Posted December 24, 20186 yr Difficulty : 2 (I guess) Language : C++ Platform : Windows OS Version : All Packer / Protector : None Description : It is a simple keygenme challenge. Coded in C++, solution is only a working keygen. Screenshot : KeygenMe #2.rar
July 31, 20196 yr Solution Spoiler User: washi Serial: TI38H-ECLPK-WNBLX-KRPS5-IBNF7 User: tuts4you Serial: CMNLF-MFIB3-1QFMQ-WNJGK-XCGVI Approach: Spoiler Tools used: Started with Ghidra, filled some gaps with IDA as Ghidra sometimes gave me incorrect or incomplete pseudo code. 1. Figure out the serial verification algorithm: Entrypoint looks a lot like a standard entrypoint that calls WinMain. Navigate to the WinMain (FUN_00401690), and notice the call to DialogBoxParamA with the associated DialogFunc (FUN_00401510) referenced. Go to the DialogFunc procedure, and notice the if statements that decide on the messagebox to be shown. From this we find our checkSerial function (FUN_004013b0). Notice that checkSerial repeats the username (including the trailing zero byte) until it is exactly 16 characters long, concatenates this with a hash computed by FUN_00401280, and then finally computes a checksum of the end result. A license is valid if the lower two bytes of this checksum are equal to the last two bytes of the serial hash. 2. Create keygen Recreate the keygenme using C#. Generate a random serial, test for validity and repeat the process if it is not. I understand that this might be considered cheating, as it's more of a bruteforce method rather than actually reversing the algorithms. I ran out of time, and might do a proper keygen later. Nevertheless, bruteforcing a key is very fast on my machine, usually takes less than a second. Keygen+Solution.7z
Create an account or sign in to comment