Introduction:
This is my very first keygen experience. Have been working for about few weeks on this essay(the keygen source, codes, etc.). I'm just lucky to meet this lame opponent for my very first keygen lesson and now let me show newbies the way through its lame protections...

Part 1:Easy way of locating correct registration code
The process:
Hello and welcome to my tutorial, as tKC always says, nothing is going to stop me now, except the GOD. First of all, let me tell you about me, actually I am not good in using SoftICE but I just try to fish out the registration code of Open Sesame and after some struggling for about 15 minutes I successfully fished out the code, I think I am not that bad or this target is just too easy.

When you start it, there is a splash screen and later a window. Press the 'Register' button on that window. Another smaller window will pop out and you should notice that the 'Register' button is disabled, fill in your name and code like for example, I fill in the following:

Name:Sample Copy
Registration Code:2319998

Next, after some filling of information, the 'Register' button will be enabled so now go into SoftICE and put a breakpoint on hmemcpy. For newbie, the command will look like the following:

bpx hmemcpy

Go back to the registration window and press the 'Register' button. SoftICE will pop up, so press F5 once and later press F12 7 times. After that, the center of the screen(where there is a green line across the screen) should change to LAUNCHP!CODE+xxxxxxxx, if not continue pressing F12. Clear the breakpoint of hmemcpy because we don't need it anymore by typing bc* or bd* and press enter. Next, trace through all the codes by pressing F10 until the white line of indicator is on top of the following code:

:004302CE CALL 004034CE

Now, press F8 to step into the call, and continue to step through until you reached here:

:004034B3 CMP EAX,EDX

Type d eax, press enter and you should see your false registration code in the data window(upper right hand side). Type d edx, press enter and you should see your correct or real registration code in the data window but you have to be smart to sort out the code out of the other useless data like for example after sorting out, my code for the name 'Sample Copy' is 'i92wbtjnwu'. Now, you have reversed Open Sesame 3.1, aren't you happy and satisfied?

Additional/Extra Part or Stuff(s):
If you want to unregister, you can go to the Windows directory folder such as C:\Windows\, open the file sesame.INI and edit the [Register] section of it like this:

[Register]
????=pickle
Name=Sample Copy

Change to:

[Register]
????=
Name=

Although this first way of easy locating of correct registration code is useful, it can be messy in the data window after you do this way a few times with different names and fake registration codes, so as an alternative of locating the code in the CMP instruction at address 004034B3, you can locate it at address 004034B1(one line above the CMP instruction) with this command ->d edx because I think it will not be so messy in the data window. Note that the memory address given above may be a bit different or totally different on your computer, you just have to follow my way and don't worry the instruction will still be the same.

Part 2:Understanding the keygeneration routines
The process:
Well, you will ask that since we have already reversed Open Sesame, why should we ever need to understand the keygeneration routines of it? The answers are simple, firstly, this may serve as a keygen tutorial, secondly, we do this because we want to reverse Open Sesame totally. What I mean by totally? Totally means we know how the correct registration code is generated based on the name we enter.

This part is also easy owing to the simple keygeneration routines. Now, I'll will just give you a brief idea on the keygeneration routines. By debugging like the first part, one letter at a time, I discovered this(or you can also go into Open Sesame when SoftICE break on hmemcpy, disable hmemcpy breakpoint, set a breakpoint on address 004034B1(refer to above) or 004034B3(refer to above), press F5 to let SoftICE runs and finally you will brought to the place where you can just type 'd edx' to view your correct registration code):

A=9, B=x, C=j, D=4, E=t, F=5, G=p, H=y, I=c, J=3, K=v, L=b, M=2, N=e, O=n, P=w, Q=o, R=m, S=i, T=1, U=r, V=l, W=7, X=k, Y=u, Z=8, any other character including space=null(Basically, it just substitutes the alphabets of your name with other characters)
Condition:There are no difference betwwen upper case alphabets with lower case alphabets, that mean A=9 then a=9 also. The name must at least contain an alphabet from A to Z or else it will be an invalid name. The code will be counted from left to right like for example:

S a m p l e C o p y
i 9 2 w b t j n w u

With these informations, it will not be too hard for you to code a keygen. Well, after you understand the keygeneration routine, what should you do? You should really code a keygen. I have included a C++ source of a simple Open Sesame 3.1 keygen below written by a friend of mine and slightly edited by myself. I compile it on my Visual C++ 6.0 but it should be able to compile on any other C++ compiler.
 

#include <ctype.h> // toupper, isupper #include <stdio.h> // printf, fflush #include <conio.h> // getche void main() {       //Introduction       printf("======================== \n");       printf("|        Open Sesame Keygen by      | \n");       printf("|                    ManKind                  | \n");       printf("======================== \n");         // I want the user to input his name       // Prompt the user       printf("Please enter your name:");       fflush(stdout); // make sure the prompt is flushed from output buffer to the screen       // read the name into an array of characters       char UserName[100]; // Note: this may crash if you enter more than 100 characters       gets(UserName);         // Then I want to read his name and make the following above substitution       // define the new alphabet as a lookup table with an entry for       // each caharcter.       char Lookup[] = "9xj4t5pyc3vb2enwomi1rl7ku8";         // Condition:There are no difference between upper case alphabets with       // lower case alphabets, that mean A=9 then a=9 also.       // Eliminate invalid letters by writing the translated       // character at a different position.       char *P, *Q;       for (P = Q = UserName; *P; ++P) {            unsigned Index = toupper(*P) - 'A'; // place in lookup table            if (Index < sizeof Lookup) *Q++ = Lookup[Index]; // translate       }       *Q = '\0'; // terminate the translated string         // I want to display the registration code after substitution of the user's name       // Note: this will end as soon as a null character is found       printf("Registration Code = %s\n", UserName);         // wait for a keypress before exiting       getche(); }

That's all for now. Hope to see you soon on my next tutorial. As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Ending:
Thanks and greetz to:
+ORC, +HCU, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, CrackZ, cLUSTER, LaZaRuS, mISTER fANATIC, yes123, WhizKiD, Volatility, ACiD BuRN, Eternal Bliss, R!SC, Kwazy Webbit, +Mammon, MisterE, Shadow, ^tCM^, WaJ, Borna Janes, Kathras, AB4DS(Death), douby, Steinowitz, Lord Soth, Latigo, Lucifer48, NeuRaL_NoiSE, Fravia+, Latigo, Duelist, Alpine, flag eRRatum, Nitrus, +Frog's Print, Muad`Dib, Iczelion, Razzia, Warezpup, Bomber Monkey, llama and other crackers, individuals and organisations who have helped me, either directly or indirectly.