TARGET	: Crackme #2 by Bengaly
DIF.	: 1/10
GOAL	: Make a Keygen


This crackme is very easy, and clearly coded. It requires little comments...


:004012B1 6A40                    push 00000040
:004012B3 6838304000              push 00403038		; Pointer to name string
:004012B8 6A6A                    push 0000006A
:004012BA FF7508                  push [ebp+08]
:004012BD E808010000              call 004013CA		; Getdlgitemtexta
:004012C2 83F800                  cmp eax, 00000000
:004012C5 7418                    je 004012DF		; jump if nothing entered
:004012C7 6A40                    push 00000040
:004012C9 6838314000              push 00403138		; Pointer to serial string
:004012CE 6A6B                    push 0000006B
:004012D0 FF7508                  push [ebp+08]
:004012D3 E8F2000000              call 004013CA		; Getdlgitemtexta
:004012D8 83F800                  cmp eax, 00000000
:004012DB 7402                    je 004012DF		; jump if nothing entered
:004012DD EB17                    jmp 004012F6		; Continue

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004012C5(C), :004012DB(C)
|
:004012DF 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"Key/CrackMe #2   "
                                  |
:004012E1 6862344000              push 00403462

* Possible StringData Ref from Data Obj ->"    Please Fill in 1 more Char!!"
                                  |
:004012E6 6800304000              push 00403000
:004012EB 6A00                    push 00000000

* Reference To: USER32.USER32.dll, Ord:0000h
                                  |
:004012ED E8FC000000              Call 004013EE
:004012F2 C9                      leave
:004012F3 C21000                  ret 0010



* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004012DD(U)
|
:004012F6 6838304000              push 00403038

* Reference To: kernel32.kernel32.dll, Ord:0000h
                                  |
:004012FB E830010000              Call 00401430			  ; Get name-length
:00401300 33F6                    xor esi, esi
:00401302 8BC8                    mov ecx, eax
:00401304 B801000000              mov eax, 00000001		  ; init counter to 1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040132C(C)
|
:00401309 8B1538304000            mov edx, dword ptr [00403038]	    
:0040130F 8A9037304000            mov dl, byte ptr [eax+00403037] ; ascii of name in dl
:00401315 81E2FF000000            and edx, 000000FF		  ; remove edx, except dl
:0040131B 8BDA                    mov ebx, edx
:0040131D 0FAFDA                  imul ebx, edx			  ; ebx = ascii*ascii
:00401320 03F3                    add esi, ebx			  ; esi = esi+ebx
:00401322 8BDA                    mov ebx, edx
:00401324 D1FB                    sar ebx, 1			  ; ebx = ascii / 2
:00401326 03F3                    add esi, ebx			  ; esi = esi+ebx
:00401328 2BF2                    sub esi, edx			  ; esi = esi-ascii
:0040132A 40                      inc eax			  ; teller++
:0040132B 49                      dec ecx			  ; namelength--
:0040132C 75DB                    jne 00401309			  ; continue loop till end of string
:0040132E 56                      push esi			  ; push real serial
:0040132F 6838314000              push 00403138			  ; push false serial
:00401334 E84A000000              call 00401383			  ; Convert serial ascii to int
:00401339 5E                      pop esi			  ; pop real serial in esi
:0040133A 3BC6                    cmp eax, esi			  ; real serial == false serial ?
:0040133C 7515                    jne 00401353			  ; if not equal, badguy jump 
:0040133E 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"Key/CrackMe #2   "
                                  |
:00401340 6862344000              push 00403462

* Possible StringData Ref from Data Obj ->" Good Job, I Wish You the Very "
                                        ->"Best"
                                  |
:00401345 68B8344000              push 004034B8
:0040134A 6A00                    push 00000000

* Reference To: USER32.USER32.dll, Ord:0000h
                                  |
:0040134C E89D000000              Call 004013EE
:00401351 EB13                    jmp 00401366

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040133C(C)
|
:00401353 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"Key/CrackMe #2   "
                                  |
:00401355 6862344000              push 00403462

* Possible StringData Ref from Data Obj ->" You Have Enter A Wrong Serial, "
                                        ->"Please Try Again "
                                  |
:0040135A 6886344000              push 00403486
:0040135F 6A00                    push 00000000



So the algoritm is like this :

n = ascii of name
s = serial

s = SUM [n+(n/2)-n]


Name	: Detten
Serial	: 69091

The keygen (with source) is included in the zip.

Nice clean crackme, but the algoritm was too simple. :)

Greetings,

Detten