Tuts 4 You

# Easy CrackMe #1

## Recommended Posts

### Easy CrackMe #1

Only simple algorithms - for one name one key.

Provide a valid pair of name and serial, or write a keygen.

Good luck.

• Submitter
• Submitted
12/09/2020
• Category

##### Share on other sites

Name:leet

Serial:77fe1a9ac6d0e41b35c---

simple string hash + xor some stuff

need constants to meet constraint of word count.

keygen:

Spoiler
```
char buff[0x20], d[0x20];
memset(buff, 0x0, 0x20);
cin >> buff;

//simple hash
char* c = buff;
int r = 0;
while (*c)
{
r += *c;
c++;
}
//xor
r ^= 0x7654;
sprintf(buff, "%x", r);

int i = 3;
do {
r = r << 2 | r >> 30;
r ^= 0x7654;
sprintf(d, "%x", r);
strncat(buff, d, 5);
i--;
} while (i);

buff[19] = 45;
buff[20] = 45;
buff[21] = 45;
buff[22] = '\0';

cout << buff;```

Edited by Salin
hide keygen code
##### Share on other sites

9 hours ago, Salin said:

Name:leet

Serial:77fe1a9ac6d0e41b35c---

simple string hash + xor some stuff

Right.

simple string hash + xor + rol + xor + rol + xor + rol + xor

Good job.

This krackme for beginners.

I'll make it harder - later

Edited by BunnyLab
##### Share on other sites

here is my keygen

##### Share on other sites

• 2 months later...

Name : Ruble

Serial : 77ae1a8ec6d5e41b21c/*-

I don't know how to compilation,so used IDA

Spoiler

#include<iostream>

#include<cstring>

using namespace std;

int sub_401D0D(char *a1)

{

int result; // eax

result = 0;

while ( *a1 )

{

result += (char)*a1;

a1 += 1;

}

return result;

}

int sub_401CD3(int a1, char a2)

{

return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F)));

}

int main()

{

int v1; // esi

char *v2; // esi

int v3; // eax

char v4; // al

char *v5; // edi

char *v6; // ecx

char *Destination; // [esp+Ch] [ebp-Ch]

int v9; // [esp+10h] [ebp-8h]

char *Buffer; // [esp+14h] [ebp-4h]

Destination = (char *)operator new(0x20);

Buffer = (char *)operator new(0x20);

cin>>Destination;

v1 = sub_401D0D(Destination) ^ 0x7654;

sprintf(Destination, "%x", v1);

v9 = 3;

do

{

v1 = sub_401CD3(v1, 2) ^ 0x7654;

sprintf(Buffer, "%x", v1);

strncat(Destination, Buffer, 5);

--v9;

}

while ( v9 );

//00401ADE  |.  83F8 16       cmp eax,0x16

//00401AE1  |.  74 0E         je short CrackMe_.00401AF1

//比较键入的值长度是否为16 后三位随便内容

cout<<Destination<<"/*-";

return 0;

}

##### Share on other sites

• 11 months later...
On 2/19/2021 at 6:34 AM, Ruble said:

Keygen by GioTiN do not work on Name цукен

цукен

7761-1abd0-6d914-1b120

Reveal hidden contents

#include<iostream>

#include<cstring>

using namespace std;

int sub_401D0D(char *a1)

{

int result; // eax

result = 0;

while ( *a1 )

{

result += (char)*a1;

a1 += 1;

}

return result;

}

int sub_401CD3(int a1, char a2)

{

return (a1 << (a2 & 0x1F)) | (a1 >> (32 - (a2 & 0x1F)));

}

int main()

{

int v1; // esi

char *v2; // esi

int v3; // eax

char v4; // al

char *v5; // edi

char *v6; // ecx

char *Destination; // [esp+Ch] [ebp-Ch]

int v9; // [esp+10h] [ebp-8h]

char *Buffer; // [esp+14h] [ebp-4h]

Destination = (char *)operator new(0x20);

Buffer = (char *)operator new(0x20);

cin>>Destination;

v1 = sub_401D0D(Destination) ^ 0x7654;

sprintf(Destination, "%x", v1);

v9 = 3;

do

{

v1 = sub_401CD3(v1, 2) ^ 0x7654;

sprintf(Buffer, "%x", v1);

strncat(Destination, Buffer, 5);

--v9;

}

while ( v9 );

//00401ADE  |.  83F8 16       cmp eax,0x16

//00401AE1  |.  74 0E         je short CrackMe_.00401AF1

//比较键入的值长度是否为16 后三位随便内容

cout<<Destination<<"/*-";

return 0;

}

##### Share on other sites

My code is:

0xsubd
74021-a65c6-ef241-bcac

For beginners (like me) I explain how I figured out how to reach the generator routine. maybe it helps someone.

First of all, I opened the exe with Resource Hacker. I found two interesting dialog boxes, a success one with ID 109 and a fail one with ID 110. They are decimal numbers.

I run x64dbg with the keygen and searched for the code: push 0x6D (again, it's 109 in dec.), because you have to use hexadecimal values for that. When opening a dialog box you have to pass the ID of the dialog as a parameter (and more but here we don't bother with other params).

Next when I found the Goodboy dialog, I scrolled up until I found a GetDlgItemTextW call, here we get the name from the dialog to a buffer.

Finally went up some lines until found a ret statement, after that line I put a breakpoint, restarted the program in x64dbg, and started to watch (F8, F7) how the serial is generated from the name.

Thank you for the keygen, I learnt a lot!

##### Share on other sites

• 1 year later...

I tried to download this but 7zip error-ed out, there was nothing inside the folder?

Edited by ismackedthatass