Log in

View Full Version : Just a KeygenMe...


Darkelf
October 20th, 2011, 22:29
Hi,

just before crackmes.de closed it's gates, I've made a KeygenMe that lingers around on my harddrive for too long. Today I discovered it again. I recompiled it and I've decided to throw it in the ring now. Have fun with it. I guess it's not really suited for beginners. It makes no use of any crypto but there is some math to do. If I had to rate it, I'd say it's a 3/10. But decide yourself. Rules are in the .zip. The KeygenMe is not protected, just packed with UPX because for me size still matters

Regards
darkelf

2507

Darkelf
October 27th, 2011, 18:23
I did something wrong it seems.
Up to now, the KeygenMe was downloaded about 90 times, but there is absolutely no reaction from the people who did. Neither here nor in the email account I provided in the rules.
I would kindly like to ask what's wrong. Is it too easy to be worth discussing or really too hard? too boring? mind-boggling?
If you need some hint, just ask.
Ask me, scold me, praise me , do whatever you like but do it!
Getting absolutely no response is somewhat err irritating.

Regards
darkelf

drizz
October 28th, 2011, 18:14
Hello,

Good that you bumped the topic, I usually don't do keygenmes but your appeal made me look at it...

You could have turned on some optimization options when compiling the exe
Thats basically the difficult part, going trough the unoptimized code

Input: " -1D +0R +0I -1Z -1Z -1" without the quotes as sn (there are 3 spaces before each sign).
use any name. use any email.


Darkelf
October 28th, 2011, 19:15
Well, I have to apologize.
That's only possible because I forgot to reenable a check I disabled for testing purpose.
I will fix that and up the new version. The serial is supposed to be strictly numerical (separated by "-".
Nevertheless good job! You've found a bug.

Regards
darkelf

edit says: actually there are a number of optimization options turned on. The code is supposed to look this way.

drizz
October 28th, 2011, 19:51
Quote:
[Originally Posted by Darkelf;91304]The serial is supposed to be strictly numerical (separated by "-".
I do know that and how the SN is generated. The "exploit" was more interesting.

60614-33894-22436-74547-23878-63604


Darkelf
October 28th, 2011, 20:35
Ahhh, that sounds better
Good job!
May I ask which mathematical function you used? I ask, because there are two possible basic approaches.
I'm just curious which one you've chosen.

Best regards
darkelf


edit: here it is. fixed and working (hopefully): 2508

drizz
October 29th, 2011, 09:21
Quote:
[Originally Posted by Darkelf;91306]May I ask which mathematical function you used? I ask, because there are two possible basic approaches.
I'm just curious which one you've chosen.


The usual, when there is nothing to reverse: do what the program does.

x = calculated
y = inputed {y1-y2-y3-y4-y5-y6}

I) requirement
((~x1) | (y1)) +
((~x2) & (y2)) +
((~x3) & (y3)) +

((x4) ^ (y4)) +
((x4) - (y4)) +

((x5) ^ (y5)) +
((x5) - (y5)) +

((x6) | (~y6)) +
== ~1 { = -2 }

so,

x1==y1
x2==y2
x3==y3 // y2,y3 can also be 00000

60614-00000-00000-74547-23878-63604 also works


x4==y4
x5==y5
x6==y6

then I) becomes
== -1 + 0 + 0 + 0 + 0 + (-1) == -2

so simpy calculate all x just like your program does

( (asin(Xi/sqrt(Xi^2+Xi+2^2))*173.25/PI, __int64 sums, etc etc).


Darkelf
October 29th, 2011, 09:41
Yepp, that's it.

After playing with it in Olly I additionally found out that I really thought like a programmer when coding this little toy, thus absolutely NOT like a reverser, because one doesn't need to know anything about math when doing this keygenme, since it's very easy to brute
Well, since it was my first attempt in writing a KeygenMe I'm nevertheless somewhat content.
To be honest, I only wanted to show off with the swimming pool graphics gimmick in the logo <-nah, just a joke.

Expect me to come back with something more challenging.

Regards
darkelf

Kayaker
October 29th, 2011, 10:57
Quote:
[Originally Posted by Darkelf;91313]
To be honest, I only wanted to show off with the swimming pool graphics gimmick in the logo <-nah, just a joke.


Actually that was SO cool! To be honest I spent more time playing with my mouse in that and trying to reverse the GDI than I did on the algo. (I solved neither )

Care to spill the beans on how you did the graphics, or should that be left as a reversing exercise too?

Darkelf
October 29th, 2011, 11:35
Hi Kayaker,

hehe, from time to to time I fire it up just to spend some time moving the mouse through the water and left-clicking it (maybe I should consult someone with psychological skills :thinking.
Anyways, I will happily send you the source if you like. Please beware it's MFC. Until now I was to lazy to port it to something more modern.
So, if you want the source, just tell me.

Have a nice weekend
darkelf

Orkblutt
November 2nd, 2011, 05:33
http://www.codeproject.com/KB/graphics/specialfx.aspx

I used that code long ago in my "about" dialogs... Here a little tool I made to find girls on MSN/Match in 2005: click the "?" button and play
2513

Quote:
hehe, from time to to time I fire it up just to spend some time moving the mouse through the water and left-clicking it (maybe I should consult someone with psychological skills ).

I did that too on my tools... I added right click options and the .xm i used was great...

regards,

orkblutt

Darkelf
November 2nd, 2011, 06:13
Here is the more on the algo:

http://freespace.virgin.net/hugo.elias/graphics/x_water.htm

and with OpenGL:

http://www.codeproject.com/KB/openGL/dsaqua.aspx

Regards
darkelf

nanobit
November 26th, 2011, 22:18
Oh man, I solved the problem with back tracking in base 2. actually there can be more than one serial. IMHO, drizz's method is much easier. I should have just watched it out of the box

name: nanobit
email: n@no.bit
serial: 76238-71681-08240-44909-54890-56571
serial: 55217-34280-20813-61383-63082-74572

the first serial is calculated manually and the second serial is based on drizz's solution.

nanobit
December 2nd, 2011, 23:57
this is my keygen, hope it works

Darkelf
December 8th, 2011, 18:18
Hi nanobit,

well done and thank you for putting so much effort into it.
I've sent you an email with my own sourcecode for a keygen.
Comparing one's solution with that of other's is imho the most valuable thing one can get from a keygenme.

Thank you.

Best regards
Darkelf

nanobit
December 9th, 2011, 16:52
Thanks for your nice crackme. I really enjoyed solving it. keep it coming dude

captcpsc
February 29th, 2012, 13:33
Quote:
[Originally Posted by drizz;91312]The usual, when there is nothing to reverse: do what the program does.
I) requirement
((~x1) | (y1)) +
((~x2) & (y2)) +
((~x3) & (y3)) +

((x4) ^ (y4)) +
((x4) - (y4)) +

((x5) ^ (y5)) +
((x5) - (y5)) +

((x6) | (~y6)) +
== ~1 { = -2 }



Afternoon (here) just a quick question on notation; I'm a Newbie to the forum. I recognize the | & as bitwise or and and, I'm guessing the ^ raise to the power, X^Y sorta thing? "-" subtraction. What I'm confused about or have forgotten or seen in some other way is the ~. As in ~x2 or ~1. If someone whom knows this notation can give me a quick reply that be awesome.

Kayaker
February 29th, 2012, 17:11
This should help, googled from "c++ arithmetic operators"

http://www.cplusplus.com/doc/tutorial/operators/

captcpsc
February 29th, 2012, 19:56
Quote:
[Originally Posted by Kayaker;91966]This should help, googled from "c++ arithmetic operators"

http://www.cplusplus.com/doc/tutorial/operators/


Yep that did the JOB! Unary complement (bit inversion).... Thanks!