial above:
a = 0 + j = 9 + j = 9 + a = 0 -> 18
Alpha[18] = t
Serial check passed.

How is this a difficulty 8 KeygenMe? Is that some kind of bait? Am I missing something?

  • Like 2
Link to comment
Share on other sites

It's not a bait, maybe difficult is 2. And it's not one correct key.

You correctly solved how to work algorithm. Good work.

Edited by r00t0
Link to comment
Share on other sites

  • Solution

Yeah, I meant it as "one correct key (among the many possible ones)".

Attached my keygen in python 2.7
Some more sample keys:


In general anything that can be solved by hand like that shouldn't get a difficulty rating above 2.

If I may and you're willing to, can I ask you now to explain how/why my keygen works? :)


Edited by SmilingWolf
  • Like 1
Link to comment
Share on other sites

Keygen randomize 4 character from pattern (max array length / 3) from array and append to empty array, 5 character are randomized because is not used.

I understood the question well ?

There's my algorith to checking key


	int key = 0;
	for (int i=0; i<5; i++)
		for (int j=0; j<25; j++)
			if (read[i] == array2[j])


Edited by r00t0
Link to comment
Share on other sites

Yeah you got the question.

I'm generating the first 3 characters randomly, making sure that the sum of their indexes doesn't exceed 18 by simply using indexes between 0 and 6 (len(alpha) - 1 = 18; 18 / 3 = 6). This way the worst case scenario is that I've got 6 + 6 + 6 = g + g + g.
Then I'm subtrating from the max allowed index (18) the sum of the first three. This way, if the sum was 18 here I simpy get 0, which means "a" gets chosen as fourth letter.

You said the serial should be 5 letters long, but there's actually no check on the serial's length. Moreover, fgets(char * str, int num, FILE * stream) only memorizes num - 1 entered characters and appends a null byte at the end, which means the last iteration of the loop always checks a null byte instead of a letter, so my keygen would do just as well generating only 4 letters. This totally slipped past me :P

Edited by SmilingWolf
  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...