Simple KeygenMe

[GautamGreat]

Difficulty : 2 (I guess)
Language : C++ 
Platform : Windows
OS Version : All
Packer / Protector : None

Description :

It is a simple keygenme challenge. Coded in C++, solution is only a working keygen.

Screenshot :

 

KeygenMe #2.rar

[Washi]

Spoiler

User: washi
Serial:  TI38H-ECLPK-WNBLX-KRPS5-IBNF7

User: tuts4you
Serial: CMNLF-MFIB3-1QFMQ-WNJGK-XCGVI

Approach:

Spoiler

Tools used: Started with Ghidra, filled some gaps with IDA as Ghidra sometimes gave me incorrect or incomplete pseudo code.

1. Figure out the serial verification algorithm:

• Entrypoint looks a lot like a standard entrypoint that calls WinMain. Navigate to the WinMain (FUN_00401690), and notice the call to DialogBoxParamA with the associated DialogFunc (FUN_00401510) referenced.
• Go to the DialogFunc procedure, and notice the if statements that decide on the messagebox to be shown. From this we find our checkSerial function (FUN_004013b0).
• Notice that checkSerial repeats the username (including the trailing zero byte) until it is exactly 16 characters long, concatenates this with a hash computed by FUN_00401280, and then finally computes a checksum of the end result. A license is valid if the lower two bytes of this checksum are equal to the last two bytes of the serial hash.

2. Create keygen

• Recreate the keygenme using C#.
• Generate a random serial, test for validity and repeat the process if it is not.

I understand that this might be considered cheating, as it's more of a bruteforce method rather than actually reversing the algorithms. I ran out of time, and might do a proper keygen later. Nevertheless, bruteforcing a key is very fast on my machine, usually takes less than a second.

 

Keygen+Solution.7z