Jump to content
Tuts 4 You

Sean's KeyGenMe - Simple Tricks


Recommended Posts

Sean Park - Lovejoy
Posted

Sean's KeyGenMe - Simple Tricks


I coded a keygenme, simple tricks.

I hope you enjoy your time trying to solve this!


 

  • Like 1
Posted (edited)

Example keys:

Spoiler

washi: B604404A000831E195B4291B3F35A23F5B6B7592
tuts4you: DD6850E979CB255113546C9F0045C863B63CE83100497814DD6850E900497814

Approach:

Spoiler

Problem with this keygenme is that the input serial key is compared to the correct serial key directly using string comparison. This means the app generates a correct serial itself, which means the "only" thing to do is finding this algorithm in a decompiler and copy it for a keygen.

  • Open in Ghidra, notice it's an MFC app so no "obvious" entrypoint
  • Run app, notice app shows a message box after a bad input was put in.
  • XRef for MessageBoxW calls and find function FUN_004019b0 which contains both the serial generation algorithm , as well as the two good and bad boy messagebox calls.
  • Algorithm is pretty simple: For every character c, compute c^5 * j, where j is any number between 1 and 0x91. The results are concatenated using an uppercase hex format. Final string is reversed. If any of these j's work, then it is a valid serial.
  • For a keygen, just pick a random j and do exactly the same to produce a serial:
  • keygen.py

 

Edited by Washi
  • Like 2
Sean Park - Lovejoy
Posted

Washi. Conratulations. You fully analyzed the algorithm of my keygenme. Thank you for your attention.

regards.

sean.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...