Keygenme by b1u3D4rK 02.10.2009



Hello everybody :) today we will try to write keygen for this keygenme... at first we will try to understand how to work... and then we will write some algorithms for this... yeap lets start..

At first we will use ollydbg (i will use my own modification[gct0lly] but you can use anything).. load the keygenme to ollydbg...

After loading you will see this image on your olly... if you enter your name-serial and then push the button you will be in this codes..

After the getting serial we will trace our first algorithm... In this algorithm name and serial will be coded.. Coding algorithms are same for name and serial but constants are different..

after the coding..

Name:

Serial:

After then:

PART 1: This algortihm is for the name... Every name's char xor by 7fh and added result one by one.. The total result is in 403244..

PART 2: This algortihm is for the serial... Every serial's char added direct result one by one..

After then the results will compare and if the results are same we will get "Okey" message..

How can we write a keygen??

At first we will calculate the name's total result and then we will try to find how can we generate key for this result...

But we have a problem! Because we have got only result and we must have decoding algorithm.. this is the reason why i tried a simply system..

1) Calculate name's total result

2) Reconstract string table (only printable char)

3) Coding string table with coding algorithm...

4) Generate keys in this table

this generations system is smilar the brute-force system..

 

Generate PROTO :DWORD
GenProc1 PROTO :DWORD,:DWORD,:WORD
GenProc2 PROTO :DWORD

.const

edit_name_max = 16

.data?

szName CHAR 20h dup(?)
szSerial CHAR 60h dup(?)

tmp dd ?
tmp1 dd ?


.data

nameerr db "Minimum character 4!",0
nameerr1 db "Not Found! Change The Name",0

szBuffer1 dw 0000h,0 ;Name result

tek db "2349aeghijmprsuvyzCDEFJKLMNQTVWXY",0 ;odd string table (after rsa)
tek1 db "2349aeghijmprsuvyzCDEFJKLMNQTVWXY",0
cift db "015678bcdfklnoqtxwABGHIOPRSUZ",0 ; even string table (after rsa)
cift1 db "015678bcdfklnoqtxwABGHIOPRSUZ",0

.code

;########################################################Generate PROC####################################################
Generate PROC USES eax ebx ecx edx esi edi , _hWin:DWORD

invoke RtlZeroMemory,addr szName,sizeof szName
invoke RtlZeroMemory,addr szSerial,sizeof szSerial
invoke GetDlgItemText, _hWin, EDIT_NAME, ADDR szName, edit_name_max

mov dword ptr ds:[szBuffer1],00h

cmp eax,04h
jb @@err ;küçükse

invoke GenProc1,ADDR szName,ADDR szName,0DDh ;coding name
invoke GenProc2,ADDR szName ;szBuffer1 ; total name's result

invoke GenProc1,ADDR tek,ADDR tek1,0FDh ; ;reconst key string table
invoke GenProc1,ADDR cift,ADDR cift1,0FDh

push edi
push esi
push ecx

xor ecx,ecx
xor edx,edx
xor edi,edi

xor esi,esi


mov eax,dword ptr ss:[szBuffer1] ;result in eax

@don:
cmp eax,0h ; total result is 0?
je @bitti

mov edx,eax

;the result is odd or even?

and edx,0fh
@test:
cmp edx,01h
je @tek
cmp edx,00h
je @cift
sub edx,02h
jmp @test

@cift: ;even table

mov dword ptr ss:[tmp],offset cift
mov dword ptr ss:[tmp1],offset cift1
jmp @devam

@tek: ;odd table
mov dword ptr ss:[tmp],offset tek
mov dword ptr ss:[tmp1],offset tek1
jmp @devam

@devam:

xor edx,edx

mov ecx,dword ptr ds:[tmp1]
mov dl,byte ptr ss:[ecx+edi]; first coded key's table's char

cmp edx,0h ; if 0 we didn't found a char for key.. (end of table)
je @@err1 ;key not found

cmp eax,edx ; if first char's hex bigger than result change the char
jl @degistir

sub eax,edx ; if the result bigger than char's hex, sub the result and add this char to serial area

mov ecx,dword ptr ds:[tmp]
mov dl,byte ptr ss:[ecx+edi] ;get orginal char from the table

mov byte ptr ds:[szSerial+esi],dl ;writing to serial area
inc esi ;another serial char
xor edi,edi


jmp @don

@degistir:
inc edi ;another char for try..

jmp @don


@bitti: ;end

pop ecx
pop esi
pop edi

invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset szSerial ;write serial to form

@ended:
xor eax,eax
ret

@@err: invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset nameerr
jmp @ended
@@err1: invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset nameerr1
jmp @ended

Generate ENDP

;#######################################################################################################################

;coding string proc...

;########################################################Generate1 PROC#####################################################
GenProc1 PROC USES eax ebx ecx edx esi edi , uName:DWORD,uResult:DWORD,uStatic:WORD


mov edi,uName
mov esi,uResult

xor ebx,ebx
jmp @5
@1:
mov bl,byte ptr ds:[edi]
mov eax,01h
mov ecx,09dh
@2:
mul bl
jmp @4
@3:
sub ax,uStatic
@4:
cmp ax,uStatic
ja @3
loopd @2
mov byte ptr ds:[esi],al
inc edi
inc esi
@5:
cmp byte ptr ds:[edi],0
jnz @1

xor eax,eax
ret
GenProc1 ENDP

;#######################################################################################################################

;calculate name's total result

;########################################################Generate2 PROC#####################################################
GenProc2 PROC USES eax edi, uName:DWORD

mov edi,uName

@@1:
xor eax,eax
mov al,byte ptr ds:[edi]
xor eax,07fh
add dword ptr ds:[szBuffer1],eax
inc edi
cmp byte ptr ds:[edi],0
jnz @@1

xor eax,eax
ret
GenProc2 ENDP

;#######################################################################################################################

darkshade,zugo,Gırgır,Caliber,_CC_

hiaxi,MoNZa,mendenn

blue_devil, rvaZero

and All GencliQ CT members...

[GencliQ CT Home Page]

Bu programı kullanarak para kazanıyorsanız lütfen satın alın. Bu yazının yazılma amacı program yazanlara programlarını daha iyi korumaları konusunda yol göstermektir. Lisanssız kullanımda Dokümanı hazırlayan sorumlu değildir.
Diyeceğim şudurki: Emek verilipte yapılmış bir şeyi çalma, onu satın al.


b1u3D4rK
E-Mail: [email protected]