View previous topic :: View next topic |
Author |
Message |
Reak I post too much Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Tue May 06, 2008 10:55 am Post subject: KeyGenMe |
|
|
Hello,
This is my first KeyGenMe! I have like NO exp. with it, but I tried
It's most likely the most worst KeyGenMe arround this section.
Tell me a name + key or make a keygen.
Good luck.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Tue May 06, 2008 11:05 am Post subject: |
|
|
Name: Wiccaan
Serial: 8BDE - 9DCD
_________________
- Retired. |
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Tue May 06, 2008 11:07 am Post subject: |
|
|
UN: Noz3001
PW: EB99-6C75
Screenshot attached to show you how i know. Ill make a keygen if i can be bothered.
|
|
Back to top |
|
|
Dark_Walk Master Cheater Reputation: 0
Joined: 26 Sep 2006 Posts: 315 Location: Canada
|
Posted: Tue May 06, 2008 11:11 am Post subject: |
|
|
DarkWalk
1122-4F94
Edit: 2 people b4 me >_>
_________________
Hai
Last edited by Dark_Walk on Tue May 06, 2008 11:12 am; edited 1 time in total |
|
Back to top |
|
|
DeletedUser14087 I post too much Reputation: 2
Joined: 21 Jun 2006 Posts: 3069
|
Posted: Tue May 06, 2008 11:12 am Post subject: |
|
|
I have no idea how the pw is being generated but what i do know is that you tried to trick us, i saw that the real password was stored in eax and the fake was in edx, inline asm ?
Rot1
Code: | Stack SS:[0013F628]=00E54D60, (ASCII "0D1D-34E5")
EAX=00000001 |
Edit: What i do know is that there's a loop that takes each character and converts it to Hex (I'm not sure) or something and that's how the password is being generated ?
Last edited by DeletedUser14087 on Tue May 06, 2008 11:15 am; edited 1 time in total |
|
Back to top |
|
|
Reak I post too much Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Tue May 06, 2008 11:14 am Post subject: |
|
|
lol, well okay then.
Making a KeyGen will be harder I guess.
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Tue May 06, 2008 11:20 am Post subject: |
|
|
rEakW0n wrote: | lol, well okay then.
Making a KeyGen will be harder I guess. |
Working on it now, hold up ill continue when i get back.
|
|
Back to top |
|
|
HalfPrime Grandmaster Cheater Reputation: 0
Joined: 12 Mar 2008 Posts: 532 Location: Right there...On your monitor
|
Posted: Tue May 06, 2008 11:23 am Post subject: |
|
|
Code: | 0045397B > 83FB 05 CMP EBX,5
0045397E . 75 0D JNZ SHORT Project1.0045398D
00453980 . 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
00453983 . BA 2C3A4500 MOV EDX,Project1.00453A2C
00453988 . E8 8707FBFF CALL Project1.00404114
0045398D > 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00453990 . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00453993 . 8A541A FF MOV DL,BYTE PTR DS:[EDX+EBX-1]
00453997 . E8 9806FBFF CALL Project1.00404034
0045399C . 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0045399F . 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004539A2 . E8 6D07FBFF CALL Project1.00404114
004539A7 . 43 INC EBX
004539A8 . 83FB 09 CMP EBX,9
004539AB .^75 CE JNZ SHORT Project1.0045397B |
seems to be encryption
change
Code: | 004539B3 . E8 A008FBFF CALL Project1.00404258 |
to
to have "nice" or nub" not be put in EAX and make your prog a keygen.
btw, did you mean to be able to put in a 9 digit name?
Edit: The reason I was able to find it is because you stored nice/nub/too long as plain text. Nice one with the misleading CompareStr, though.
_________________
|
|
Back to top |
|
|
Reak I post too much Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Wed May 07, 2008 8:58 am Post subject: |
|
|
Rot1 wrote: | I have no idea how the pw is being generated but what i do know is that you tried to trick us, i saw that the real password was stored in eax and the fake was in edx, inline asm ?
Rot1
Code: | Stack SS:[0013F628]=00E54D60, (ASCII "0D1D-34E5")
EAX=00000001 |
Edit: What i do know is that there's a loop that takes each character and converts it to Hex (I'm not sure) or something and that's how the password is being generated ? |
Nice. You are on a good way.
Also nice HalfPrime! Do you think you could make a KeyGen by urself?
|
|
Back to top |
|
|
Ksbunker Advanced Cheater Reputation: 0
Joined: 18 Oct 2006 Posts: 88
|
Posted: Wed May 07, 2008 9:05 am Post subject: re: |
|
|
Just a quick keygen. I used a method called "Keygen Injection" tokened by KwazyWabbit at BiW
I dont know the routine, but then again... I dont really have to.
The keygen reads input and shows serial via MessageBox, just some basic patching.
Download link: http://www.mediafire.com/?pwhxxysyjwn
|
|
Back to top |
|
|
Reak I post too much Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Wed May 07, 2008 9:16 am Post subject: |
|
|
Okayy nice!
Here's the source.
(strlen is made by someone else, I just modified it a bit)
Code: | function strlen(s: String): Integer;
var
length: Integer;
begin
if s = '' then Exit;
length := 1;
while s[length] <> #0 do
inc(length);
result := length-1;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
length, i, temp: integer;
serial, tempstr, tryserial: string;
begin
tryserial := s1.Text+'-'+s2.Text;
length := strlen(tryname.Text);
i := 1;
for i:=1 to length do
begin
tempstr := tempstr+IntToStr(ord(tryname.Text[i]))[2]
end;
try
temp := StrToInt(tempstr);
except
ShowMessage('Too long name, try again');
exit;
end;
temp := temp*7;
temp := temp*temp;
temp := temp+19;
temp := temp-15;
tempstr := IntToHex(temp, 8);
for i:=1 to 8 do
begin
if i = 5 then
serial := serial+'-';
serial := serial+tempstr[i];
end;
if serial = tryserial then
ShowMessage('Nice')
else
ShowMessage('nub');
end; |
|
|
Back to top |
|
|
|