View previous topic :: View next topic |
Author |
Message |
coder sal Master Cheater Reputation: 0
Joined: 11 May 2007 Posts: 304
|
Posted: Sat May 17, 2008 9:11 pm Post subject: Easy KeyGenMe |
|
|
This is kind of like a KeyGenMe, except instead of a name and serial, it's a number and a serial, and the serial isn't like a serial it's just a number with words.. Well this is really easy, probably so easy, it doesn't even count as a KeyGenMe, just try to crack it with name and serial (No Patching :/), and then if you want, make a keygen, which takes like 2 minutes to do for this keygenme...
Download
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sat May 17, 2008 10:19 pm Post subject: |
|
|
Box 1: 1
Box 2: -262436637easykeygenme
This is not a 'keygenme' this is more of a find the password.
_________________
- Retired. |
|
Back to top |
|
|
coder sal Master Cheater Reputation: 0
Joined: 11 May 2007 Posts: 304
|
Posted: Sun May 18, 2008 9:08 am Post subject: |
|
|
Wiccaan wrote: | Box 1: 1
Box 2: -262436637easykeygenme
This is not a 'keygenme' this is more of a find the password. |
Ok, nice one..
Can you explain in more detail on how you found the password?
It's not only find a password because theres a password for every number.
Like you could do it for 2 and 3 so it's more like a keygenme, in a way.
But anyway, can you explain how you found it?
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sun May 18, 2008 2:08 pm Post subject: |
|
|
00402870 . 50 PUSH EAX
this is where you can fish the serial(just above this address,you can know how it is generated, strcat and strmove are used). In Olly pane window, you will see this
EAX=0015B48C, (UNICODE "-262436637easykeygenme")
how do you reach this address ?. Well
00402871 . FF15 4C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
Just search for all calls and there ya go .
_________________
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun May 18, 2008 9:05 pm Post subject: |
|
|
What I did:
Opened the prog up inside of VB Decompiler (not for strings or anything, but for function addresses...) Saw that there was a timer and a single command button proc. So the command button is for the exit button obviously.
Timer proc starts at 402730, scrolling down, you can see some math being done here:
Code: | 00402828 . DC0D F0104000 FMUL QWORD PTR DS:[4010F0]
0040282E . DC05 E8104000 FADD QWORD PTR DS:[4010E8]
00402834 . DC25 E0104000 FSUB QWORD PTR DS:[4010E0]
0040283A . DFE0 FSTSW AX
0040283C . A8 0D TEST AL,0D |
Break on FSTSW AX which stores the float value into the stack then look at the stack and you have:
Code: | ST0 valid -262436637.00000000000 |
Little further down, the value is reloaded and stripped of its decimal and put into a string here:
Code: | 00402847 . DD1C24 FSTP QWORD PTR SS:[ESP]
0040284A . FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrR8>; MSVBVM60.__vbaStrR8
00402850 . 8BD0 MOV EDX,EAX |
Just after that its appended to the string 'easykeygenme' here:
Code: | 0040285D . 50 PUSH EAX
0040285E . 68 84214000 PUSH Simple_K.00402184 ; UNICODE "easykeygenme"
00402863 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCa>; MSVBVM60.__vbaStrCat |
Giving you the serial value -262436637easykeygenme
EDIT
Attached is a keygen for this, source included, made with VB6 since I'm too lazy to make a new project in C++
If you cant see the link: http://forum.cheatengine.org/download.php?id=34578
_________________
- Retired. |
|
Back to top |
|
|
coder sal Master Cheater Reputation: 0
Joined: 11 May 2007 Posts: 304
|
Posted: Wed May 21, 2008 3:14 pm Post subject: |
|
|
Wiccaan wrote: | What I did:
Opened the prog up inside of VB Decompiler (not for strings or anything, but for function addresses...) Saw that there was a timer and a single command button proc. So the command button is for the exit button obviously.
Timer proc starts at 402730, scrolling down, you can see some math being done here:
Code: | 00402828 . DC0D F0104000 FMUL QWORD PTR DS:[4010F0]
0040282E . DC05 E8104000 FADD QWORD PTR DS:[4010E8]
00402834 . DC25 E0104000 FSUB QWORD PTR DS:[4010E0]
0040283A . DFE0 FSTSW AX
0040283C . A8 0D TEST AL,0D |
Break on FSTSW AX which stores the float value into the stack then look at the stack and you have:
Code: | ST0 valid -262436637.00000000000 |
Little further down, the value is reloaded and stripped of its decimal and put into a string here:
Code: | 00402847 . DD1C24 FSTP QWORD PTR SS:[ESP]
0040284A . FF15 54104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrR8>; MSVBVM60.__vbaStrR8
00402850 . 8BD0 MOV EDX,EAX |
Just after that its appended to the string 'easykeygenme' here:
Code: | 0040285D . 50 PUSH EAX
0040285E . 68 84214000 PUSH Simple_K.00402184 ; UNICODE "easykeygenme"
00402863 . FF15 1C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCa>; MSVBVM60.__vbaStrCat |
Giving you the serial value -262436637easykeygenme
EDIT
Attached is a keygen for this, source included, made with VB6 since I'm too lazy to make a new project in C++
If you cant see the link: http://forum.cheatengine.org/download.php?id=34578 |
Awesome you made a keygen
BTW I added error handling for fun so it
doesn't exit if you type in a letter:
http://www.mediafire.com/?z0fyyzlxt5t
|
|
Back to top |
|
|
|