wolverine2k's OldSoft's KeyGenMe #2 -- Upgraded from DOS by wolverine2k

Author:
wolverine2k

Language:
C/C++

Upload:
2019-03-29 13:07

Download

Platform:
Windows

Difficulty:
1.9

Quality:
3.8

Arch:
x86-64

Downloads:
25

Size:
344.05 KB

Writeups:
1

Comments:
25

Description

Upgraded an old pascal based OldSoft's KeyGenMe #2 to work in modern Windows without needing the DOS emulator. Generate a KeyGen. No patching, please.

Comments (25)
Writeups (1)

You must be logged in to post a comment

rebellion on 2019-04-08 13:43: [Click to reveal]

Fsociety10 on 2019-04-14 12:39: @rebellion how did you find it

DrSpawn on 2019-04-16 11:03: Change 0000000000402D31 lea rcx,qword ptr ds:[4040A2] to 0000000000402D31 lea rcx,qword ptr ds:[65FDC0]

c0b01d on 2019-04-16 13:13: OldSoft's KeyGenMe #2 -- Upgraded from DOS by wolverine2k Enter your name: c0b01d Enter a serial number: 15-481 Good Job. You have cracked OldSoft's KeyGenMe #2 Press any key to continue . . . And here is a keyGen I made: https://pastebin.com/6DTAw92U

Flyour on 2019-04-28 14:55: OldSoft's KeyGenMe #2 -- Upgraded from DOS by wolverine2k Enter your name: abc Enter a serial number: 6-309 Good Job. You have cracked OldSoft's KeyGenMe #2

u_u on 2019-04-29 00:15: @c0b01d's solution is near perfect. The first part of the serial in his keygen isn't correct. The corrected keygen is here: https://pastebin.com/6DTAw92U I would've loved to have written a writeup for it, but I wasn't smart enough to make it past the first part of the keygen.

u_u on 2019-04-29 00:16: pasted the wrong link, here it is: https://pastebin.com/bhnFwP7F

th3_5had0w on 2019-05-03 17:11: i put a breakpoint at: jz short loc_402D55 and edit the zero flag to 1 Is this count as a solution?

cubi on 2019-05-10 14:34: Keygen: def serial (username): L = len(username) prefix = 3 * (L 1) + L checksum = (L * (L + 7)) // 2 + sum(map(ord, username)) # ^^^^^^^^^^^^^^^^^^ doesn't need to be calculated in sum return f"{prefix}-{checksum}"

cubi on 2019-05-10 14:41: Note to self: crackmes.one ignores formatting in comments... Formatted code can be found here: https://pastebin.com/igMU6qmC

coyote_0x90 on 2019-05-20 20:04: OldSoft's KeyGenMe #2 -- Upgraded from DOS by wolverine2k Enter your name: coyote_0x90 Enter a serial number: 26-1126 Good Job. You have cracked OldSoft's KeyGenMe #2 Press any key to continue . . . C++ keygen https://pastebin.com/2A3uWbfM

Farseer on 2019-06-04 05:22: I just Got the Function From Ida Pro and I change last Line Code from return sprintf(v1, "%d-%d", 3 * (unsigned int)(v2 1) + (unsigned int)v2, v4); to std::cout 1) + (unsigned int)v2

Farseer on 2019-06-04 05:26: Code : https://pastebin.com/xQuFEdTh Image : https://imgur.com/a/ofHaX9t I don't know why my comments not full save in post

markoto on 2019-06-21 08:19: This is a nice easy keygen crackme.

juansacco on 2019-09-04 08:57: [Click to reveal]

Parad0x13 on 2019-09-05 03:07: U: pikachu P: 16-790 First thing I noticed was that "\nGood Job. You have cracked OldSoft's" xrefd in 0x402cc0 The function 0x401560 generates the serial In that function we see that the format of the serial is %d-%d The function iterates through each letter in the user input However I wasn't really able to follow the logic well even though it's pretty simple

Alluseri on 2020-02-09 18:49: [Click to reveal]

ahron008 on 2020-03-15 11:36: nice! all you need is jmp

maxicek on 2020-08-01 13:07: there wasnt any trashcode, so i could just copy the generate serial function and use it by myself. anyways, the keygen source: https://pastebin.com/ca955HNU

NCP on 2020-10-16 16:45: Awesome challenge for beginners. I struggled a lot understanding that the sum of two registers between square brackets doesn't have anything to do with pointers main: Read char* name Read char* serial Generate serial from name (generateSerial) Compare generated serial with serial generateSerial: Serial is formatted "%d-%d" (decimal-decimal) First parameter is the sum between the name length and the name length, bit shifted right by 1 and then multiplied by 3 (length+(length1)*3) Second parameter is the sum of all the characters after adding 4 and their index (string[index]+index+4) name: NCP serial number: 6-240

Ftor7 on 2022-03-21 14:38: This is very hard for me, I can't solve that. I go to study.

Ftor7 on 2022-03-25 12:54: It was interesting! Thanks!

everr on 2022-09-19 08:52: [Click to reveal]

ringolol on 2024-09-19 22:37: it's a good problem to try x64dbg, the correct serial will be stored in one of the registers

acarrot on 2025-02-01 14:53: Is it a valid solution if i move the correct key from rbx to rcx and just print it on the terminal?

Show all spoilers

You must be logged in to submit a writeup

Solution by MaxP on 2021-02-21 19:01:
My first 64 bit binary. 't was fun! :-) Solution contains a description, a KeyGen and, for the fun of it, a SelfKeyGen.

Download