Hi guys, first post .Don't jump on me from the start please. I'm trying to make a key-gen for a program called [name and url removed]). Any way i unpacked the protection (ASProtect) so the .exe went clean and i was able to find this with my disassembler:

db 'Registration',0
db 00h;
db 00h;
db 00h;
L00413808:
db 4Bh; 'K'
db 65h; 'e'
db 79h; 'y'
db 00h;
L0041380C:
dd L00726C70
L00413810:

I guess that the 'K' 'e' 'y' part is used to make keys, here comes my problem, i don't know how to make the key-gen itself. So if any one could help me here i'd be very thankful

i dont jump on you,

but target names are neither wanted nor necessary, please respect it in the future and read the FAQ.

thx,

0xf001

killZ /me

Guess i should have read the FAQ first... sorry won't happen again.

1. What is the problem....
2. What is the protection.....
3. What tools are you using....
4. What tutorials have you read....
5. Show your output listing WITH comments....
6. NOW ask your question....

1. Newbie "cracker" and can't assemble keygen.
2. ASProtect - has been removed
3. Stripper v213b9, PE Explorer, PEiD
4. Not much actually, mostly read the disassembled code and try to figure out something.
5. Check first post
6. Help?

You have to find the code which manipulates and verifies the registration key.

Then duplicate that functionality in your keygen.

Searching for references to those strings should find yourself in the registration key routine.

I hate to rain on your parade, but the 'Key' string youve found probably isn't anything to do with key generation. I'm guessing you found it in the .rsrc section (or maybe one of the .data sections).
I don't know your target, but if I saw an ASCII string like that I'd assume it was part of the GUI, not the key validation algorithm.

It's a shame to see a genuine question go without much in the way of aid, but this task seems a little out of your depth at the moment, if you don't mind me saying.
Take a look at a few basic tutorials on (patch) cracking serial protections so you know where to look (how to use breakpoints effectively etc.), then step up to the easier keygen tuts to get an idea of how algorithms assemble and how you can invert them. From here, it's a programming problem.

If you have any specific queries, drop them in here and we'll all be happy to help. Just as it stands, your query is so open-ended that nobody knows where to start.

Good luck
Admiral

a better way is to enter your username and key, then find THOSE values in memory during a live debugging session. for example, when the text box is read at the time you hit the "Register" button, etc. now starts the fun - you must watch what the program does to generate the key from these plaintext values, and either rip out this section of code for your kg or duplicate it's action.

To tell the truth, it's sometimes easiest to find the final comparison of the key and work in two directions from the plaintext and the key at the same time. Often, a lot of BS can happen between getting that string and actually generating the internal key that does nothing useful- it could mean a lot of single stepping if you can't set a breakpoint on the plaintext's memory location.


Either way - I would trap when the string is first fetched by bp'ing whatever API call you think is doing the fetching - text box, license file, registry entry.

Next, follow this memory (with a bp if possible) as the program manipulates your username/key into it's internal key. If you want to be lazy, often you can just fetch the internal key from this result and type that in next time so the program reg's itself.

If you really want to build the keygen, either rip out the internal generation code, or make notes on what is happening so you can duplicate it in C or ASM.

try this path and let us know your progress. as the others said, more support will come when we get a better idea of where you are at.

Nowadays it seems the real fun is finding an API that will break when you hit the
register button, I'm seeing more than a few switch from the old standby's GetXXXXXXX to msbcmp - some won't even break on a plain GetDlgItem and others are hiding the memory where your entry is stored - then there are the ones that check character by character as you enter the key. Not as easy as even a year ago.

SiGiNT

Thanks for all the info guys, i managed to fish a key with ollydbg.

success! congrats - fishing a key is a good start. Why don't you post your results here (not the target, just the calls you used to fish the key) so future fishermen can try your bait.

Now, to fish a key feeds you for one PC. To gen the key feeds your whole family - are you going to continue your effort to slice out the routine and build a gen? I think it's a good next step for you!