I want to deduce the logic of a procedure, used to calculate a value based on an input value; the final purpose is to make a keygen, once the algorithm is deduced.

I'm attaching 2 files:

- an image that contains a screen-shot of the whole procedure, showing the lines where the input is set and where the output is achieved. There are 2 breakpoints on the procedure, both to show the input (first breakpoint: EAX contains the unicode string 45078113) and the expected output (second breakpoint: EDX contains the unicode string 212898484).

- a text file, containing the whole procedure.

I want to ask initial guidance on how to achieve my goal: deducing the algorithm.

If someone could just show me the deduced formula, would be nice.

If someone could explain me how to do it, considering that I'm practically new on reversing, that would be great!

Thanks in advance for your advices and help on this

keiko

Hi,

I'm sorry, but I don't think it's possible for anyone to find out the algorithm just from the .txt you attached here. This is because it contains several calls to MSVBVM6 API functions that are displayed as ordinals - see e.g. 56DAF8, 56DB5C. It's rather hard to see what these functions do if you only have an index number instead of a name.

You will have to step through the program yourself and see what these functions do - look at the input parameters and the output, usually they do pretty simple things. In fact, that's what the rules in this forum are: first have a go at it yourself, and only if it doesn't work out, show what you have managed to find out and where you are stuck. To be honest, you probably won't learn much if someone just gives you the solution. As with many things you can't get good at reversing just by reading others' work.

If you are indeed "practically new" at reversing as you say, you probably want to start by making sure you understand all the instructions in that listing. I'm thinking of constructs like "test eax, eax" and the floating point instructions. Also, for disassembly, you may want to acquire a copy of IDA Pro (the best disassembler on earth). It will allow you to give names to local variables and help you out with "call esi" style calls among others.

Well beginners should follow tutorials with targets rather than jumping into a deep well without trainer and with a oxygen tank.As mention show some effort,maybe someone might help you

Hmm.. This is obviously a VB app. Looks like it might be a target for SmartCheck. Looking at the output from that might give you some insight into what's going on.

Thanks for the tools suggested.
Disassembling the code with IDA showed the names of the functions rather than just numbers.
SmartCheck helped a lot.. I was able to get the algorithm using this tool

You are right.. I was getting into deep waters with proper tools, but without knowing how to use them.
Even when I achieved my goal, I'm very interested on reversing, so I got an assembler tutorial and am following LENA's video tutorials aswell.

Thanks for your replies and the suggestions made on them

There are other tools available, (VBDecompiler), Ida really doesn't do a good job with VB, if you understand basic then you'll be in a much better position than any other regular disassembler will give you. I'll leave you to your own resources in finding this or a similar tool, please don't ask.

SiGiNT

Honestly Keiko, if you don't dive into the deep water, it'll take you an eternity to learn anything. It's only when you dive in that you start learning a little, and then a little more, and eventually, you discover that the water wasn't that deep after all.

I would dare to say that no good reverser got into this without a huge plunge into the unknown.

Anyway, welcome to the pool! Swim around a while, and ask if you need help.