dimkasi2 on 2026-03-29 17:59:
Hi! I’m pretty new to reverse engineering, so I tried to solve this in the simplest way possible.
First, I opened the program in x64dbg and searched for strings. I found the text "Enter Your Verification Code" and followed its reference to the place in code where the input happens.
Then I looked a bit below and noticed a typical pattern: there was a comparison (cmp) followed by a jump (jne). From what I’ve learned, this usually means a check is happening.
I set a breakpoint right before that comparison and ran the program. When it asked for a code, I just entered something random. The debugger stopped at my breakpoint, and then I checked the registers.
I saw that one register (ECX) pointed to some memory. I followed it in dump and found a readable string — that turned out to be the correct verification code.
After that I just copied the string and entered it into the program, and it worked.
Later I noticed the program uses MachineGuid from the registry and does some transformations, but I didn’t fully reverse that part. Instead, I focused on the comparison and grabbed the result directly from memory.
This approach felt much easier for me as a beginner.
casam on 2026-03-30 09:36:
You can find the key in the debugger, but if you want to take a more complex approach, you should perform static analysis.
genass3 on 2026-03-31 23:57:
[Click to reveal]stage 1. takes machineguid from registry
stage 2. deletes all letters from it
stage 3. (stage2 % 5)
stage 4. multiplying by two from right to left with stage3, with the transfer of one to the next digit when necessary
stage 5. '0' -> x, digits from 1 - 9 converting to letters (password[i] = 'a' + (digit - 1);)
Enter Your Verification Code: bhhdbfbdebifihchdfchfeacxafadehx
Good Job Bro!
@mike on 2026-04-13 16:40:
[Click to reveal]MachineGuid: b4fda2c6-0931-4672-8da0-ba7cf6c9f309
Key: ihefdiddcgbehfiacfdxhfidfeehebb