Hi,

just before crackmes.de closed it's gates, I've made a KeygenMe that lingers around on my harddrive for too long. Today I discovered it again. I recompiled it and I've decided to throw it in the ring now. Have fun with it. I guess it's not really suited for beginners. It makes no use of any crypto but there is some math to do. If I had to rate it, I'd say it's a 3/10. But decide yourself. Rules are in the .zip. The KeygenMe is not protected, just packed with UPX because for me size still matters

Regards
darkelf

2507

I did something wrong it seems.
Up to now, the KeygenMe was downloaded about 90 times, but there is absolutely no reaction from the people who did. Neither here nor in the email account I provided in the rules.
I would kindly like to ask what's wrong. Is it too easy to be worth discussing or really too hard? too boring? mind-boggling?
If you need some hint, just ask.
Ask me, scold me, praise me , do whatever you like but do it!
Getting absolutely no response is somewhat err irritating.

Regards
darkelf

Hello,

Good that you bumped the topic, I usually don't do keygenmes but your appeal made me look at it...

You could have turned on some optimization options when compiling the exe
Thats basically the difficult part, going trough the unoptimized code

Input: " -1D +0R +0I -1Z -1Z -1" without the quotes as sn (there are 3 spaces before each sign).
use any name. use any email.

Well, I have to apologize.
That's only possible because I forgot to reenable a check I disabled for testing purpose.
I will fix that and up the new version. The serial is supposed to be strictly numerical (separated by "-".
Nevertheless good job! You've found a bug.

Regards
darkelf

edit says: actually there are a number of optimization options turned on. The code is supposed to look this way.

I do know that and how the SN is generated. The "exploit" was more interesting.

60614-33894-22436-74547-23878-63604

Ahhh, that sounds better
Good job!
May I ask which mathematical function you used? I ask, because there are two possible basic approaches.
I'm just curious which one you've chosen.

Best regards
darkelf


edit: here it is. fixed and working (hopefully): 2508

The usual, when there is nothing to reverse: do what the program does.

x = calculated
y = inputed {y1-y2-y3-y4-y5-y6}

I) requirement
((~x1) | (y1)) +
((~x2) & (y2)) +
((~x3) & (y3)) +

((x4) ^ (y4)) +
((x4) - (y4)) +

((x5) ^ (y5)) +
((x5) - (y5)) +

((x6) | (~y6)) +
== ~1 { = -2 }

so,

x1==y1
x2==y2
x3==y3 // y2,y3 can also be 00000

60614-00000-00000-74547-23878-63604 also works

x4==y4
x5==y5
x6==y6

then I) becomes
== -1 + 0 + 0 + 0 + 0 + (-1) == -2

so simpy calculate all x just like your program does

( (asin(Xi/sqrt(Xi^2+Xi+2^2))*173.25/PI, __int64 sums, etc etc).

Yepp, that's it.

After playing with it in Olly I additionally found out that I really thought like a programmer when coding this little toy, thus absolutely NOT like a reverser, because one doesn't need to know anything about math when doing this keygenme, since it's very easy to brute
Well, since it was my first attempt in writing a KeygenMe I'm nevertheless somewhat content.
To be honest, I only wanted to show off with the swimming pool graphics gimmick in the logo <-nah, just a joke.

Expect me to come back with something more challenging.

Regards
darkelf

Actually that was SO cool! To be honest I spent more time playing with my mouse in that and trying to reverse the GDI than I did on the algo. (I solved neither )

Care to spill the beans on how you did the graphics, or should that be left as a reversing exercise too?

Hi Kayaker,

hehe, from time to to time I fire it up just to spend some time moving the mouse through the water and left-clicking it (maybe I should consult someone with psychological skills :thinking.
Anyways, I will happily send you the source if you like. Please beware it's MFC. Until now I was to lazy to port it to something more modern.
So, if you want the source, just tell me.

Have a nice weekend
darkelf

http://www.codeproject.com/KB/graphics/specialfx.aspx

I used that code long ago in my "about" dialogs... Here a little tool I made to find girls on MSN/Match in 2005: click the "?" button and play
2513


I did that too on my tools... I added right click options and the .xm i used was great...

regards,

orkblutt

Here is the more on the algo:

http://freespace.virgin.net/hugo.elias/graphics/x_water.htm

and with OpenGL:

http://www.codeproject.com/KB/openGL/dsaqua.aspx

Regards
darkelf

Oh man, I solved the problem with back tracking in base 2. actually there can be more than one serial. IMHO, drizz's method is much easier. I should have just watched it out of the box

name: nanobit
email: n@no.bit
serial: 76238-71681-08240-44909-54890-56571
serial: 55217-34280-20813-61383-63082-74572

the first serial is calculated manually and the second serial is based on drizz's solution.

this is my keygen, hope it works

Hi nanobit,

well done and thank you for putting so much effort into it.
I've sent you an email with my own sourcecode for a keygen.
Comparing one's solution with that of other's is imho the most valuable thing one can get from a keygenme.

Thank you.

Best regards
Darkelf

Thanks for your nice crackme. I really enjoyed solving it. keep it coming dude

Afternoon (here) just a quick question on notation; I'm a Newbie to the forum. I recognize the | & as bitwise or and and, I'm guessing the ^ raise to the power, X^Y sorta thing? "-" subtraction. What I'm confused about or have forgotten or seen in some other way is the ~. As in ~x2 or ~1. If someone whom knows this notation can give me a quick reply that be awesome.

This should help, googled from "c++ arithmetic operators"

http://www.cplusplus.com/doc/tutorial/operators/

Yep that did the JOB! Unary complement (bit inversion).... Thanks!