Hey all!

It's great to see the activity on this forum!

I've got some ideas regaarding this board I'd like to share with you and receive some feedback...
IMHO creating keygens is for the intermediate/advanced since it involves some assembly experience.
I myself (still a newbie) started reversing by creating patches. This means first creating a dead listing from a program by using W32Dasm, search for some obvious strings and tracing the code until a good-guy/bad-guy jump is reached.

What I'd like to do is to create for each project three different threads:
1st thread - Project information like the goal, where to get it and tools.
2nd thread - Patching tips, hints and solutions
3rd thread - Keygenning/Serial sniffing tips jhints and solutions.

This way requirements of the targets are:
- It has to use a serial (for keygenning)
- It needs to be small (!)
- No compression
- No SMC (self-modifying code)
- Preferably a single file

Please let me know what ya all think of this

Cheers,

RalDnoR.

b.t.w thanks for all the positive feedback!

raldnor, I think those are good ideas. I think that you should put out a project and give some basic information on what it does and how to get started. Then let people play around with it, if people come back and say "I'm lost what do I do" than we give out some more details on how to get to the protection code. Once a patch is made and people understand how it was done we should move to the next level and maybe show how to sniff out a serial number and then move to the last step keygenning the program. Newbies need to learn assembly sometimes why not make people learn it the fun why by coding in it instead of reading about it for days and then forgetting everything by the time you actually have to use it.

I'm gonna start looking for new programs that could be good for newbies.

Please let me know what you thought about the Moving Picture project, was it hard, about right, too easy ?

goatass

hi,

First thanks your efforts. In general it probably is better to know
assembler for keygens. My last (not difficult) keymaker for Netpal and
CookiePal are Qbasic, I could have done them in c, pascal or assembler but
the temptation is to just cut, "borrow" the procs from the target and paste
them into your "keymaker". Personally I would like to see something on keyfiles, those litle encrypted registration files some progs write out or maybe something thats writes a flag into an unexpected place in the registry. I don't like patching unless its absolutely necessary, it may
appear the patch is perfect and then ages later up pops some problem. I've also seen some essays on patching where a valid s/n could obtained more simply than the patch. Having said that I can suggest a couple of progs if all you are looking for is simple flag patching to eliminate nags.

regards
hz

PS
the first project was to easy, the code could easily be calculated on
a calculator.

good idea, just one little tweak:

Have another thread for just program information ---not like tools and stuff, but rather information about the program's protection, i.e. key files, algorythms, registry entries, and how to find these things...

Keyfiles are a good project but 99% of them are difficult for newbies you have to have a good knowledge in assembly in order to understand the encryption/decryption routines used on these keyfiles...I will keep my eyes open for a program that uses an easy implementation of a keyfile, if not I'll write one.

goatass

Hi Raldnor, goatass, other reversers...

I thought the Moving Pix target was a good choice. I definately learned something since I had never seen the GetVolumeInformationA call used in a serial calculation and the key was also quite easy to generate which IMHO made it a very good choice for a first keygen. I understand where Raldnor is coming from about keeping it simple, but there is also something to be said about keeping the level just a little high so we have to reach for it :-)

I am a newbie myself and would certainly hope that a chosen target would not rely on anti-sice tricks, packing, self-modifying code or other advanced topics which are yet beyond me, but I would like to see some more serial protections that use something unique (like the volume serial #) in their implementation. This enables us newbies to begin to think "outside the box" and gain experience which will lead us on to a more intermediate reversing level. I don't see simple asm (like this small key algorithm we just cracked) as being a problem. Coding a simple key gen like this really does help to put things in perspective. Book or classroom knowledge about the topic just does not cut it. IMO, eventually you just have to dive in! And besides, a certain level of basic asm will eventually be required for newbies wishing to tackle more intermediate reversing tasks.

Keep up the good work guys...

Cheers,
Clandestiny

If this board is for Newbies, please let it be as such! Myself and perhaps others, don't know all of the functions to set a bpx on or better yet, how to locate the one that is really needed. All of the tut's I have read, including this project, give you the bpx to work with. I know it's not magic - at least I don't think it is. I would like to see ALL the steps, if possible, that you go thru to arrive at your starting point.

If I am asking for something too simple, something you are not willing to do, or something that was not your intent in starting this group, I will understand completely.

I believe RCE is kind of like the saying:
Give a man a fish and he will eat. Give a man a fishing pole and he will learn to fish.

Thanks!!!

Get an API reference and study it a bit.

Many of the API's also do as they sound...

i.e. GetDlgItemText = Get Dialog Item Text
that's the 16 bit version...32 bit is GetDlgItemTextA

Hence, when filling in an edit box, and you wish o break when it gets read, GetDlgItemTextA or GetWindowTextA are usually good choices.

Sometimes you stumble around in the dark for awhile, but experience more than explanation is the biggest help on this matter. Many times there are different API's that do similar things, different compiilers may use different ones for same task, but you can usually narrow it down to a few using logic and try them.

I repeat the 1st point....get an API reference (an API monitor may be of some help too, then you can see what functions the program uses)

The way I see it is that many of the newbies these days don't bother to take the time to read and learn assembly and how to use our tools. All they want is to be able to crack from the second they download the tools. It doesn't work this way, we are dealing with a brand new language and therefore you must read everything you can find about it so you could understand what you are looking at.
When we say put a BPX on this API we assume that you read SoftIce manual and you know how to use it a little bit and know what a BPX is and what an API is. We can't teach you every single thing, you have to do some of the learning by yourself this way you will remember it better. If there is something you don't understand or can't find any good information about go ahead and ask but when you ask things that can be easily learned just by reading a small paper or manual we will not answer because you did not take the time to find and read the information yourself therefore we will not waste our time explaining it. We were newbies too and we know what's out there, we know what's easy and what's hard to find.

This is not directed to anyone in particular just a general newbie comment.

goatass

Hi,
Just few comments from my side (someone new to this stuff):

1. The project was easy but not too easy e.g. before the bpoint GetVolumeInformation was posted I had problems to locate the serial calculating routine.
2. I am not interested in finding which jumps to change to have the prog registered but rather to gain the basic knowledge that will let me understand how protections (and software in general) work (so no “quick cracking of recently downloaded apps”).
3. Who is a newbie? Obviouslly there are different levels of being a newbie and surely some knowledge is required. It’s up to moderators to decide what kind of project will suit biggest audience.
4. A question comes to my mind re. keygens (don’t forget I am new . What is the point of writting keygens? What is has to do with reversing? Is it not more a programming exercise? I mean once protection routine has been located and understood, any programmer can make working app out of it.

These are only some very general thoughts of mine. I understand very well that my point of view is only mine and for others writing a keygen can be the most exciting part of it. Would be nice therefore if the new project will be broad enough to make every participant “happy”.

Thanks
JaneK

Hi,
I have some comments on a few of the posts.

I think JaneK hit the nail on the head. There are various classes of newbie and all will see the goals of the project differently, so it becomes a matter of trying to please most of the people most of the time. I don't think this is difficult though if an open-ended questioning approach is used. This is basically what raldnor suggested with his first post and I agree with that concept. There is nothing preventing anyone taking the project as far as they want or only going as far as they want. For example, for this last project I am going to try and take it a step further and modfiy the exisiting code to show the correct serial for you to enter. Why? No reason except to learn how the program functions and what I can do with it. Now it may take me weeks to do this, but I get something out of it.

I am one of those people that has to actually do it to learn. I read many essays before I attempted to make a keygen (this program will be my second) in assembly but I actually learnt more from diving in and doing it. And yes it does take time. Time thinking, time trying and time hoping something will work

I think that what has been suggested will work fine, it will be up to each individual to determine what and how much they get out of it.

Cheers
Mersenne

Mersenne,

Congrats on wanting to take the project a step further, that's the type of attitude I like to see on this forum! Never stop learning.

If you need a few tips on how to go about this, I did the very same thing to Winzip a while back. I have a tutorial on it at qferret.cjb.net. It probably won't be a step by step conversion, but it may give an idea or 3 on how to proceed ;-)

As for the point of keygens, you have to understand every line of the algo routine to get it to work properly, so it is definitely a reversing exercise. But yes it is ALSO a coding exercise. Reversing is far easier if you can program in at least one language, so you at least know a bit of how programs work. For me it's a circle (gain cracking knowledge-> learn a bit about programming, learn a bit about programming->gain a little insight into cracking ...etc.) ;-)