Easy CrackMe #1

Only simple algorithms - for one name one key.

Provide a valid pair of name and serial, or write a keygen.

Good luck.

 

File Information

Submitter BunnyLab

Submitted 12/08/2020

Category KeygenMe

View File

Name:leet

Serial:77fe1a9ac6d0e41b35c---

simple string hash + xor some stuff

need constants to meet constraint of word count.

keygen:

Spoiler

	char buff[0x20], d[0x20];
	memset(buff, 0x0, 0x20);
	cin >> buff;
	
	//simple hash
	char* c = buff;
	int r = 0;
	while (*c)
	{
		r += *c;
		c++;
	}
	//xor
	r ^= 0x7654;
	sprintf(buff, "%x", r);

	int i = 3;
	do {
		r = r << 2 | r >> 30;
		r ^= 0x7654;
		sprintf(d, "%x", r);
		strncat(buff, d, 5);
		i--;
	} while (i);

	buff[19] = 45;
	buff[20] = 45;
	buff[21] = 45;
	buff[22] = '\0';

	cout << buff;

 

 

 

 

 

 

 

Edited December 12, 20204 yr by Salin
hide keygen code

9 hours ago, Salin said:

Name:leet

Serial:77fe1a9ac6d0e41b35c---

simple string hash + xor some stuff

Right.

simple string hash + xor + rol + xor + rol + xor + rol + xor 

Good job.

This krackme for beginners.

I'll make it harder - later

Edited December 11, 20204 yr by BunnyLab

here is my keygen

 

keygen.exe

Name : Ruble

Serial : 77ae1a8ec6d5e41b21c/*-

I don't know how to compilation,so used IDA

Spoiler

#include<iostream>

#include<cstring>

using namespace std;

 

int sub_401D0D(char *a1)

{

  int result; // eax

 

  result = 0;

  while ( *a1 )

  {

    result += (char)*a1;

    a1 += 1;

  }

  return result;

}

 

int sub_401CD3(int a1, char a2)

{

  return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F)));

}

 

int main()

{

     int v1; // esi

  char *v2; // esi

  int v3; // eax

  char v4; // al

  char *v5; // edi

  char *v6; // ecx

  char *Destination; // [esp+Ch] [ebp-Ch]

  int v9; // [esp+10h] [ebp-8h]

  char *Buffer; // [esp+14h] [ebp-4h]

 

  Destination = (char *)operator new(0x20);

  Buffer = (char *)operator new(0x20);

  cin>>Destination;

  v1 = sub_401D0D(Destination) ^ 0x7654;

  sprintf(Destination, "%x", v1);

  

  v9 = 3;

  do

  {

    v1 = sub_401CD3(v1, 2) ^ 0x7654;

    sprintf(Buffer, "%x", v1);

    strncat(Destination, Buffer, 5);

    --v9;

  }

  while ( v9 );

  //00401ADE  |.  83F8 16       cmp eax,0x16

  //00401AE1  |.  74 0E         je short CrackMe_.00401AF1

  //比较键入的值长度是否为16 后三位随便内容

  cout<<Destination<<"/*-";

    return 0;

}

 

On 2/19/2021 at 6:34 AM, Ruble said:

Keygen by GioTiN do not work on Name цукен

цукен

7761-1abd0-6d914-1b120

 

  Reveal hidden contents

#include<iostream>

#include<cstring>

using namespace std;

 

int sub_401D0D(char *a1)

{

  int result; // eax

 

  result = 0;

  while ( *a1 )

  {

    result += (char)*a1;

    a1 += 1;

  }

  return result;

}

 

int sub_401CD3(int a1, char a2)

{

  return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F)));

}

 

int main()

{

     int v1; // esi

  char *v2; // esi

  int v3; // eax

  char v4; // al

  char *v5; // edi

  char *v6; // ecx

  char *Destination; // [esp+Ch] [ebp-Ch]

  int v9; // [esp+10h] [ebp-8h]

  char *Buffer; // [esp+14h] [ebp-4h]

 

  Destination = (char *)operator new(0x20);

  Buffer = (char *)operator new(0x20);

  cin>>Destination;

  v1 = sub_401D0D(Destination) ^ 0x7654;

  sprintf(Destination, "%x", v1);

  

  v9 = 3;

  do

  {

    v1 = sub_401CD3(v1, 2) ^ 0x7654;

    sprintf(Buffer, "%x", v1);

    strncat(Destination, Buffer, 5);

    --v9;

  }

  while ( v9 );

  //00401ADE  |.  83F8 16       cmp eax,0x16

  //00401AE1  |.  74 0E         je short CrackMe_.00401AF1

  //比较键入的值长度是否为16 后三位随便内容

  cout<<Destination<<"/*-";

    return 0;

}

 

 

My code is:

0xsubd
74021-a65c6-ef241-bcac

For beginners (like me) I explain how I figured out how to reach the generator routine. maybe it helps someone.

First of all, I opened the exe with Resource Hacker. I found two interesting dialog boxes, a success one with ID 109 and a fail one with ID 110. They are decimal numbers.

I run x64dbg with the keygen and searched for the code: push 0x6D (again, it's 109 in dec.), because you have to use hexadecimal values for that. When opening a dialog box you have to pass the ID of the dialog as a parameter (and more but here we don't bother with other params).

Next when I found the Goodboy dialog, I scrolled up until I found a GetDlgItemTextW call, here we get the name from the dialog to a buffer.

Finally went up some lines until found a ret statement, after that line I put a breakpoint, restarted the program in x64dbg, and started to watch (F8, F7) how the serial is generated from the name.

Thank you for the keygen, I learnt a lot!

 

I tried to download this but 7zip error-ed out, there was nothing inside the folder?

 

EDIT: Never-mind. That one flew over my head, my browser removed/kept it from downloading

Edited October 26, 20231 yr by ismackedthatass

mimmounz

7528-1a2f46-fd84-1b804

 

python keygen

Spoiler

input_text = "mimmounz"

result = 0
for c in input_text:
    result += ord(c)

result = result ^ 0x7654
hex_result = hex(result)[2:]

for i in range(3):
    result = ((result << 2) | (result >> 30))
    result = result ^ 0x7654
    hex_result += hex(result)[2:7]
serial_hash = hex_result

print(f"{serial_hash[:4]}-{serial_hash[4:10]}-{serial_hash[10:14]}-{serial_hash[14:]}")