Skip to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

r00t0 KeygenMe v4

r00t0
r00t0
in KeygenMe

Featured Replies

r00t0 KeygenMe v4

Difficulty: 5
Language: C GCC
Platform: x64
OS Version: Windows  10+
Packer / Protector : Selfmade

Description :

Implement keygenme that generate a serial derived from a nickname. Also demonstrate a generator that, given a nickname, produces the correct serial.
I used my own tool that I've been developing for two years. It started as an optimizer, but I’m now experimenting with the reverse idea — using it to help with obfuscation and code retranslation.

File Information

Submitter r00t0

Submitted 11/02/2025

Category KeygenMe

View File

r00t0 KeygenMe v4

    •
    • Like 1
    • 5 months later...

    Nice one, have to give you credit for your obsfuscator:

    Key

    Name: Blue Indian, Key: 65234d32586edb4287545b89711bd6d7

    •
    • Like 1
    • Author
    3 hours ago, Blue said:

    Nice one, have to give you credit for your obsfuscator:

    Key

    Name: Blue Indian, Key: 65234d32586edb4287545b89711bd6d7

    Okay, that’s the correct key. Did you use any tool or just brute-force it?

    Edited by r00t0

    • Like 1
    22 hours ago, Blue said:

    Nice one, have to give you credit for your obsfuscator:

    Key

    Name: Blue Indian, Key: 65234d32586edb4287545b89711bd6d7

    You still alive? What this blue 🤔 anyway is good to see you after 2 years

    Edited by RADIOX

    • Like 2
    • Haha 3

    @ro0t I traced your obsfuscations, IAT, and sections, no brute force. I found static strings such as Nickname, serial key, etc., in the rdata section. The main function was to set up the stack frame and then jump to the .ll section with MBA chains. I spent a while trying to make sense of it, but got nowhere with it.

    So, I wrote a small emulator to fake out the Windows structure (honestly, I am not on Windows these days), .a2l runtime needs (TED/PEB/LDR it walks to resolve the VirtualAlloc, which is kind of neat) and hooked IAT functions. Figured out the program does malloc for parsing the input serial bytes, then malloc for a 16-byte buffer where it stores the result of some custom 128-bit hash over the nickname, and the comparison between the two is done inline, so you can't just set a breakpoint to check. And then I read the computed hash from the heap, and that's your serial.

    I think it's really solid work. The MBA transforms did their job; I genuinely could not recover the logic.

    The .a2l runtime with its own stack and PEB walking dispatcher is a nice touch too. The thing that let me bypass all of it was that the I/O boundary is still clean and IAT calls to printf, fgets, and malloc are right there unprotected, so hooking them gives you the inputs and outputs without having to understand anything in between.

    Edited by Blue

    • Like 4

    Create an account or sign in to comment
    Go to topic listing

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.