tarequl.hassan Posted March 10, 2021 Posted March 10, 2021 View File Keygenme MT01 Hi I got this keygenme in my hard drive, this is from CIN1TEAM and created by MR. Teo. Thought this might help someone to test his keygenning skill. Thanks Submitter tarequl.hassan Submitted 03/08/2021 Category KeygenMe
KesMezar Posted March 10, 2021 Posted March 10, 2021 (edited) Spoiler Name:kesmezar Serial:F6DL-TUTS-4YOU or kesmezar KESM-0000-0000 0046CE3C E8 1BFCFFFF CALL 0046CA5C 0046CE41 33F8 XOR EDI, EAX 0046CE43 3375 EC XOR ESI, DWORD PTR SS:[EBP-14] 0046CE46 3BFE CMP EDI, ESI ->main compare uses Kao Base33 algorithm.->https://forum.tuts4you.com/topic/42890-base33-algo/?tab=comments#comment-208007 Serial format : XXXX-XXXX-XXXX -> PART1-PART2-PART3 base33encode(NAME(4 char & upper text)) XOR base33encode(reverse PART2) = A base33encode(PART1) XOR base33encode(PART3) = B if "A = B" the result is correct. The keygen can be written when there is time. Edited March 10, 2021 by k3s_m3z4r 1
Solution KesMezar Posted March 12, 2021 Solution Posted March 12, 2021 Generating code could be shorter, at least this time I didn't use an external rc file. kgn.bat ;@echo off ;goto KesMezar .686 .MODEL flat, stdcall OPTION casemap:none include \MASM32\INCLUDE\dialogs.inc include \MASM32\INCLUDE\windows.inc include \MASM32\INCLUDE\user32.inc include \MASM32\INCLUDE\kernel32.inc include \MASM32\INCLUDE\shell32.inc include \MASM32\INCLUDE\comctl32.inc include \MASM32\INCLUDE\comdlg32.inc includelib \MASM32\LIB\user32.lib includelib \MASM32\LIB\kernel32.lib includelib \MASM32\LIB\shell32.lib includelib \MASM32\LIB\comctl32.lib includelib \MASM32\LIB\comdlg32.lib FUNC MACRO parameters:VARARG invoke parameters EXITM <eax> ENDM WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM keygengenerate PROTO :HWND randomizechar PROTO :DWORD,:DWORD ReverseString PROTO :DWORD,:DWORD Base33Decode PROTO :DWORD Base33Encode PROTO :DWORD,:DWORD .CONST KEYGEN_ICON = 200 .DATA alphabet db 'ABCDEFGHJKLMNPQRSTUVWXYZ123456789',0 alphtrnd db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789',0 .DATA? hInstance DD ? CommandLine DD ? hIcon DD ? serial dd ? names dd ? .CODE start: MOV hInstance, FUNC(GetModuleHandle,NULL) mov hIcon, FUNC(LoadIcon,hInstance,500) CALL WinMain INVOKE ExitProcess,eax WinMain proc Dialog "KeygenForTuts4you","MS Sans Serif",10, \ WS_VISIBLE or WS_CAPTION or WS_SYSMENU or DS_CENTER, \ 7, \ 128, 128, 106, 75, \ 1024 DlgStatic "&Name:",WS_VISIBLE,3,2,22,8,1001 DlgEdit WS_VISIBLE or WS_BORDER,3,10,100,10,1002 DlgStatic "&Serial:",WS_VISIBLE,3,23,22,8,1003 DlgEdit WS_VISIBLE or WS_BORDER,3,31,100,10,1004 DlgButton "&Generate",1,3,45,100,10,1005 DlgButton "&Exit", 1,3,60,100,10,1006 DlgIcon 500,-15,0,500 CallModalDialog hInstance,0,WndProc,NULL RET WinMain endp WndProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD MOV EAX, uMsg .IF EAX == WM_INITDIALOG INVOKE SendMessage,hWin,WM_SETICON,0,FUNC(LoadIcon,hInstance, 500) .ELSEIF EAX == WM_COMMAND .IF wParam == 1005 invoke keygengenerate,hWin xor eax,eax ret .ENDIF .IF wParam == 1006 JMP exit_keygen .ENDIF .ELSEIF EAX == WM_CLOSE exit_keygen: INVOKE EndDialog,hWin,0 .ENDIF XOR EAX, EAX RET WndProc endp keygengenerate PROC uses ebx edi esi hWin:DWORD LOCAL namea:DWORD .data serF db "%s-%s-%s",0 namerr db "4 letters is enough!!! ",0 .data? part2 dd 8 dup(?) revpart2 dd ? part1 dd 8 dup(?) part3 dd 8 dup(?) xorsonA dd 8 dup(?) .code invoke GetDlgItemText,hWin,1002,addr names,50h .if eax != 4 invoke SetDlgItemText, hWin, 1004, ADDR namerr Ret .endif invoke CharUpper,addr names invoke Base33Decode,addr names mov namea,eax kontrol: invoke randomizechar,addr part2,4 invoke ReverseString,addr part2,addr revpart2 invoke Base33Decode,addr revpart2 xor eax,namea mov xorsonA,eax;(A) invoke randomizechar,addr part1,4 invoke Base33Decode,addr part1 xor eax,xorsonA .if eax >= 121880h;base33enc up limit jmp kontrol .endif invoke Base33Encode,EAX,addr part3 invoke wsprintf,addr serial,addr serF,addr part1,addr part2,addr part3 invoke SetDlgItemText,hWin,1004,addr serial xor eax,eax ret keygengenerate endp randomizechar PROC uses ebx edi esi sonuc:DWORD,lens:DWORD .data fmt db "%s",0 .data? randomson dd 100 dup (?) .code xor ecx,ecx .repeat RDTSC xor edx,edx mov ebx,61 div ebx movzx eax, byte ptr ds :[alphtrnd+edx] mov byte ptr ds :[randomson+ecx],al inc ecx .until ecx == lens invoke wsprintf,sonuc,addr fmt,addr randomson ret randomizechar endp IndexOf proc uses ebx charToFind:DWORD mov ebx, [charToFind] xor eax, eax @@: cmp alphabet[eax], bl je @exit inc eax cmp eax, 33 jbe @B xor eax, eax @exit: ret IndexOf endp Base33Decode proc uses esi edi ebx encodedString:DWORD mov edi, 0 mov esi, [encodedString] xor ebx, ebx @@: mov eax, edi shl edi, 5 add edi, eax ; edi = edi * 33 xor eax, eax lodsb invoke IndexOf, eax add edi, eax inc ebx cmp ebx, 4 jne @B mov eax, edi ret Base33Decode endp Base33Encode proc uses esi edi ebx number:DWORD, encodedString:DWORD pushfd std mov ecx, 4 mov edi, [encodedString] add edi, 3 mov ebx, 33 mov eax, [number] @@: xor edx, edx div ebx lea esi, [alphabet + edx] movsb loop @B popfd ret Base33Encode endp ReverseString proc insrc:DWORD, outsrc:DWORD mov esi, insrc mov edi, outsrc xor ecx, ecx @@: cmp byte ptr [esi+ecx], 0 lea ecx, [ecx + 1] jne @B mov byte ptr [edi+ecx-1], 0 @@: sub ecx, 2 jl @F mov ah, byte ptr [esi] mov al, byte ptr [esi+ecx] mov byte ptr [edi], al mov byte ptr [edi+ecx], ah inc esi inc edi jmp @B @@: ret ReverseString endp end start ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; :KesMezar set dosya=kgn \masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"\masm32\Include" %dosya%.bat \masm32\Bin\LINK.EXE /SUBSYSTEM:WINDOWS /RELEASE /VERSION:4.0 /LIBPATH:"\masm32\Lib" %dosya%.obj del *.obj pause ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 1
tarequl.hassan Posted March 12, 2021 Author Posted March 12, 2021 2 hours ago, k3s_m3z4r said: Generating code could be shorter, at least this time I didn't use an external rc file. kgn.bat ;@echo off ;goto KesMezar .686 .MODEL flat, stdcall OPTION casemap:none include \MASM32\INCLUDE\dialogs.inc include \MASM32\INCLUDE\windows.inc include \MASM32\INCLUDE\user32.inc include \MASM32\INCLUDE\kernel32.inc include \MASM32\INCLUDE\shell32.inc include \MASM32\INCLUDE\comctl32.inc include \MASM32\INCLUDE\comdlg32.inc includelib \MASM32\LIB\user32.lib includelib \MASM32\LIB\kernel32.lib includelib \MASM32\LIB\shell32.lib includelib \MASM32\LIB\comctl32.lib includelib \MASM32\LIB\comdlg32.lib FUNC MACRO parameters:VARARG invoke parameters EXITM <eax> ENDM WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM keygengenerate PROTO :HWND randomizechar PROTO :DWORD,:DWORD ReverseString PROTO :DWORD,:DWORD Base33Decode PROTO :DWORD Base33Encode PROTO :DWORD,:DWORD .CONST KEYGEN_ICON = 200 .DATA alphabet db 'ABCDEFGHJKLMNPQRSTUVWXYZ123456789',0 alphtrnd db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789',0 .DATA? hInstance DD ? CommandLine DD ? hIcon DD ? serial dd ? names dd ? .CODE start: MOV hInstance, FUNC(GetModuleHandle,NULL) mov hIcon, FUNC(LoadIcon,hInstance,500) CALL WinMain INVOKE ExitProcess,eax WinMain proc Dialog "KeygenForTuts4you","MS Sans Serif",10, \ WS_VISIBLE or WS_CAPTION or WS_SYSMENU or DS_CENTER, \ 7, \ 128, 128, 106, 75, \ 1024 DlgStatic "&Name:",WS_VISIBLE,3,2,22,8,1001 DlgEdit WS_VISIBLE or WS_BORDER,3,10,100,10,1002 DlgStatic "&Serial:",WS_VISIBLE,3,23,22,8,1003 DlgEdit WS_VISIBLE or WS_BORDER,3,31,100,10,1004 DlgButton "&Generate",1,3,45,100,10,1005 DlgButton "&Exit", 1,3,60,100,10,1006 DlgIcon 500,-15,0,500 CallModalDialog hInstance,0,WndProc,NULL RET WinMain endp WndProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD MOV EAX, uMsg .IF EAX == WM_INITDIALOG INVOKE SendMessage,hWin,WM_SETICON,0,FUNC(LoadIcon,hInstance, 500) .ELSEIF EAX == WM_COMMAND .IF wParam == 1005 invoke keygengenerate,hWin xor eax,eax ret .ENDIF .IF wParam == 1006 JMP exit_keygen .ENDIF .ELSEIF EAX == WM_CLOSE exit_keygen: INVOKE EndDialog,hWin,0 .ENDIF XOR EAX, EAX RET WndProc endp keygengenerate PROC uses ebx edi esi hWin:DWORD LOCAL namea:DWORD .data serF db "%s-%s-%s",0 namerr db "4 letters is enough!!! ",0 .data? part2 dd 8 dup(?) revpart2 dd ? part1 dd 8 dup(?) part3 dd 8 dup(?) xorsonA dd 8 dup(?) .code invoke GetDlgItemText,hWin,1002,addr names,50h .if eax != 4 invoke SetDlgItemText, hWin, 1004, ADDR namerr Ret .endif invoke CharUpper,addr names invoke Base33Decode,addr names mov namea,eax kontrol: invoke randomizechar,addr part2,4 invoke ReverseString,addr part2,addr revpart2 invoke Base33Decode,addr revpart2 xor eax,namea mov xorsonA,eax;(A) invoke randomizechar,addr part1,4 invoke Base33Decode,addr part1 xor eax,xorsonA .if eax >= 121880h;base33enc up limit jmp kontrol .endif invoke Base33Encode,EAX,addr part3 invoke wsprintf,addr serial,addr serF,addr part1,addr part2,addr part3 invoke SetDlgItemText,hWin,1004,addr serial xor eax,eax ret keygengenerate endp randomizechar PROC uses ebx edi esi sonuc:DWORD,lens:DWORD .data fmt db "%s",0 .data? randomson dd 100 dup (?) .code xor ecx,ecx .repeat RDTSC xor edx,edx mov ebx,61 div ebx movzx eax, byte ptr ds :[alphtrnd+edx] mov byte ptr ds :[randomson+ecx],al inc ecx .until ecx == lens invoke wsprintf,sonuc,addr fmt,addr randomson ret randomizechar endp IndexOf proc uses ebx charToFind:DWORD mov ebx, [charToFind] xor eax, eax @@: cmp alphabet[eax], bl je @exit inc eax cmp eax, 33 jbe @B xor eax, eax @exit: ret IndexOf endp Base33Decode proc uses esi edi ebx encodedString:DWORD mov edi, 0 mov esi, [encodedString] xor ebx, ebx @@: mov eax, edi shl edi, 5 add edi, eax ; edi = edi * 33 xor eax, eax lodsb invoke IndexOf, eax add edi, eax inc ebx cmp ebx, 4 jne @B mov eax, edi ret Base33Decode endp Base33Encode proc uses esi edi ebx number:DWORD, encodedString:DWORD pushfd std mov ecx, 4 mov edi, [encodedString] add edi, 3 mov ebx, 33 mov eax, [number] @@: xor edx, edx div ebx lea esi, [alphabet + edx] movsb loop @B popfd ret Base33Encode endp ReverseString proc insrc:DWORD, outsrc:DWORD mov esi, insrc mov edi, outsrc xor ecx, ecx @@: cmp byte ptr [esi+ecx], 0 lea ecx, [ecx + 1] jne @B mov byte ptr [edi+ecx-1], 0 @@: sub ecx, 2 jl @F mov ah, byte ptr [esi] mov al, byte ptr [esi+ecx] mov byte ptr [edi], al mov byte ptr [edi+ecx], ah inc esi inc edi jmp @B @@: ret ReverseString endp end start ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; :KesMezar set dosya=kgn \masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"\masm32\Include" %dosya%.bat \masm32\Bin\LINK.EXE /SUBSYSTEM:WINDOWS /RELEASE /VERSION:4.0 /LIBPATH:"\masm32\Lib" %dosya%.obj del *.obj pause ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Perfect solution. Now shall you write a Tutorial?
tarequl.hassan Posted March 12, 2021 Author Posted March 12, 2021 21 hours ago, johnfkingzton said: Got this far Write a Tutorial with keygen and keygen sourcecode. Thanks
Sean Park - Lovejoy Posted January 3, 2022 Posted January 3, 2022 Can you write the tutorial for us? Thank you in advance. regards. sean. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now