Title : HTML Dir v2.0x With C Source
Author : Kwai_Lo
Date Written : 1-29-99
Leval : Begginers/Intermediate
Url : www.tlonstruct.com
Tools needed : - SoftICE 2.0 And Above
- A C Compiler
- A Brian
*****************************************************************************
HTML Dir Keygen Tut By Kwai_Lo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ello Again,This Is My Second Tut.Hope You Will Like It.So Shall We Start,
I Picked This App Cos I Find That The Algo Is Easy,But Hard To Code :).
Ok Now Start The App.Go To The Settings Menu And Click Register .I Use
Kwai_Lo For Name And 987654321 For Serial.Now Set A Bpx On Hmemcpy,F5 Out
And Press Ok.U Will Be In S-ice By Now.F12 7 Times And F10 22 Times.U
R Now In The Program Code.Keep Tracing (F10) Untill U Reach Some Where Here.
:00443007 8B55F8 mov edx, dword ptr [ebp-08] <-- Moves Name
Into Edx
* Possible StringData Ref from Code Obj ->"Tlon32"
|
:0044300A B840324400 mov eax, 00443240 <-- Moves A Magic Buffer
:0044300F E81853FFFF call 0043832C Into Eax (MB==Tlon32)
:00443014 8B45F0 mov eax, dword ptr [ebp-10]
:00443017 8B55F4 mov edx, dword ptr [ebp-0C]
:0044301A E8690DFCFF call 00403D88
:0044301F 0F857C010000 jne 004431A1
Once We Reach Here We Step Into Call 0043832C (F8).Keep On Tracing Untill U
Reach Here.
:004383BB 0FB64402FF movzx eax, byte ptr [edx+eax-01] <-- Moves 1st Char Of Name
:004383C0 0345E8 add eax, dword ptr [ebp-18] <-- Adds A Value To It, 0x19 At Start
:004383C3 7105 jno 004383CA
:004383C5 E8A6AAFCFF call 00402E70
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004383C3(C)
|
:004383CA B9FF000000 mov ecx, 000000FF
:004383CF 99 cdq
:004383D0 F7F9 idiv ecx <-- Divides Eax With 0xff,Remainder Will Be In Edx
:004383D2 8955E0 mov dword ptr [ebp-20], edx <-- Saves The Divided Value
:004383D5 8B45EC mov eax, dword ptr [ebp-14]
:004383D8 3B45F0 cmp eax, dword ptr [ebp-10] <-- Compares To See If We Reached The End Of The Magic Buffer
:004383DB 7D0D jge 004383EA <-- If So The Jump To Reset It
:004383DD 8345EC01 add dword ptr [ebp-14], 00000001 <-- Else Add 1
:004383E1 7105 jno 004383E8
:004383E3 E888AAFCFF call 00402E70 <-- Dont Think It Is Important
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004383E1(C)
|
:004383E8 EB07 jmp 004383F1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004383DB(C)
|
:004383EA C745EC01000000 mov [ebp-14], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004383E8(U)
|
:004383F1 8B45EC mov eax, dword ptr [ebp-14]
:004383F4 8B55FC mov edx, dword ptr [ebp-04]
:004383F7 0FB64402FF movzx eax, byte ptr [edx+eax-01] <-- Moves 1st Char Of Hard Coded Value That Is
"Tlon32"
:004383FC 3145E0 xor dword ptr [ebp-20], eax <-- Xor's The Saved Value With 1st Char Of Hard Coded Value
:004383FF 8D45CC lea eax, dword ptr [ebp-34] This Is Now The 1st Digit Of The Serial Number,
:00438402 50 push eax
:00438403 8B45E0 mov eax, dword ptr [ebp-20]
:00438406 8945D0 mov dword ptr [ebp-30], eax
:00438409 C645D400 mov [ebp-2C], 00
:0043840D 8D55D0 lea edx, dword ptr [ebp-30]
:00438410 33C9 xor ecx, ecx
:00438412 B880844300 mov eax, 00438480
:00438417 E890F6FCFF call 00407AAC <-- Store Code
:0043841C 8B55CC mov edx, dword ptr [ebp-34]
:0043841F 8D45DC lea eax, dword ptr [ebp-24]
:00438422 E859B8FCFF call 00403C80
:00438427 8B45E0 mov eax, dword ptr [ebp-20]
:0043842A 8945E8 mov dword ptr [ebp-18], eax <-- Replaces 0x19 With The Xored Value
:0043842D FF45E4 inc [ebp-1C]
:00438430 FF4DD8 dec [ebp-28] <-- Dec Name Length
:00438433 7580 jne 004383B5 <-- Loop
And There We Have It.A Simple Algo.Lets Recap What Has Happened Here
1.Moves 1st Char Of Name
2.Addes A Value to 1st Char Of Name Call This qbx (Starts With 0x19)
3.Divides It With 0xFF And Saves The Remainder
4.Checks To See If We Have Reached The End Of The Hard Coded Value,If So Reset It
5.Moves 1st Char Of Hard Coded Value
6.Xor's It With The Remainder That We Divided Just Now
7.Moves The Xored Value In To qbx
8.Stores The Code
9.Loop Untill Finish
10.Sicks A 19 In Front Of The Code
Well Simple Eh ?? Below Is My Source For The Keygenerator In C :)
/* The C Source Code.Compile With Borland C v5+ */
#include
#include
#include
int main()
{
int nlen,i;
unsigned int qax,qbx={0},qcx,qdx={0},qsi={0}; /*<-- I Used The Registers To,Easier To Identify*/
unsigned char name[500]={0},code[100]={0};
unsigned char hrdcod[7]="Tlon32"; /*<-- Hard Coded Value*/
for(;;){
clrscr();
printf("KEY GENERATOR FOR HTML DIR v2.01");
printf("\nCODED BY KWAI_LO [TNO'98]\n");
printf("\nPLEASE ENTER A REGISTRATION NAME : ");
gets(name);
nlen=strlen(name);
if(nlen<1)
return 0;
else if(nlen>50)
return 0;
else break;
}
qbx=0x19; /*<-- Set The Value To Be Added */
for(i=0;i=0x06){ /*<-- Checks To See If We Have Reached The Max Of The Magic Byffer */
qsi^=qsi;
}
qsi++;
qax=hrdcod[qsi-0x01]; /*<-- Moves 1st Char Of Maggic Buffer */
qbx^=qax; /*<-- Xores The Magic Buffer With The Remainder And Saves It*/
code[i]=qbx; /*<-- Stores Code */
}
printf("YOUR REGISTRATION CODE IS : 19");
for(i=0;i