Results 1 to 9 of 9

Thread: Help at newbie KeygenMe

  1. #1

    Help at newbie KeygenMe

    Hello guys!

    Well, i'm here to learn!
    So i'm newbie at this and this keygenme that i'm trying to solve is classfied as newbie keygenme, but it's very complicated to me.

    So.. It have a simple interface.. i see a window and a EDIT.
    Coded in c++ we have 2 ways to get the function with keygen check..

    Search at GetDlgItemText or simply search at strings (faster and simpler)

    I tried hard to get where it generate original keygen..
    But it uses stack to store everything.. it's complicate to me.. because in Olly it puts "LOCAL.1", "LOCAL.5" and so on..
    But it mean "PTR SS:[EBP-0C8]" for example..

    I've attached the file in the post... Link >> revme-crackme-szi.zip
    If anyone can help me to find out..
    I don't want the answer i just want clues to find out by myself..

    Thanks!!!

  2. #2
    sub_40A924 is a importent point:
    analyze this ,and two sub:

    reverse the black sub ,you may find the answer
    Attached Images Attached Images   
    Last edited by greenoaktree; March 2nd, 2013 at 08:31.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Helo greenaktree.. you found out how it generate the key ?

    I'm feeling very confuse code and hard to find out...
    I've been analysing the "CALL 0040A924".. but It's very complicated, it uses only the stack..

    I see that it reads some high addresses..
    You just analyzed 40A924 and found the "key function generator" ?

    thanks

  4. #4
    Sorry,I didn't dig in.
    this is the main piece:
    00401FD2 . E8 DD560000 call <jmp.&USER32.GetDlgItemTextA> ; \GetDlgItemTextA
    00401FD7 . 83EC 10 sub esp,0x10
    00401FDA . 8D45 F7 lea eax,dword ptr ss:[ebp-0x9]
    00401FDD . 894424 08 mov dword ptr ss:[esp+0x8],eax
    00401FE1 . 8D55 C0 lea edx,dword ptr ss:[ebp-0x40]
    00401FE4 . 895424 04 mov dword ptr ss:[esp+0x4],edx
    00401FE8 . 8D45 F0 lea eax,dword ptr ss:[ebp-0x10]
    00401FEB . 890424 mov dword ptr ss:[esp],eax
    00401FEE . C785 48FFFFFF>mov dword ptr ss:[ebp-0xB8],0x3
    00401FF8 . E8 67810000 call Crackme.0040A164
    00401FFD . C685 38FFFFFF>mov byte ptr ss:[ebp-0xC8],0x0
    00402004 . 8D45 F0 lea eax,dword ptr ss:[ebp-0x10]
    00402007 . 894424 04 mov dword ptr ss:[esp+0x4],eax
    0040200B . 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
    0040200E . 890424 mov dword ptr ss:[esp],eax
    00402011 . C785 48FFFFFF>mov dword ptr ss:[ebp-0xB8],0x1
    0040201B . E8 E8810000 call Crackme.0040A208
    00402020 . C685 38FFFFFF>mov byte ptr ss:[ebp-0xC8],0x1
    00402027 . 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
    0040202A . 890424 mov dword ptr ss:[esp],eax
    0040202D . E8 9EF7FFFF call Crackme.004017D0
    00402032 . 84C0 test al,al
    00402034 . 0F85 86000000 jnz Crackme.004020C0
    0040203A . C685 40FFFFFF>mov byte ptr ss:[ebp-0xC0],0x0
    00402041 > 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
    00402044 . 890424 mov dword ptr ss:[esp],eax
    00402047 . C785 48FFFFFF>mov dword ptr ss:[ebp-0xB8],0x2
    00402051 . E8 CE880000 call Crackme.0040A924
    00402056 . 80BD 40FFFFFF>cmp byte ptr ss:[ebp-0xC0],0x0 ; |
    0040205D . 74 30 je XCrackme.0040208F ; |
    0040205F . C74424 0C 000>mov dword ptr ss:[esp+0xC],0x0 ; |
    00402067 . C74424 08 5BD>mov dword ptr ss:[esp+0x8],Crackme.0040D>; |ASCII "gratz !!"
    0040206F . C74424 04 64D>mov dword ptr ss:[esp+0x4],Crackme.0040D>; |ASCII "now keygen it !"


    except 0x40a924,there are 3 call after GetDlgItemTextA that get the key from UI
    0x40a164
    0x40a208
    0x4017d0


    these three subs are more complicated than 0x40a924
    I think may the three are library subs,so I search strings in the .exe file ,and find this:
    ASCII "../../../../gcc-4.4.1/libgcc/../gcc/config/i386/cygming-shared-data.c"
    So ,maybe it static linked with gcc library.Maybe the three are gcc library subs.

    some clue:
    ASCII "-GCCLIBCYGMING-EH-TDM1-SJLJ-GTHR-MINGW32"
    Last edited by greenoaktree; March 3rd, 2013 at 04:03.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,529
    Blog Entries
    15
    Quote Originally Posted by opc0d3 View Post
    because in Olly it puts "LOCAL.1", "LOCAL.5" and so on
    alt+o ->analysis1 -> check / uncheck show args and locals in procedure for enabling / disabling above disassembly for odbg1.1 version

    alt+o -> analysis -> show recognized args and locals in procedure / comments for odbg 2.01h

  6. #6
    I saw this keygenme was solved by hepL3r in http://www.crackmes.de
    see here:http://www.crackmes.de/users/revme/szi_keygenme/solutions/hepl3r/browse/tut.txt
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    yeah!! i saw it there too.. but it's so complicate.. haha i could fish the serial..
    But understand how keygen it.. THAT's complicate like hell... haha

    Thanks.. i think i need to crack more and then learning more and more to start keygening..

    if you have some tip or advise to me i'll appreciate..

    thanks a lot..

  8. #8
    IDA dont true(is bad). Graph useless.

    yeah!! i saw it there too.. but it's so complicate.. haha i could fish the serial..
    But understand how keygen it.. THAT's complicate like hell... haha
    Stop the using drugs

    Study.

  9. #9
    Code:
    	%NTR TPROC, R0
    
    TPROC:
    	%GPAL MOD_USER32, 5B9E46FEH	; @MessageBoxA() -> TR0
    		
    	%ICDT$ R1, "VM"
    
    	%ICDT$ R2, "Hello"
    
    	OP VM_SPUSH
    		BYTE 4	; N
    		%SDB MB_OK
    		%SDR R1
    		%SDR R2
    		%SDB NULL	; HMOD
    
    	%SCALL R0, 4
    
    	OP VM_ET
    vm: hello world

    VM.zip

Similar Threads

  1. PatchMe / KeygenMe
    By niaren in forum Mini Project Area
    Replies: 26
    Last Post: January 17th, 2014, 05:50
  2. New KeygenMe: Darkelf KeygenMe #2
    By Darkelf in forum Mini Project Area
    Replies: 0
    Last Post: July 20th, 2012, 16:20
  3. Just a KeygenMe...
    By Darkelf in forum Mini Project Area
    Replies: 18
    Last Post: February 29th, 2012, 19:56
  4. Easy KeygenMe !!
    By kami13x in forum Mini Project Area
    Replies: 17
    Last Post: March 7th, 2006, 20:54
  5. My New KeygenMe --- Give it a try ;-)
    By GodsJiva in forum Mini Project Area
    Replies: 27
    Last Post: September 1st, 2002, 18:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •