Results 1 to 3 of 3

Thread: Need help making a keygen.

  1. #1
    ljre24
    Guest

    Need help making a keygen.

    I've been working on this program's serial generation procedure for almost a month now. So far I've been able to reverse engineer almost half of the code involved, but I've recently hit a really confusing stump lately.

    The serial generation mechanism works in the following way. You enter your name in one field, and your company in another. This generates a 32 bit identification number which is displayed on the screen. When you purchase the product you give the generated identification number and you receive a serial number made up of two parts, a 6 digit string, and an 8 digit number, separated from the string by a hyphen. An example would be:

    MRSPEH-88423197

    The first thing the program does is to save the first string as it is and take the second string(the number) and store it in memory as a 32 bit number.

    The program then proceeds to sum up the ASCII values of the first string, each value being multiplied by 64h before it's added to the accumulated result.Then it takes the identification number (the one it displays to the user) and performs a great number of bit manipulations on it in combination with a large buffer that contains certain values, finally generating a number that is added to the summed up ASCII values of the first string. The value is then saved.

    A number of very similar operations are then performed on the first string and the identification number again. After all this mess, never minding the details (for now), it simply generates a number which it finally then proceeds to compare to the 32 bit number generated from the second part of the serial number. If the generated number is equal to the second part of the serial number, then the test succeeds and you get a window congratulating you and asking you to restart to activate the full product.

    So just as a test, instead of fully analizing the whole procedure, I just inserted a random first string, a random second string, say "STRING-12345678" for example, and waited until the procedure got to the point of that final comparison, so what I did was to note down the 32 bit number it was comparing to the 32 bit number generated from the second part of the string (12345678), say the number was 32432123, and reinserted it into the serial number field, so this time it would be STRING-32432123.

    And it worked! Apparently I got the congratulation window, and it asked me to restart to begin using the full product. I restarted, but I was greeted once again with the trial splash screen It didn't work. I tried doing the same but with an already proven registration number for a certain name and company, and that worked perfectly.

    So what on earth happened? I got the same congratulation window for both numbers, but why didn't mine work after the program restarted? Is there a second hidden validation test the moment the program starts? I still haven't figured that out since I can't decide between debugging the moment the program starts or reverse engineering the rest of the serial number generation procedure. The part that is most discouraging is knowing that I managed to pass the final comparison test WITH THE PROGRAM TELLING ME I WAS RIGHT but it was still wrong after the program restarted. What could be going on here?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    ...

    Isn't it obvious?

    There's a check on the first part of the string

  3. #3
    ljre24
    Guest
    Not exactly. I just found out, by debugging the program at the beginning, that it also performs another check on the whole serial at the start of the program! It even calls THE SAME FUNCTION it did during the first check! Of course, I had to bypass a lot of antidebug crap (not with the help of any plugin, none of them helped Olly in passing undetected)


    I'm getting there, so right now it's up to me until I get stumped again.

    It's still weird though, because if it's calling the same function, it means the result should be the same. But I'm getting there...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 3
    Last Post: January 16th, 2014, 13:48
  2. Loader making
    By w_a_r_1 in forum The Newbie Forum
    Replies: 12
    Last Post: July 13th, 2009, 14:42
  3. need help extracting files, making sense of results
    By cgmark in forum The Newbie Forum
    Replies: 7
    Last Post: May 29th, 2009, 14:31
  4. How about making a RE LiveCD?
    By Aquatic in forum Linux RCE
    Replies: 0
    Last Post: April 11th, 2006, 16:15
  5. help making ntice break on exception.
    By tinman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: February 10th, 2003, 12:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •