In my 19th
and 20th tutorial I tried to teach you how to crack Visual Basic
programs by using SmartCheck and SoftICE - now I'll teach you how to make a keygen. This
keygen is really simple and you will understand the code COMPLETLY (hope I've commented it
good enough). Now to the keygen: The most important thing if you want to produce a keygen
is to understand the code COMPLETLY. I took a really easy example program so that you can
'get it'. Maybe if I write a keygen tutorial again (if you're interested, drop me a mail)
I'll choose a not so easy program. Now let's start our Cracking Session.
First we need to enter the basic stuff in the input fields. I used "Keygen
Tutorial" as Name and "12345" as Registration Code. Then I enterd SoftICE
and set a BPX to HMEMCPY, left SoftICE and pressed the "OK"-Button. SoftICE
poped up. Since there were 2 input fields we can skip the first one - SoftICE will pop up
again. So as SoftICE pops up again, delete that HMEMCPY breakpoint and press F12 until
you're back in the "ABRA"-Code. Now just trace a little bit through the code
till you reach the following code snippet:
:004647E3
CALL 00403BB4
:004647E8 TEST EAX,EAX
:004647EA JLE 004647FF
:004647EC MOV EDX,00000001
; start with 1st char
:004647F1 MOV ECX,[EBP-08]
:004647F4
MOVZX ECX,BYTE PTR [EDX+ECX-01] ; mov 'code'
of xth char in ECX
:004647F9 ADD ESI,ECX
; add it to sum
:004647FB INC EDX
; prepare next char
:004647FC DEC EAX
; decrease number of chars 'left'
:004647FD JNZ 004648F1
; last char not reached? |
The above code is self
explained I think. But if not: it just adds the value of each character together. So for
"Keygen Tutorial" this in hex 4B+65+79+67+65+6E+20+54+75+74+6F+72+69+61+6C,
which is 5D7 h. Since we know this we can go on with the tracing:
:0046480A IMUL EAX,EAX,000003E7
; SUM * 3E7
:00464810 MOV ESI,EAX
:00464812 CMP ESI,[EBP-04]
; compare
:00464815 JNZ 00464916
; JMP if bad cracker
:0046481B MOV DL,01
; 'good code flag' |
I hope you understand what I
mean with my comments. So Abracadabra generates it's right serial # by doing the
following:
1) adding all values of the chars together (no chars are ignored)
2) it multiplies them with 3E7 h
Now code your keygen in your favourite programming language - like C++. BTW, you're
registration details are stored at
"HKEY_CURRENT_USER/Software/Akatoma/Abracadabra".
// This is the C++ Source Code of my KeyGEN. I hope
you like it.
// I've compiled it using Symantec C/C++ 6.11
#include <stdio.h>
int main()
{
unsigned long regcode, i;
char name[1000] = {0};
printf(" ____ __ __\n");
printf(" / _/_ _ __ _ ___ ____/ /____ _/ /\n");
printf(" _/ // ' \\/ ' \\/ _ \\/ __/ __/ _ `/ /\n");
printf("/___/_/_/_/_/_/_/\\___/_/ \\__/\\_,_/_/\n");
printf(" ____ __ __\n");
printf(" / __ \\___ ___ _______ ___ ___/ /__ ____ / /____\n");
printf(" / /_/ / -_|_-</ __/ -_) _ \\/ _ / _ `/ _ \\/ __(_-<\n");
printf("/_____/\\__/___/\\__/\\__/_//_/\\_,_/\\_,_/_//_/\\__/___/\n\n");
for (;;){
printf("\nAbracadabra 1.2.3 KeyGEN - d0NE bY TORN@DO in '99\n");
printf("=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n");
printf("Name:
");
gets(name);
if (strlen(name)<1) return 0;
else break;
}
regcode=0;
// add values together
for (i=1; i<=(strlen(name)); i++) regcode=regcode + name[i-1];
// multiply regcode with 3E7
regcode = regcode * 0x3E7;
printf("Registration Code: %lu\n", regcode);
return 0;
} |
Another target has been Reverse Engineerd. Any
questions (no crack requests)?
|