Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Simple Keygen-Me

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Tue May 20, 2008 2:27 pm    Post subject: Simple Keygen-Me Reply with quote
I hope you'll have fun solving it out, I had some fun writing it Wink .
Link: [Attached]
Level: Easy
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285
PostPosted: Tue May 20, 2008 3:31 pm    Post subject: Reply with quote
CPUID <--- ? Confused
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900
PostPosted: Tue May 20, 2008 3:40 pm    Post subject: Reply with quote
@Labyrnth:
http://en.wikipedia.org/wiki/CPUID

Code:
.text:00401000 ; =============== S U B R O U T I N E =======================================
.text:00401000
.text:00401000 ; Attributes: bp-based frame
.text:00401000
.text:00401000 ; int __stdcall sub_401000(LPCSTR lpString, int)
.text:00401000 sub_401000      proc near               ; CODE XREF: DialogFunc+6Ep
.text:00401000
.text:00401000 var_4           = dword ptr -4
.text:00401000 lpString        = dword ptr  8
.text:00401000 arg_4           = dword ptr  0Ch
.text:00401000
.text:00401000                 push    ebp
.text:00401001                 mov     ebp, esp
.text:00401003                 mov     eax, 1
.text:00401008                 cpuid
.text:0040100A                 push    ecx
.text:0040100B                 push    [ebp+lpString]  ; lpString
.text:0040100E                 call    lstrlenA
.text:00401013                 mov     ecx, eax
.text:00401015                 sub     ecx, 100h
.text:0040101B                 neg     ecx
.text:0040101D                 mov     edi, [ebp+lpString]
.text:00401020
.text:00401020 loc_401020:                             ; CODE XREF: sub_401000+33j
.text:00401020                 ror     word ptr [esp+4+var_4], 5
.text:00401025                 ror     [esp+4+var_4], 0Dh
.text:00401029                 neg     [esp+4+var_4]
.text:0040102C                 mov     al, byte ptr [esp+4+var_4]
.text:0040102F                 or      [ecx+edi-1], al
.text:00401033                 loop    loc_401020
.text:00401035                 add     esp, 4
.text:00401038                 mov     eax, edi
.text:0040103A                 mov     eax, [eax]
.text:0040103C                 sub     eax, [ebp+arg_4]
.text:0040103F                 lea     ebx, unk_403027
.text:00401045                 xlat
.text:00401046                 shl     eax, 18h
.text:00401049                 rol     eax, 8
.text:0040104C                 add     eax, offset aWorngTryAgain ; "Worng, Try again!"
.text:00401051                 pop     ebp
.text:00401052                 retn    8
.text:00401052 sub_401000      endp


This looks like the Encryption or however ur generating the serial, ill look more into it after.
_________________
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285
PostPosted: Tue May 20, 2008 4:29 pm    Post subject: Reply with quote
I know what it is mate,

But for a genme?
Why would you use the stepping, model, and family information.
Im getting the idea this genme is machine specific in what results are the real ones.
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Tue May 20, 2008 10:28 pm    Post subject: Reply with quote
Labyrnth wrote:
I know what it is mate,

But for a genme?
Why would you use the stepping, model, and family information.
Im getting the idea this genme is machine specific in what results are the real ones.
I used it to generate a different number per machine, because I want you to focus on the algorithm instead of just showing me one possible answer and marking it as solved Smile

Last edited by DoomsDay on Wed May 21, 2008 1:50 am; edited 1 time in total
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285
PostPosted: Wed May 21, 2008 12:22 am    Post subject: Reply with quote
Kinda defeats the purpose of a genme dont yah think?
Since the gen will only be good on a specific machine.

It can still be reversed to work on any machine without genning it tho Razz
I have never attempted to code an actual keygen.
But maybe one day it will give it a shot lol.
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Wed May 21, 2008 1:55 am    Post subject: Reply with quote
I believe any non-zero number would be okay in this implementation. Anyways, I think you should crack it first, or step through it, as it's not a regular compare.
Back to top
View user's profile Send private message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
PostPosted: Wed May 21, 2008 2:44 am    Post subject: Reply with quote
At 401045, EBX+AL should point to the value 0x12, the question is what writes to EBX+AL, that I'm still trying to figure out. Surprised

Edit: well it can't point to one of the name/serial addresses, EBX+FF points to 403136 and the name/serial starts at 403137...

Is this even possible?
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285
PostPosted: Wed May 21, 2008 12:06 pm    Post subject: Reply with quote
DoomsDay wrote:
I believe any non-zero number would be okay in this implementation. Anyways, I think you should crack it first, or step through it, as it's not a regular compare.


I have already seen that lol.
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Sat May 24, 2008 7:52 am    Post subject: Reply with quote
Well, since no one is willing to actually take a look at it, here's the algorithm:
Back to top
View user's profile Send private message
Danielb
Cheater
Reputation: 0

Joined: 22 Jul 2007
Posts: 30
PostPosted: Sat May 24, 2008 7:08 pm    Post subject: Reply with quote
---------------------------
Unique ID required
---------------------------
Unique ID required
---------------------------
OK
---------------------------


004010A1 /75 4E JNZ SHORT 004010F1

Password: Danielz Cracked...
11111111111111111111
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
PostPosted: Sun May 25, 2008 2:49 am    Post subject: Reply with quote
Danielb wrote:
---------------------------
Unique ID required
---------------------------
Unique ID required
---------------------------
OK
---------------------------


004010A1 /75 4E JNZ SHORT 004010F1

Password: Danielz Cracked...
11111111111111111111


This is a keygen me, not a crackme/patchme. You patched it to take any input which is not the point of the challenge.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites