|
Keygenning Talisman 2 |
|
Requirements:
|
Info... |
Note:
This tutorial asumes you have previous experience with softice |
Introduction:
Talisman 2 is a excelant program to replace the standard windows shell.
This target is easy and for newbie keygenners only. The tutorial is writen quickly to fill inside a deadline. Hope you can understand it
Getting Started:
Goto the registration box and enter ya name and fake serial. Set a breakpoint on hmemcpy. The reason we use hmemcpy is because its a typcal DELPHI app.
Click register to register. Softice will now
pop up. Press F5 3 times (basicly as many as you can before
app says bad code) and F12 untill (untill the ret's dont
show) you land on this code:
----------------------------------------------------------------
:0047ABA7 33F6 xor esi, esi
:0047ABA9 8B45F8 mov eax, dword ptr [ebp-08]
:0047ABAC E80F91F8FF call 00403CC0
:0047ABB1 85C0 test eax, eax <-Name length stored
here
:0047ABB3 7E13 jle 0047ABC8 <-If we entered none then
bugger off
:0047ABB5 BA01000000 mov edx, 00000001 <- Our counter
(this case = 1st character)
:0047ABBA 8B4DF8 mov ecx, dword ptr [ebp-08]
:0047ABBD 0FB64C11FF movzx ecx, byte ptr [ecx+edx-01]
<- Start of algo
:0047ABC2 03F1 add esi, ecx
:0047ABC4 42 inc edx
:0047ABC5 48 dec eax
:0047ABC6 75F2 jne 0047ABBA
:0047ABC8 8975EC mov dword ptr [ebp-14], esi
:0047ABCB DB45EC fild dword ptr [ebp-14]
:0047ABCE E8997DF8FF call 0040296C
:0047ABD3 69C009030000 imul eax, 00000309
:0047ABD9 8BF0 mov esi, eax <- End of algo
:0047ABDB 3B75FC cmp esi, dword ptr [ebp-04]
:0047ABDE 0F85BF000000 jne 0047ACA3
----------------------------------------------------------------
Lets break down this simple algo-
movzx ecx, byte ptr [ecx+edx-01] <- Place character
in ECX
add esi, ecx <- Add character to our previous
calc's (will be 0 if first character)
inc edx <- EDX+1 for our counter
dec eax <- Name length-1 :)
jne 0047ABBA <- If no more name to calc then DONT
JUMP, otherwise JUMP - hense Jump if Not Equal
mov dword ptr [ebp-14], esi
fild dword ptr [ebp-14]
call 0040296C <- This puts our total characters
added together into EAX
imul eax, 00000309 <- EAX * 309
The ending result is in eax and is our TRUE serial (type ? eax).
So to specify even more lets use my name:
T + h + r + a + w + n * 309 = Final Serial
54 + 68 + 72 + 61 + 77 + 4E * 309 =Final Serial
Lets be good little crackers and make a keygen. See the
source included for various languages.
Conclusion:
A good program let down by poor protection,
what more can i say. Check out the sources.
Any questions? Mail me: thrawnc@hotmail.com
Visit
my Home Page
Greetings fly out to:
y0ke (Thanks for letting me use this template) , iNSTiNCT, DiSTiNCT, eMINENCE, R!SC, M_, MrFrost, SP33D, Seifer666, Warezpup, BuLLeT, Carpathia, [Froost], DVS, PhANt0m, MeTaL, b00m, BlackEvil, ChiLar163, crackie, SeL, Dogsmack, iNFiNiTY, Issvar, LadyWarez, Lag00rs, LordOfLA, Meyitzo, Mindphzer, MrJezus, n]-[va, NeTsurFer, OutCast3k, philius, Point-X, redback, Shiva, Spacenett, stripper, sutek, tE!, The_Morph, TheScream, TheSilent, TheVirus, TiVe, zelkor and the rest cause i ran outa names ;).