Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: bengaly Crack me

  1. #1

    Question bengaly Crack me

    Hi all , this is my first post.... but not new to the woodmann, lots of my tuts are form here....
    I am learning to keygen in asm (using MASM) ....I was wondering if anybody is willing to help me with this, I have tried 3 times (actually a lot more than 3 times but I only included the 3 attempts) and the keygen works but I generate the wrong serial.... this algo is simple so what am I doing wrong ??? I included the crack me in a zip format inside this zip (it is packed with UPX), there is a crackme that is in a folder which I already unpacked!

    I included some algorips.txt and of course the 3 Keygen attempts with full ASM (keygen.asm, rsrc.rc, etc...)
    just double click the Build.bat and a keygen will compile....

    P.S.

    I included a tutorial by Detten that I found for this, Although he has keygened it in C , so that wont help me code this in MASM...

    Any help with my Keygen proc will be appreciated....the keygen itself works so you do not have to concern yourself with that , sadly my keygen proc is bad....


    Thanks in Advance....

    Wunder

  2. #2
    There is an error in your code and it also seems that you have not fully understood the last part I think

    The crackme takes two inputs, a username and a serial, the GUI doesn't write this explicitly. From the username a hash is computed, a number. The hash function is relative simple

    Code:
    .text:00401309                 mov     edx, dword_403038
    .text:0040130F                 mov     dl, byte_403037[eax]
    .text:00401315                 and     edx, 0FFh
    .text:0040131B                 mov     ebx, edx
    .text:0040131D                 imul    ebx, edx
    .text:00401320                 add     esi, ebx
    .text:00401322                 mov     ebx, edx
    .text:00401324                 sar     ebx, 1
    .text:00401326                 add     esi, ebx
    .text:00401328                 sub     esi, edx
    .text:0040132A                 inc     eax
    .text:0040132B                 dec     ecx
    .text:0040132C                 jnz     short loc_401309
    It loops over all the characters in the username and computes a hash in esi. For each char in username

    esi += char^2 + (char >> 1) - char;

    The keygen then converts the serial to an integer. It does a string2int conversion. So if you type in lena151 in the username edit box you want to type in 50699 in the serial edit box because that is the hash value.

    I checked your keygen3. There is a bug in the hash function. Check that it only loops over the chars in the username. As it is now the loop goes on beyond the length of the username. In the last part you only need to convert that hash number is ESI to a string and update the serial box in your GUI.

    I hope this is helpful and makes some sense

  3. #3
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,520
    Blog Entries
    1
    wwwwait..
    So if you type in lena151 in the username edit box
    VeryByTheWay-- why lena151 ?

  4. #4

    Thumbs down

    Hi there niaren...
    I think I did get that :
    "The keygen then converts the serial to an integer. It does a string2int conversion. So if you type in lena151 in the username edit box you want to type in 50699 in the serial edit box because that is the hash value."

    The keygen that Detten wrote in VB which I included in my zip will do that....

    What does mov edx, dword_403038 mean???
    what does mov dl, byte_403037[eax] mean???

    I was trying to get some one to help me with writing the keygen proc in MASM

    not throw everything in my zip back at me

    I ripped that code my self HOW DO YOU WRITE IT IN MASM IN THE PROC???

    Well you do look smart niaren... maybe I am an idiot ??

    MASM loves this instructions:

    ".text:00401309 mov edx, dword_403038
    .text:0040130F mov dl, byte_403037[eax]
    .text:00401315 and edx, 0FFh
    .text:0040131B mov ebx, edx
    .text:0040131D imul ebx, edx
    .text:00401320 add esi, ebx
    .text:00401322 mov ebx, edx
    .text:00401324 sar ebx, 1
    .text:00401326 add esi, ebx
    .text:00401328 sub esi, edx
    .text:0040132A inc eax
    .text:0040132B dec ecx
    .text:0040132C jnz short loc_401309"

    and " esi += char^2 + (char >> 1) - char;" <- detten wrote that in the keygen by Detten + tut that I included in my zip
    Really????

    you throw everything back at me and made yourself look very smart

    WRITE A WORKING KEYGEN PROC IN MASM!
    I have all this and so do you fron Detten + tut which is in VB (c code)
    Last edited by wunder; December 18th, 2010 at 21:55.

  5. #5
    can anybody help with my original question and help me fix my keygen proc ?

  6. #6
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    wunder, that's an extremely rude response to someone who's trying to help you.

    Yes, there is a bug in your code and niaren gave you a perfectly good hint as to what it is, without specifically giving it away. Did you even consider that he might be right and you should go back and check the code with that hint in mind, or did you just decide to give an uppity reply and wait for someone to do it all for you?

    Drop the attitude and go closely compare your code and the code rip again and try to figure out what you're missing. You'll learn more that way. If you still can't see it, you're welcome to come back and ask again without the demands.

    I'll give you one other, unrelated, hint. PUSH/POP instructions need to be balanced, and the POPs need to be in *reverse* order to the sequence they are PUSHed.

    push ecx
    push eax
    ..
    pop eax
    pop ecx

    is the correct pattern. Compare that with what you wrote, which in a more complex program would likely crash.

  7. #7
    @eval

    I asked myself exactly the same question when reading it

  8. #8
    I'm sorry about the confusion, the use of lena151 as username is a (bad) habit I adopted after doing the lenatuts.

    Speaking about lenatuts. Wunder, if you're still motivated to reverse and learn and you get on top of things with writing your keygen and you take notice of what Kayaker he wrote, then we can do a mini-project later on where we patch/modify the crackme such that it registers itself. In other words, everytime a new character is typed into the username edit box the serialbox is automatically updated. This idea is mentioned in one of the lenatuts. It's your call

  9. #9
    @ Kayaker thanks for pointing out the push to stack and clear the stack (pop and push) thing I was going on for a while and I was using copy and paste a lot to save time; I must of mixed thing up...I am aware that they are supposed to be in reverse....

    and I was not being rude .. I am new to Assembly language and I do not know how to write some parts...That Is all I asked for is help writing it in MASM I KNOW THAT THE CODE IS WRONG BUT I DO NOT KNOW HOW TO FIX IT OR I WOULD NOT HAVE POSTED THIS

    Anything that niaren is not helpful at all ...I am well aware of how to crack and I do need help with the MASM part if you are not willing to help or simply do not know how ...than do not preach
    Last edited by wunder; December 19th, 2010 at 21:35.

  10. #10
    Quote Originally Posted by niaren View Post
    I'm sorry about the confusion, the use of lena151 as username is a (bad) habit I adopted after doing the lenatuts.

    Speaking about lenatuts. Wunder, if you're still motivated to reverse and learn and you get on top of things with writing your keygen and you take notice of what Kayaker he wrote, then we can do a mini-project later on where we patch/modify the crackme such that it registers itself. In other words, everytime a new character is typed into the username edit box the serialbox is automatically updated. This idea is mentioned in one of the lenatuts. It's your call
    Really niaren???

    I need help writing this and you offer to help me write another keygen???

    By the way that keygen that you are describing is included in a full .asm with for winzip8.0

    thank already know how to do that...

  11. #11
    I can see that nobody will help me writing my proc in ASM , that is all that I asked for, I was a moderator for years on a forum were we actually helped one another
    I can see that I wont get any help here....

  12. #12
    Howdy,

    You are correct, you wont get any help here with your piss poor attitude.

    The help you were offered was not enough. You wanted someone to do it for you which will never happen here.

    Go back to your old forum to get the answer spoon fed to you.
    Oh wait, if they could do that on your old forum then why are you here?

    Learn or die.

    Regards, THE BIG ASSHOLE KNOWN AS WOODMANN.
    Learn Or Die.

  13. #13
    ALL I WAS LOOKING FOR IS FOR SOME ONE TO CORRECT MY KEYGEN PROC

    ; Keygen Template


    .486
    .model flat, stdcall
    option casemap: none

    ; API functions
    ; ------------------------------------------------------------------------------
    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\comctl32.inc
    include \masm32\include\masm32.inc

    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\comctl32.lib
    includelib \masm32\lib\masm32.lib
    ; ------------------------------------------------------------------------------

    ; Prototype
    ; ------------------------------------------------------------------------------
    DialogProc PROTO : HWND, : UINT, : WPARAM, : LPARAM
    KeygenProc PROTO : HWND
    ; ------------------------------------------------------------------------------

    .const

    ; Resource ids
    ; ------------------------------------------------------------------------------

    IDI_KEYGEN equ 400
    IDB_KEYGEN equ 401

    IDD_KEYGEN equ 200
    IDC_NAME equ 300
    IDC_SERIAL equ 301
    IDC_GENERATE equ 302
    IDC_EXIT equ 304
    IDC_ABOUT equ 305

    ; ------------------------------------------------------------------------------

    .data
    szAboutTitle TCHAR "About", 0

    ; Keygen parameters
    ; ------------------------------------------------------------------------------

    ; Required data
    szError TCHAR "enter a name.",0
    szTitle TCHAR "KeyGen Template", 0
    szId TCHAR "About",0
    szDefaultName TCHAR "Wunder", 0
    szAbout TCHAR "..: Author: xxxxxxxxxx :..", 10, 13
    TCHAR "..: Email: xxxxxxxxxx :..", 10, 13
    TCHAR "..: Release date: xxxxxxxxxxx :..", 10, 13
    TCHAR "..: Website: xxxxxxxxxxx :..", 10, 13, 10, 13
    TCHAR "..: Software: xxxxxxxxxx :..", 10, 13
    TCHAR "Thanks: xxxxxxxxx", 10, 13,10,13
    TCHAR "Greetings: xxxxxxxxxxxx", 10, 13, 10,13


    ; Keygen definided-variables

    .data?

    ; Required data
    szName TCHAR 100 dup(?)
    szSerial TCHAR 100 dup(?)

    ; Keygen undefinided-variables

    ; ------------------------------------------------------------------------------

    hInstance HINSTANCE ?
    hIcon HICON ?

    .code

    start:

    INVOKE InitCommonControls

    INVOKE LoadIcon, eax, IDI_KEYGEN
    mov hIcon, eax

    INVOKE GetModuleHandle, NULL
    mov hInstance, eax

    INVOKE DialogBoxParam, hInstance, IDD_KEYGEN, NULL, ADDR DialogProc, 0
    INVOKE ExitProcess, 0


    ; Dialog procedure
    ; ------------------------------------------------------------------------------
    DialogProc PROC hWnd: HWND, uMsg: UINT, wParam: WPARAM, lParam: LPARAM

    .IF uMsg == WM_INITDIALOG

    invoke SetWindowText, hWnd, addr szTitle

    INVOKE SendMessage, hWnd, WM_SETICON,ICON_SMALL, eax

    INVOKE SendDlgItemMessage, hWnd, IDC_NAME, EM_SETLIMITTEXT, SIZEOF szName - 1, 0

    INVOKE SetDlgItemText, hWnd, IDC_ABOUT, ADDR szId
    INVOKE SetDlgItemText, hWnd, IDC_NAME, ADDR szDefaultName

    INVOKE KeygenProc, hWnd

    .ELSEIF uMsg == WM_COMMAND

    .IF wParam == IDC_ABOUT
    INVOKE MessageBox, hWnd, ADDR szAbout, ADDR szAboutTitle, MB_ICONINFORMATION
    .ELSEIF wParam == IDC_GENERATE
    INVOKE KeygenProc, hWnd

    .ELSEIF wParam == IDC_EXIT
    INVOKE SendMessage, hWnd, WM_CLOSE, 0, 0
    .ENDIF

    .ELSEIF uMsg == WM_CLOSE
    INVOKE EndDialog, hWnd, 0

    .ENDIF

    xor eax, eax
    ret
    DialogProc ENDP


    ; Keygen procedure
    ; ------------------------------------------------------------------------------
    KeygenProc PROC hWnd: HWND


    push ecx ; push ECX, this register needs to be saved
    push eax ; push EAX, this register needs to be saved
    push edx ; push EDX, this register needs to be saved
    push ebx ; push EBX, this register needs to be saved
    push esi ; push ESI, this register needs to be saved
    push edi ; push ESI, this register needs to be saved

    push SIZEOF szName ; calls the name entered
    push OFFSET szName ; calls the name entered
    push IDC_NAME ; calls the name entered
    push hWnd ; calls the name entered
    call GetDlgItemText ; calls the name entered


    .code

    startGenerate: ; generate procedure starts here

    ; Keygen routine here
    lea esi, szName ; Load string esi (szName )
    push esi
    CALL lstrlen ; checks username length (often used), then it's stored in eax
    xor esi,esi ;clear esi
    mov ecx, eax ; move username length to ecx
    mov eax,0000000001h ; init counter to 1
    cmp eax, 0 ; compares contents of name window to nothing (0)
    je nameError ; If nothing then go to name error


    ; actual code start

    mov edx, dword ptr [szName]

    LOC_00401309: ; indicates a point in the program, to jump to

    mov dl,byte ptr ds:[eax+szName]
    and edx,0FFh
    MOV EBX,EDX
    IMUL EBX,EDX
    ADD ESI,EBX
    MOV EBX,EDX
    SAR EBX,1
    ADD ESI,EBX
    SUB ESI,EDX
    INC EAX ; increases the value to pick the next character from szName in the next jump to LOC_00401309
    cmp ecx,edx
    JNZ LOC_00401309




    ; actul code ends



    ; Keygen routine Stops here

    INVOKE dwtoa, eax, ADDR szSerial ;converts the Hex value to decimal

    INVOKE SetDlgItemText, hWnd, IDC_SERIAL, ADDR szSerial ; this invokes the seial window to display the serial

    jmp endGenerate ; stops generataing and it is ready again for next name

    nameError: ; name error procedure , it calles the caption of szError and sets it in addres of serial window
    INVOKE SetDlgItemText, hWnd, IDC_SERIAL, ADDR szError


    endGenerate: ; generate procedure ends here


    pop edi ; pop ESI off the stack again
    pop esi ; pop ESI off the stack again
    pop ebx ; pop EDX off the stack again
    pop edx ; pop EBX off the stack again
    pop eax ; pop EAX off the stack again
    pop ecx ; pop ECX off the stack again







    ret
    KeygenProc ENDP
    ; ------------------------------------------------------------------------------

    END start

  14. #14
    Quote Originally Posted by Woodmann View Post
    Howdy,

    You are correct, you wont get any help here with your piss poor attitude.

    The help you were offered was not enough. You wanted someone to do it for you which will never happen here.

    Go back to your old forum to get the answer spoon fed to you.
    Oh wait, if they could do that on your old forum then why are you here?

    Learn or die.

    Regards, THE BIG ASSHOLE KNOWN AS WOODMANN.
    piss poor attitude???

    I asked for help because i need it and the forum that I was a mod at was not related to this... It was free to air satellite forum
    I am a newbie at key-genning not at cracking ... niaren response had to do with learning how to crack not how to code in MASM which is what I need help with...I understand the procedure with my debugger very well , I do not know how to code it ... it is not about being spoon fed it is about someone taking the time to correct you so you can learn from it...
    how am I supposed to learn???

    I have trouble translating :

    0040130F |. 8A90 37304000 |mov dl,byte ptr ds:[eax+403037] to MASM

    that is all

  15. #15
    You STILL DON'T GET IT, do you.

    If you BEHAVE like a jerk, you get treated like a JERK and that is what you have been doing so far.

    If YOU do not adjust YOUR ATTITUDE, YOU are NOT going to get much help HERE, regardless of what YOU want.

    Try adjusting your attidude and there certainly are people here who could help you if they wished to do so.

    No one HAS TO HELP YOU, if THEY don't want to.

    YOUR "attitude" is the major influence on that issue.

    Regards,
    JMI

Similar Threads

  1. Crack me help
    By TB10 in forum The Newbie Forum
    Replies: 39
    Last Post: January 3rd, 2014, 17:47
  2. Crack a program
    By zorro in forum The Newbie Forum
    Replies: 4
    Last Post: April 2nd, 2012, 21:43
  3. Crack in Linux
    By mansourweb in forum The Newbie Forum
    Replies: 1
    Last Post: February 18th, 2011, 20:47
  4. Crack for $
    By mike in forum Off Topic
    Replies: 1
    Last Post: October 7th, 2003, 23:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •