BunnyLab Posted December 9, 2020 Share Posted December 9, 2020 View File Easy CrackMe #1 Only simple algorithms - for one name one key. Provide a valid pair of name and serial, or write a keygen. Good luck. Submitter BunnyLab Submitted 12/09/2020 Category KeygenMe Link to comment
Salin Posted December 11, 2020 Share Posted December 11, 2020 (edited) Name:leet Serial:77fe1a9ac6d0e41b35c--- simple string hash + xor some stuff need constants to meet constraint of word count. keygen: Spoiler char buff[0x20], d[0x20]; memset(buff, 0x0, 0x20); cin >> buff; //simple hash char* c = buff; int r = 0; while (*c) { r += *c; c++; } //xor r ^= 0x7654; sprintf(buff, "%x", r); int i = 3; do { r = r << 2 | r >> 30; r ^= 0x7654; sprintf(d, "%x", r); strncat(buff, d, 5); i--; } while (i); buff[19] = 45; buff[20] = 45; buff[21] = 45; buff[22] = '\0'; cout << buff; Edited December 12, 2020 by Salin hide keygen code Link to comment
BunnyLab Posted December 11, 2020 Author Share Posted December 11, 2020 (edited) 9 hours ago, Salin said: Name:leet Serial:77fe1a9ac6d0e41b35c--- simple string hash + xor some stuff Right. simple string hash + xor + rol + xor + rol + xor + rol + xor Good job. This krackme for beginners. I'll make it harder - later Edited December 11, 2020 by BunnyLab Link to comment
GioTiN Posted December 12, 2020 Share Posted December 12, 2020 here is my keygen keygen.exe Link to comment
Ruble Posted February 19, 2021 Share Posted February 19, 2021 Name : Ruble Serial : 77ae1a8ec6d5e41b21c/*- I don't know how to compilation,so used IDA Spoiler #include<iostream> #include<cstring> using namespace std; int sub_401D0D(char *a1) { int result; // eax result = 0; while ( *a1 ) { result += (char)*a1; a1 += 1; } return result; } int sub_401CD3(int a1, char a2) { return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F))); } int main() { int v1; // esi char *v2; // esi int v3; // eax char v4; // al char *v5; // edi char *v6; // ecx char *Destination; // [esp+Ch] [ebp-Ch] int v9; // [esp+10h] [ebp-8h] char *Buffer; // [esp+14h] [ebp-4h] Destination = (char *)operator new(0x20); Buffer = (char *)operator new(0x20); cin>>Destination; v1 = sub_401D0D(Destination) ^ 0x7654; sprintf(Destination, "%x", v1); v9 = 3; do { v1 = sub_401CD3(v1, 2) ^ 0x7654; sprintf(Buffer, "%x", v1); strncat(Destination, Buffer, 5); --v9; } while ( v9 ); //00401ADE |. 83F8 16 cmp eax,0x16 //00401AE1 |. 74 0E je short CrackMe_.00401AF1 //比较键入的值长度是否为16 后三位随便内容 cout<<Destination<<"/*-"; return 0; } Link to comment
sotnikov_a Posted February 1 Share Posted February 1 On 2/19/2021 at 6:34 AM, Ruble said: Keygen by GioTiN do not work on Name цукен цукен 7761-1abd0-6d914-1b120 Reveal hidden contents #include<iostream> #include<cstring> using namespace std; int sub_401D0D(char *a1) { int result; // eax result = 0; while ( *a1 ) { result += (char)*a1; a1 += 1; } return result; } int sub_401CD3(int a1, char a2) { return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F))); } int main() { int v1; // esi char *v2; // esi int v3; // eax char v4; // al char *v5; // edi char *v6; // ecx char *Destination; // [esp+Ch] [ebp-Ch] int v9; // [esp+10h] [ebp-8h] char *Buffer; // [esp+14h] [ebp-4h] Destination = (char *)operator new(0x20); Buffer = (char *)operator new(0x20); cin>>Destination; v1 = sub_401D0D(Destination) ^ 0x7654; sprintf(Destination, "%x", v1); v9 = 3; do { v1 = sub_401CD3(v1, 2) ^ 0x7654; sprintf(Buffer, "%x", v1); strncat(Destination, Buffer, 5); --v9; } while ( v9 ); //00401ADE |. 83F8 16 cmp eax,0x16 //00401AE1 |. 74 0E je short CrackMe_.00401AF1 //比较键入的值长度是否为16 后三位随便内容 cout<<Destination<<"/*-"; return 0; } Link to comment
0xsubd Posted February 3 Share Posted February 3 My code is: 0xsubd 74021-a65c6-ef241-bcac For beginners (like me) I explain how I figured out how to reach the generator routine. maybe it helps someone. First of all, I opened the exe with Resource Hacker. I found two interesting dialog boxes, a success one with ID 109 and a fail one with ID 110. They are decimal numbers. I run x64dbg with the keygen and searched for the code: push 0x6D (again, it's 109 in dec.), because you have to use hexadecimal values for that. When opening a dialog box you have to pass the ID of the dialog as a parameter (and more but here we don't bother with other params). Next when I found the Goodboy dialog, I scrolled up until I found a GetDlgItemTextW call, here we get the name from the dialog to a buffer. Finally went up some lines until found a ret statement, after that line I put a breakpoint, restarted the program in x64dbg, and started to watch (F8, F7) how the serial is generated from the name. Thank you for the keygen, I learnt a lot! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now