About this tutorial:
Tutorial:Keygenning ImgViewer/32 2.43(Another approach)

Target:ImgViewer/32 2.43(http://www.arcatapet.com)

Tools:SoftICE 3.24(this is a good software, worth buying)

Date:12th February 2000(Last updated on 21 November 2000)

Descriptions&Comments:What I am showing is not a straight forward keygen for ImgViewer/32, instead, I will show you how to use the artificial intelligence(hehe) of a cracker to do a keygen using another approach(or call it way or method as you like). This is a nice graphic program, do register it, you will get all future updates for free once registered.

Protections:Name/Serial, Nag, Keygen, Key File(not really!)

Disclaimer:This file is used for educational purposes only. Any misuse of the information presented here is not my responsibility.

Copyright information:This tutorial is copyright © ManKind

Starting words:
Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at mankind001@bigfoot.com


The process:
Introduction:
First of all, let me tell you a little about the protections of this program. The main protection is name/serial. Once registered, a file with the name of Iv32_reg.key will be created and the registration name in crypted form is stored in that file. So, basically, this program doesn't use key file as its protection as written in the .nfo files of many cracking groups who released the cracks for this program. However, this protection really do look similar to a simple key file protection. You will see why later...

Part one:Easy way of locating correct registration code
This is another very easy crack. Run ImgViewer/32, open the About/Register(Shift+F1) screen, press the Enter Reg Code and enter the following information in the registration screen:

Name:ManKind
Serial number:23199981

Go into SoftICE, set a breakpoint on hmemcpy like below:

bpx hmemcpy

Leave SoftICE, press the Ok button, SoftICE will pop up, press F5 once to let SoftICE read the text in the second text field(we have two), press F11 once to return to the caller, press F12 11 times to go out of the current calls and finally you will reach the following code:

:00472AB8 MOV EAX,[EBP-18] ;; you land here
:00472ABB LEA EDX,[EBP-14]
:00472ABE CALL 004081F4
:00472AC3 MOV EAX,[EBP-14] ;; move fake serial number into eax
:00472AC6 MOV EDX,[EBP-10] ;; move real serial number into edx
:00472AC9 CALL 00403E40 ;; compare routine, do 'd edx' here to view the real serial number in the data window
:00472ACE JNZ 00472B2C ;; jump if not equal to 00472B2C

You see why I say its simple? Do the following command at address 00472AC9 to view the real serial number for your name in the data window:

d edx

The real serial number for the name "ManKind" without quotes is 55345460746(please do not distribute this serial). Try to register with the serial number. It works...

Part two:Examining the so called 'key file':
If you are in the ImgViewer/32's root folder and are fast enough to switch from the ImgViewer/32 program to the folder once you register, you will notice that a file with the name "iv32_reg.key" without quotes is created. Let us examine the so called 'key file'. Open it with Notepad or any other text editor. Below is the file's content(originally with quotes):

"astu~~nzljReqMjnc"

Can you tell me what does the above means? My very first guess is that our registration information is encrypted in some form and is stored in the file. I can tell you one thing for sure. My guess proofs to be true. However, my brain is not intelligent enough to see how's our registration information is encrypted, so, I choose to use the old-but-effective method, trial-and-error method. By editing the characters of the above string one by one, I found the following:

1. The "(the first character in the string) and the "(the last character in the string) can be deleted but cannot be replaced by other characters.
2. The a to j(astu~~nzlj) characters must exist and cannot be replaced by other characters, as these are used to differentiate between a valid and invalid 'key file'.
3. The characters starting from R to c(ReqMjnc) is our registration name in crypted form. They are in order, for example, R(crypted) represents M(uncrypted). Name can be blank.

You can edit the 'key file', save it, run the ImgViewer/32 program and open the about screen to see whether what I wrote above is correct or not. We only have to concentrate on our crypted name now. Below are what I found out about our crypted name:

1. the length of the crypted name is same as our uncrypted name.
2.
Uppercase alphabets: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Uncrypted name: M a n K i n d
Crypted name: R e q M j n c
Lowercase alphabets: a b c d e f g h i j k l m n o p q r s t u v w x y z
3. from the above table, the following can be said:
-When the uncrypted alphabet is in uppercase form, the crypted alphabet will be in uppercase form too, and of course, if it is in lowercase, the crypted one will be in lowercase too.
-the first crypted alphabet, R, is 5 letter away from the first uncrypted alphabet, e is 4 letter away from a, q is 3 letter away from n, M is 2 letter away from i, j is 1 letter away from i, n is 0 letter away from n, c is -1 letter away from d and so on.
-the above condition can also be explained like this ->ascii value of uncrypted alphabet of name is added to a certain value(by default is 5 and will decrease by 1 for each alphabet of name) equals to the ascii character of the added values(ascii of uncrypted alphabet + certain value).
-Have you seen the encryption routine?(yes!)
-Can you decrypt it now?(yes!)

I think it is clear now that I don't need to continue any further. In the following part, I will present you with a Turbo Pascal keygen source and explain it in detail.

Part three:Keygenning(explained)
Well, you are here again, presented with a keygen's source. This time, I code the keygen myself(congratulate me, hehe). I included full(almost) comment on the source, unlike my previous sources, so hopefully everyone can understand it. I compile it on my Turbo Pascal 7.01 but the source might compile on other Pascal compilers.


Program keygen ; {Program name}
uses crt ; {crt is a unit, this is similar to the include directive in c/c++, for example - #include}
var
{variable declarations}
  counte, name1, i, namelen : integer ;
  username, name2, name3 : string ;
  keyfile : text ;

begin 
  clrscr ;
  writeln('ImgViewer/32 v2.43 Keygen by ManKind') ; {intro}
  writeln('====================================') ; {part of intro}
  writeln ; {leave a blank line}
  counte := 5 ; {assign value 5 to variable counte(certain value in part two)}
  write('Please type in your name: ') ; {input user, similar to input command in qbasic}
  readln(username) ; {assign entered name into variable username, similar to cin command in c++}
  namelen := length(username) ; {assign length of name into variable namelen}

  for i:=1 to length(username) do  {this is a loop, it loops till i = length of name to encrypt the entered name}
    begin {begin the loop}
      name1 := Ord(username[i]) + counte ; {name1 = ascii value of current char + counte}
      name2 := name2 + Chr(name1) ; {name2 = name2 + ascii char of name1}
      counte := counte - 1 ; {decrease counte by 1}
    end ; {end of loop}

  name3 := '"astu~~nzlj' + name2 ; {this and below are required for a valid "keyfile"}
  name3 := name3 + '"' ;

  assign(keyfile,'iv32_reg.key') ; {assign the name of the file we want to generate to variable keyfile}
  rewrite(keyfile) ; {this open the file specified for writing}
  write(keyfile,name3) ; {write value of name3 to file keyfile(iv32_reg.key)}
  close(keyfile) ; {we must close a file like this after finished using it}
  writeln; {write a blank line}

  writeln('Your registration keyfile has been generated!') ; {inform the user about the creation of the registration keyfile}

  readln ;

end.

I hope you like this essay. That's all for now. Hope to see you soon on my next tutorial. As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Extra notes:
There's really nothing special in this essay. The main ideas I want to tell you through this essay are:
1. don't always follow old ways.
2. be creative and inovative.
3. try to think different from what other's think.
4. try out new things and adopt them if they really good.
5. stick with old things and abondon them if they sucks.
Really signing off here...


Ending:
Thanks and greetz to:
+ORC, +HCU, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, CrackZ, cLUSTER, LaZaRuS, mISTER fANATIC, yes123, WhizKiD, Volatility, ACiD BuRN, Eternal Bliss, R!SC, Kwazy Webbit, +Mammon, MisterE, Shadow, ^tCM^, WaJ, Borna Janes, Kathras, douby, Carpathia, Steinowitz, Lord Soth, Latigo, Lucifer48, NeuRaL_NoiSE, Fravia+, Latigo, Duelist, Alpine, flag eRRatum, Nitrus, +Frog's Print, Muad`Dib, Iczelion, Razzia, Warezpup, Bomber Monkey, llama and other crackers, individuals and organisations who have helped me, either directly or indirectly.

Service for Mankind
ManKind
mankind001@bigfoot.com