Jump to content

Sean's KeyGenMe - Simple Tricks


Sean Park

Recommended Posts

Example keys:

Spoiler

washi: B604404A000831E195B4291B3F35A23F5B6B7592
tuts4you: DD6850E979CB255113546C9F0045C863B63CE83100497814DD6850E900497814

Approach:

Spoiler

Problem with this keygenme is that the input serial key is compared to the correct serial key directly using string comparison. This means the app generates a correct serial itself, which means the "only" thing to do is finding this algorithm in a decompiler and copy it for a keygen.

  • Open in Ghidra, notice it's an MFC app so no "obvious" entrypoint
  • Run app, notice app shows a message box after a bad input was put in.
  • XRef for MessageBoxW calls and find function¬†FUN_004019b0 which contains both the serial generation algorithm , as well as the two good and bad boy messagebox calls.
  • Algorithm is pretty simple: For every character c, compute c^5 * j, where j is any number between 1 and 0x91. The results are concatenated using an uppercase hex format. Final string is reversed. If any of these j's work, then it is a valid serial.
  • For a keygen, just pick a random j and do exactly the same to produce a serial:
  • keygen.py

 

Edited by Washi
  • Like 2
Link to comment
Sean Park

Washi. Conratulations. You fully analyzed the algorithm of my keygenme. Thank you for your attention.

regards.

sean.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...