Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

VSEC KeygenMe

Simple Code Virtualization KeygenMe ( Not Commercial VM )
Try to find Algorithm and make correct key 
It's not too hard
Your opinions about VM Complexity are welcome.

Thanks

File Information

Submitter Gladiator

Submitted 02/04/2025

Category KeygenMe

View File

VSEC KeygenMe

Solved by 0xret2win

Go to solution
  • Solution

Hello! I am 14yoKID , and i have documented everything tothe best of my ability. If you have any questions, please feel free to reach out or respond to my solution. I appreciate any feedback or discussion.

The first step is to look inside the crackme’s binary for any references to “Wrong key!” (the error message). We load the executable into a disassembler or debugger (IDA, x64dbg, or similar). A quick search reveals that “Wrong key! Try again.” is located around the following code:

00408C3E | A1 0CA34000       | mov eax, [0x40A30C]
00408C43 | BA D48C4000       | mov edx, 0x408CD4  ; "Wrong key! Try again."

This is where program prints the "Wrong Key! message.

Scrolling above that reference,we see

00408C16 | A1 98B74000    | mov eax, [0x40B798]    ; loads the user's computed key
00408C1B | 3B05 ACB74000  | cmp eax, [0x40B7AC]    ; compares it to the correct key
00408C21 | 75 1B          | jne 0x408C3E          ; jump if not equal => "Wrong key!"

This shows:

  • The user’s input key is stored at [0x40B798].
  • The “correct” key resides at [0x40B7AC].
  • If these two values do not match, we jump to the code that prints “Wrong key! Try again.”
  • If they do match, we take the path that prints “Correct key!, Now Try to Keygen ME !”

Finding Where [0x40B7AC] Is Set :

Quick look upword in disassembly reveals:

00408BB0 | E8 5BFEFFFF   | call 0x408A10
00408BB5 | A3 ACB74000   | mov [0x40B7AC], eax

So at address 0x00408BB0, we call a function (which we’ll refer to as sub_408A10). Right after that call, we store EAX into [0x40B7AC]. That means the function at 0x00408A10 produces the correct key in EAX.

To finally find a key set a breakpoint at 0x00408BB0 or directly inside sub_408A10 at 0x00408A10.

Run the program and break on that address,press F7 ( Step into ) the call to examine how the function computes EAX.

Inside sub_408A10, we notice:

  • It reads a hard-coded byte 0x5A from [0x40A298]
  • It loops exactly four times over bytes stored at [0x40A29C..0x40A29F] ( for instance , 0xA5 , 0x3C , 0xD7 , 0x82 )
  • Each iteration does some arithmetic: XOR , multiply by 12345 , add 0x6789, shift bits, etc.
  • After finishing four iterations, it multiplies EAX by 0xDEADBEEF , does a final XOR and then returns EAX.

Stepping through the entire function, we see that every run ends with a single final value:

EAX = 0x8981B3E0

Then writes this to [0x40B7AC]. Therefore, the correct key is a constant number: 0x8981B3E0 ( OR IS IT?? )

Even though we know the internal number is 0x8981B3E0 , how do we type it so that crackme accepts it? 

By stepping into the function that  processes (sub_4060A8 or sub_4045D4), or simply by trial and error, we learn:

  • The crackme expects a leading '$' to interpret the rest of the text as hex.
  • Typing XXXX1B3E0 ( dont want to spoil fun for others ) is interpreted as the hex value 0x8981B3E0.

This matches the stored correct key, so the crackme prints : Correct key!, Now Try to Keygen ME !

But why $?  

In this particular crackme, the $ symbol is how the program’s input-parsing routine recognizes the user’s entry as a hexadecimal number. Without the '$' prefix, the code typically treats your input as decimal (or otherwise misreads it). Since the “correct key” is stored internally as the hexadecimal value 0x8981B3E0, the crackme will only accept a matching hex number—and it specifically wants you to indicate “hex mode” with '$'.

That’s why typing 0x8981B3E0 or plain 8981B3E0 fails: the program doesn’t parse those formats as the same 32-bit value. Only '$8981B3E0' matches the exact hexadecimal integer 0x8981B3E0 the crackme expects.

The final answer of mine and correct/valid key is

Spoiler

$8981B3E0

 

 

Edited by 14yoKID
Fixed few typos,is it me or everything i write here is in pure blue color?

  • Author

Well done 14yoKID
and what is your point about it's complexity ? it used internal virtualization ( simple but with special complexity )

Thanks you , you did it very well

I had fun doing ur KeygenMe,virtualization itself is very straightforward-simple as well as "special complexity",i had few problems but i resolved them pretty quick. 

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.