Hi all , this is my first post.... but not new to the woodmann, lots of my tuts are form here....
I am learning to keygen in asm (using MASM) ....I was wondering if anybody is willing to help me with this, I have tried 3 times (actually a lot more than 3 times but I only included the 3 attempts) and the keygen works but I generate the wrong serial.... this algo is simple so what am I doing wrong ??? I included the crack me in a zip format inside this zip (it is packed with UPX), there is a crackme that is in a folder which I already unpacked!

I included some algorips.txt and of course the 3 Keygen attempts with full ASM (keygen.asm, rsrc.rc, etc...)
just double click the Build.bat and a keygen will compile....

P.S.

I included a tutorial by Detten that I found for this, Although he has keygened it in C , so that wont help me code this in MASM...

Any help with my Keygen proc will be appreciated....the keygen itself works so you do not have to concern yourself with that , sadly my keygen proc is bad....


Thanks in Advance....

Wunder

There is an error in your code and it also seems that you have not fully understood the last part I think

The crackme takes two inputs, a username and a serial, the GUI doesn't write this explicitly. From the username a hash is computed, a number. The hash function is relative simple



It loops over all the characters in the username and computes a hash in esi. For each char in username

esi += char^2 + (char >> 1) - char;

The keygen then converts the serial to an integer. It does a string2int conversion. So if you type in lena151 in the username edit box you want to type in 50699 in the serial edit box because that is the hash value.

I checked your keygen3. There is a bug in the hash function. Check that it only loops over the chars in the username. As it is now the loop goes on beyond the length of the username. In the last part you only need to convert that hash number is ESI to a string and update the serial box in your GUI.

I hope this is helpful and makes some sense

wwwwait..

VeryByTheWay-- why lena151 ?

Hi there niaren...
I think I did get that :
"The keygen then converts the serial to an integer. It does a string2int conversion. So if you type in lena151 in the username edit box you want to type in 50699 in the serial edit box because that is the hash value."

The keygen that Detten wrote in VB which I included in my zip will do that....

What does mov edx, dword_403038 mean???
what does mov dl, byte_403037[eax] mean???

I was trying to get some one to help me with writing the keygen proc in MASM

not throw everything in my zip back at me

I ripped that code my self HOW DO YOU WRITE IT IN MASM IN THE PROC???

Well you do look smart niaren... maybe I am an idiot ??

MASM loves this instructions:

".text:00401309 mov edx, dword_403038
.text:0040130F mov dl, byte_403037[eax]
.text:00401315 and edx, 0FFh
.text:0040131B mov ebx, edx
.text:0040131D imul ebx, edx
.text:00401320 add esi, ebx
.text:00401322 mov ebx, edx
.text:00401324 sar ebx, 1
.text:00401326 add esi, ebx
.text:00401328 sub esi, edx
.text:0040132A inc eax
.text:0040132B dec ecx
.text:0040132C jnz short loc_401309"

and " esi += char^2 + (char >> 1) - char;" <- detten wrote that in the keygen by Detten + tut that I included in my zip
Really????

you throw everything back at me and made yourself look very smart

WRITE A WORKING KEYGEN PROC IN MASM!
I have all this and so do you fron Detten + tut which is in VB (c code)

can anybody help with my original question and help me fix my keygen proc ?

wunder, that's an extremely rude response to someone who's trying to help you.

Yes, there is a bug in your code and niaren gave you a perfectly good hint as to what it is, without specifically giving it away. Did you even consider that he might be right and you should go back and check the code with that hint in mind, or did you just decide to give an uppity reply and wait for someone to do it all for you?

Drop the attitude and go closely compare your code and the code rip again and try to figure out what you're missing. You'll learn more that way. If you still can't see it, you're welcome to come back and ask again without the demands.

I'll give you one other, unrelated, hint. PUSH/POP instructions need to be balanced, and the POPs need to be in *reverse* order to the sequence they are PUSHed.

push ecx
push eax
..
pop eax
pop ecx

is the correct pattern. Compare that with what you wrote, which in a more complex program would likely crash.

@eval

I asked myself exactly the same question when reading it

I'm sorry about the confusion, the use of lena151 as username is a (bad) habit I adopted after doing the lenatuts.

Speaking about lenatuts. Wunder, if you're still motivated to reverse and learn and you get on top of things with writing your keygen and you take notice of what Kayaker he wrote, then we can do a mini-project later on where we patch/modify the crackme such that it registers itself. In other words, everytime a new character is typed into the username edit box the serialbox is automatically updated. This idea is mentioned in one of the lenatuts. It's your call

@ Kayaker thanks for pointing out the push to stack and clear the stack (pop and push) thing I was going on for a while and I was using copy and paste a lot to save time; I must of mixed thing up...I am aware that they are supposed to be in reverse....

and I was not being rude .. I am new to Assembly language and I do not know how to write some parts...That Is all I asked for is help writing it in MASM I KNOW THAT THE CODE IS WRONG BUT I DO NOT KNOW HOW TO FIX IT OR I WOULD NOT HAVE POSTED THIS

Anything that niaren is not helpful at all ...I am well aware of how to crack and I do need help with the MASM part if you are not willing to help or simply do not know how ...than do not preach

Really niaren???

I need help writing this and you offer to help me write another keygen???

By the way that keygen that you are describing is included in a full .asm with for winzip8.0

thank already know how to do that...

I can see that nobody will help me writing my proc in ASM , that is all that I asked for, I was a moderator for years on a forum were we actually helped one another
I can see that I wont get any help here....

Howdy,

You are correct, you wont get any help here with your piss poor attitude.

The help you were offered was not enough. You wanted someone to do it for you which will never happen here.

Go back to your old forum to get the answer spoon fed to you.
Oh wait, if they could do that on your old forum then why are you here?

Learn or die.

Regards, THE BIG ASSHOLE KNOWN AS WOODMANN.

ALL I WAS LOOKING FOR IS FOR SOME ONE TO CORRECT MY KEYGEN PROC

; Keygen Template


.486
.model flat, stdcall
option casemap: none

; API functions
; ------------------------------------------------------------------------------
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comctl32.inc
include \masm32\include\masm32.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\masm32.lib
; ------------------------------------------------------------------------------

; Prototype
; ------------------------------------------------------------------------------
DialogProc PROTO : HWND, : UINT, : WPARAM, : LPARAM
KeygenProc PROTO : HWND
; ------------------------------------------------------------------------------

.const

; Resource ids
; ------------------------------------------------------------------------------

IDI_KEYGEN equ 400
IDB_KEYGEN equ 401

IDD_KEYGEN equ 200
IDC_NAME equ 300
IDC_SERIAL equ 301
IDC_GENERATE equ 302
IDC_EXIT equ 304
IDC_ABOUT equ 305

; ------------------------------------------------------------------------------

.data
szAboutTitle TCHAR "About", 0

; Keygen parameters
; ------------------------------------------------------------------------------

; Required data
szError TCHAR "enter a name.",0
szTitle TCHAR "KeyGen Template", 0
szId TCHAR "About",0
szDefaultName TCHAR "Wunder", 0
szAbout TCHAR "..: Author: xxxxxxxxxx :..", 10, 13
TCHAR "..: Email: xxxxxxxxxx :..", 10, 13
TCHAR "..: Release date: xxxxxxxxxxx :..", 10, 13
TCHAR "..: Website: xxxxxxxxxxx :..", 10, 13, 10, 13
TCHAR "..: Software: xxxxxxxxxx :..", 10, 13
TCHAR "Thanks: xxxxxxxxx", 10, 13,10,13
TCHAR "Greetings: xxxxxxxxxxxx", 10, 13, 10,13


; Keygen definided-variables

.data?

; Required data
szName TCHAR 100 dup(?)
szSerial TCHAR 100 dup(?)

; Keygen undefinided-variables

; ------------------------------------------------------------------------------

hInstance HINSTANCE ?
hIcon HICON ?

.code

start:

INVOKE InitCommonControls

INVOKE LoadIcon, eax, IDI_KEYGEN
mov hIcon, eax

INVOKE GetModuleHandle, NULL
mov hInstance, eax

INVOKE DialogBoxParam, hInstance, IDD_KEYGEN, NULL, ADDR DialogProc, 0
INVOKE ExitProcess, 0


; Dialog procedure
; ------------------------------------------------------------------------------
DialogProc PROC hWnd: HWND, uMsg: UINT, wParam: WPARAM, lParam: LPARAM

.IF uMsg == WM_INITDIALOG

invoke SetWindowText, hWnd, addr szTitle

INVOKE SendMessage, hWnd, WM_SETICON,ICON_SMALL, eax

INVOKE SendDlgItemMessage, hWnd, IDC_NAME, EM_SETLIMITTEXT, SIZEOF szName - 1, 0

INVOKE SetDlgItemText, hWnd, IDC_ABOUT, ADDR szId
INVOKE SetDlgItemText, hWnd, IDC_NAME, ADDR szDefaultName

INVOKE KeygenProc, hWnd

.ELSEIF uMsg == WM_COMMAND

.IF wParam == IDC_ABOUT
INVOKE MessageBox, hWnd, ADDR szAbout, ADDR szAboutTitle, MB_ICONINFORMATION
.ELSEIF wParam == IDC_GENERATE
INVOKE KeygenProc, hWnd

.ELSEIF wParam == IDC_EXIT
INVOKE SendMessage, hWnd, WM_CLOSE, 0, 0
.ENDIF

.ELSEIF uMsg == WM_CLOSE
INVOKE EndDialog, hWnd, 0

.ENDIF

xor eax, eax
ret
DialogProc ENDP


; Keygen procedure
; ------------------------------------------------------------------------------
KeygenProc PROC hWnd: HWND


push ecx ; push ECX, this register needs to be saved
push eax ; push EAX, this register needs to be saved
push edx ; push EDX, this register needs to be saved
push ebx ; push EBX, this register needs to be saved
push esi ; push ESI, this register needs to be saved
push edi ; push ESI, this register needs to be saved

push SIZEOF szName ; calls the name entered
push OFFSET szName ; calls the name entered
push IDC_NAME ; calls the name entered
push hWnd ; calls the name entered
call GetDlgItemText ; calls the name entered


.code

startGenerate: ; generate procedure starts here

; Keygen routine here
lea esi, szName ; Load string esi (szName )
push esi
CALL lstrlen ; checks username length (often used), then it's stored in eax
xor esi,esi ;clear esi
mov ecx, eax ; move username length to ecx
mov eax,0000000001h ; init counter to 1
cmp eax, 0 ; compares contents of name window to nothing (0)
je nameError ; If nothing then go to name error


; actual code start

mov edx, dword ptr [szName]

LOC_00401309: ; indicates a point in the program, to jump to

mov dl,byte ptr ds:[eax+szName]
and edx,0FFh
MOV EBX,EDX
IMUL EBX,EDX
ADD ESI,EBX
MOV EBX,EDX
SAR EBX,1
ADD ESI,EBX
SUB ESI,EDX
INC EAX ; increases the value to pick the next character from szName in the next jump to LOC_00401309
cmp ecx,edx
JNZ LOC_00401309




; actul code ends



; Keygen routine Stops here

INVOKE dwtoa, eax, ADDR szSerial ;converts the Hex value to decimal

INVOKE SetDlgItemText, hWnd, IDC_SERIAL, ADDR szSerial ; this invokes the seial window to display the serial

jmp endGenerate ; stops generataing and it is ready again for next name

nameError: ; name error procedure , it calles the caption of szError and sets it in addres of serial window
INVOKE SetDlgItemText, hWnd, IDC_SERIAL, ADDR szError


endGenerate: ; generate procedure ends here


pop edi ; pop ESI off the stack again
pop esi ; pop ESI off the stack again
pop ebx ; pop EDX off the stack again
pop edx ; pop EBX off the stack again
pop eax ; pop EAX off the stack again
pop ecx ; pop ECX off the stack again







ret
KeygenProc ENDP
; ------------------------------------------------------------------------------

END start

piss poor attitude???

I asked for help because i need it and the forum that I was a mod at was not related to this... It was free to air satellite forum
I am a newbie at key-genning not at cracking ... niaren response had to do with learning how to crack not how to code in MASM which is what I need help with...I understand the procedure with my debugger very well , I do not know how to code it ... it is not about being spoon fed it is about someone taking the time to correct you so you can learn from it...
how am I supposed to learn???

I have trouble translating :

0040130F |. 8A90 37304000 |mov dl,byte ptr ds:[eax+403037] to MASM

that is all

You STILL DON'T GET IT, do you.

If you BEHAVE like a jerk, you get treated like a JERK and that is what you have been doing so far.

If YOU do not adjust YOUR ATTITUDE, YOU are NOT going to get much help HERE, regardless of what YOU want.

Try adjusting your attidude and there certainly are people here who could help you if they wished to do so.

No one HAS TO HELP YOU, if THEY don't want to.

YOUR "attitude" is the major influence on that issue.

Regards,

http://www.masm32.com/board/

Your not gonna get nothing here.

Be nice to Hutch and perhaps they will help you.

Ta Ta,