| |||||||||||||||||
| FIRST |
Hello everybody :) today we will try to write keygen for this keygenme... at first we will try to understand how to work... and then we will write some algorithms for this... yeap lets start..
| HOW TO DO? |
At first we will use ollydbg (i will use my own modification[gct0lly] but you can use anything).. load the keygenme to ollydbg...
After loading you will see this image on your olly... if you enter your name-serial and then push the button you will be in this codes..
After the getting serial we will trace our first algorithm... In this algorithm name and serial will be coded.. Coding algorithms are same for name and serial but constants are different..
after the coding..
Name:
Serial:
After then:
PART 1: This algortihm is for the name... Every name's char xor by 7fh and added result one by one.. The total result is in 403244..
PART 2: This algortihm is for the serial... Every serial's char added direct result one by one..
After then the results will compare and if the results are same we will get "Okey" message..
How can we write a keygen??
At first we will calculate the name's total result and then we will try to find how can we generate key for this result...
But we have a problem! Because we have got only result and we must have decoding algorithm.. this is the reason why i tried a simply system..
1) Calculate name's total result
2) Reconstract string table (only printable char)
3) Coding string table with coding algorithm...
4) Generate keys in this table
this generations system is smilar the brute-force system..
| KEYGEN ALGORITHMS |
| Download : Keygen+Code |
Generate PROTO :DWORD
GenProc1 PROTO :DWORD,:DWORD,:WORD
GenProc2 PROTO :DWORD
.const
edit_name_max = 16
.data?
szName CHAR 20h dup(?)
szSerial CHAR 60h dup(?)
tmp dd ?
tmp1 dd ?
.data
nameerr db "Minimum character 4!",0
nameerr1 db "Not Found! Change The Name",0
szBuffer1 dw 0000h,0 ;Name result
tek db "2349aeghijmprsuvyzCDEFJKLMNQTVWXY",0 ;odd string table (after rsa)
tek1 db "2349aeghijmprsuvyzCDEFJKLMNQTVWXY",0
cift db "015678bcdfklnoqtxwABGHIOPRSUZ",0 ; even string table (after rsa)
cift1 db "015678bcdfklnoqtxwABGHIOPRSUZ",0
.code
;########################################################Generate PROC####################################################
Generate PROC USES eax ebx ecx edx esi edi , _hWin:DWORD
invoke RtlZeroMemory,addr szName,sizeof szName
invoke RtlZeroMemory,addr szSerial,sizeof szSerial
invoke GetDlgItemText, _hWin, EDIT_NAME, ADDR szName, edit_name_max
mov dword ptr ds:[szBuffer1],00h
cmp eax,04h
jb @@err ;küçükse
invoke GenProc1,ADDR szName,ADDR szName,0DDh ;coding name
invoke GenProc2,ADDR szName ;szBuffer1 ; total name's result
invoke GenProc1,ADDR tek,ADDR tek1,0FDh ; ;reconst key string table
invoke GenProc1,ADDR cift,ADDR cift1,0FDh
push edi
push esi
push ecx
xor ecx,ecx
xor edx,edx
xor edi,edi
xor esi,esi
mov eax,dword ptr ss:[szBuffer1] ;result in eax
@don:
cmp eax,0h ; total result is 0?
je @bitti
mov edx,eax
;the result is odd or even?
and edx,0fh
@test:
cmp edx,01h
je @tek
cmp edx,00h
je @cift
sub edx,02h
jmp @test
@cift: ;even table
mov dword ptr ss:[tmp],offset cift
mov dword ptr ss:[tmp1],offset cift1
jmp @devam
@tek: ;odd table
mov dword ptr ss:[tmp],offset tek
mov dword ptr ss:[tmp1],offset tek1
jmp @devam
@devam:
xor edx,edx
mov ecx,dword ptr ds:[tmp1]
mov dl,byte ptr ss:[ecx+edi]; first coded key's table's char
cmp edx,0h ; if 0 we didn't found a char for key.. (end of table)
je @@err1 ;key not found
cmp eax,edx ; if first char's hex bigger than result change the char
jl @degistir
sub eax,edx ; if the result bigger than char's hex, sub the result and add this char to serial area
mov ecx,dword ptr ds:[tmp]
mov dl,byte ptr ss:[ecx+edi] ;get orginal char from the table
mov byte ptr ds:[szSerial+esi],dl ;writing to serial area
inc esi ;another serial char
xor edi,edi
jmp @don
@degistir:
inc edi ;another char for try..
jmp @don
@bitti: ;end
pop ecx
pop esi
pop edi
invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset szSerial ;write serial to form
@ended:
xor eax,eax
ret
@@err: invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset nameerr
jmp @ended
@@err1: invoke SetDlgItemTextA, _hWin, EDIT_KEY, offset nameerr1
jmp @ended
Generate ENDP
;#######################################################################################################################
;coding string proc...
;########################################################Generate1 PROC#####################################################
GenProc1 PROC USES eax ebx ecx edx esi edi , uName:DWORD,uResult:DWORD,uStatic:WORD
mov edi,uName
mov esi,uResult
xor ebx,ebx
jmp @5
@1:
mov bl,byte ptr ds:[edi]
mov eax,01h
mov ecx,09dh
@2:
mul bl
jmp @4
@3:
sub ax,uStatic
@4:
cmp ax,uStatic
ja @3
loopd @2
mov byte ptr ds:[esi],al
inc edi
inc esi
@5:
cmp byte ptr ds:[edi],0
jnz @1
xor eax,eax
ret
GenProc1 ENDP
;#######################################################################################################################
;calculate name's total result
;########################################################Generate2 PROC#####################################################
GenProc2 PROC USES eax edi, uName:DWORD
mov edi,uName
@@1:
xor eax,eax
mov al,byte ptr ds:[edi]
xor eax,07fh
add dword ptr ds:[szBuffer1],eax
inc edi
cmp byte ptr ds:[edi],0
jnz @@1
xor eax,eax
ret
GenProc2 ENDP
;#######################################################################################################################
| THANKS |
darkshade,zugo,Gırgır,Caliber,_CC_
hiaxi,MoNZa,mendenn
blue_devil, rvaZero
and All GencliQ CT members...
| Web Site |
| UNUTMADAN |
Bu programı kullanarak para kazanıyorsanız lütfen satın alın. Bu yazının yazılma amacı program yazanlara programlarını daha iyi korumaları konusunda yol göstermektir. Lisanssız kullanımda Dokümanı hazırlayan sorumlu değildir.
Diyeceğim şudurki: Emek verilipte yapılmış bir şeyi çalma, onu satın al.
b1u3D4rK
E-Mail:
cellat2004@gmail.com