Find a quick way back to more documents with this link.
Return to Main Index,
Key Generators.
http://www.lighttek.com - Webpage (435k).
I found Melody on the latest CD-ROM free with PC Direct (September's Edition), naturally the entire CD is packed with plenty of poorly protected software screaming out to be cracked. On an unrelated note, not that you really ought to care what I think :-), I'd like to say what an absolutely appalling magazine PC Direct is, every months edition is 450 pages of "adverts" & "buyers guides" telling you to buy the latest wizardry which of course will be obselete the very next month (lucky my subscriptions so cheap).
Back to the matter in hand. Melody is yet another MP3 player with the same functionality as Winamp yet a different interface to distinguish itself from the millions of other similar programs on the web. I found the program un-intuitive to say the least, yet I note that the programmer is Russian so if you do use this program send the author his $10. You see, we all need to SUPPORT the small guys and crack against the large commercial swines who rake in telephone number profits every day, that is why as an addition to this tutorial I'll show you how to crack Microsoft's Money 99 from the same enslavement CD.
Melody itself should be an ideal tutorial for those of you looking to get i) some real 'zen' deadlisting feeling and ii) some easy key generating practice. Locate the registration option from the About menu, its a Name/Registration Code affair. Inside W32Dasm locate the "Invalid code" StringRef and trace upwards the code deciding whether or not we reach that reference. Just feel this :-
:00447449 MOV EAX, DWORD PTR [EBP-08] <-- User Name.
:0044744C CALL length_check_routine
:00447451 TEST EAX, EAX <-- Length in EAX.
:00447453 JLE user_didn't_enter_a_name
:00447455 MOV EDX, 1 <-- Control the name pointer.
:0044745A MOV ECX, DWORD PTR [EBP-08] <-- Point ECX at User Name.
:0044745D MOVZX ECX, BYTE PTR [ECX+EDX-01] <-- Extend zeroes for each letter.
:00447462 ADD ESI, ECX <-- Store it (assume therefore ESI starts at 0).
:00447464 INC EDX
:00447465 DEC EAX <-- Control the loop.
:00447466 JNZ 0044745A <-- Loop.
:00447473 MOV EDX, EAX <-- EAX (assume holds the ESI loop value).
:00447475 SHL, 7 <-- Multiply by 128 dec.
:00447478 ADD EAX, EDX <-- Add name loop again.
:0044747A MOV ESI, EAX <-- Store it in ESI.
:0044747C CMP ESI, DWORD PTR [EBP-04] <-- [EBP-04] is what we entered.
:0044747F JNZ jump_bad_code
No SoftICE firing, just a little feeling of the code, I quickly summed up the
decimal values of CrackZ (23Eh or 574 dec), multiplied that by 128 dec (the
effect of the shift-left) and got 73472, then I added the user name again to get
73472 + 574 = 74046 and "thanks for registering". All that we need really to know
now for our key generator is whether or not the program strips away space
characters for longer names (which it doesn't).
#include <stdio.h>
#include <string.h>
int main(void)
{
char Name[30];
int i, NameLength;
int RegSum = 0;
printf("Melody v1.51 Key Generator by CrackZ.\n");
printf("Enter your name (max 30 chars): ");
gets(Name);
NameLength = strlen(Name);
for (int i = 0; i < NameLength; i++) {
RegSum = RegSum + Name[i];
} // i
printf("\n Your registration code is: ");
printf("%d", (RegSum * 128) + RegSum;
return 0;
}
There you have it, a full C key generator in under 5 minutes and using only a
deadlisting approach, needless to say I don't think you'll reverse many schemes
this way but its good practice nevertheless. Purely for aesthetic purposes
I've also added the ASM key generator should you like
to glance at it.
Return to Main Index,
Key Generators.