PivnoyJulik on 2026-06-28 01:11:
[Click to reveal]Cracked using cutter.
There's no license server(checked with Wireshark).
Strings like INVALID LICENSE KEY have 0 XREFs (nice try hiding them), but I managed to find the main validation function by tracking the XREFs of the decoration strings.
I also noticed the key generator uses a 34-character alphabet (excluding I and O).
I patched the length check detour to a forced jump, and bypassed the final error judgment (test ebx, ebx / jne) with NOPs to accept any input.
â â
â AUTHENTICATION PORTAL â
â â
â â
£
â â
â This software is bound to your hardware. â
â Each machine has a unique license key. â
â â
â Your HWID: 4353D77870A94175 â
â â
â Enter your license key below. â
â Format: XXXX-XXXX-XXXX-XXXX â
â â
â
[>] License Key : 1
[*] Contacting license server.....
[*] Validating HWID binding...
[*] Verifying license key...
ââ
â â
â âââââââââââ âââ âââââââ â
ââââââââââââââââââââââ â
â ââââââ ââââââââââââââââ
â âââââââââââ ââââââ âââ
ââââââ ââââââââ â
â ââââââ ââââââ âââ
ââââââ â
â ââââââââââââââââââââ
âââââââââââââââââââââââââ
â
â â
â â
â License validated. HWID binding confirmed. â
â â
â You have defeated OBSIDIAN. â
â You are a true reverse engineer. â
â â
(Used wine to run executable)
anthrax3 on 2026-06-29 12:50:
---
OBSIDIAN Security System v3.7.1 — Solved ✅
Key (this HWID): P87V-FAPR-0GMQ-7ES2 — and a full keygen below.
TL;DR
The "anti-debug fortress" is a distraction. The license check is a deterministic HWID-seeded PRNG, fully reconstructable offline — so I never ran it under a debugger and the entire anti-debug layer was irrelevant.
1. Recon
Strings are plaintext (no packing/VM). Key charset 0123456789ABCDEFGHJKLMNPQRSTUVWXYZ (Crockford-ish) xref'd into the main routine FUN_1400d1480, which decompiles cleanly. After the anti-debug theater it reads the license key and compares it to a locally generated one (byte-wise XOR accumulate + length check).
2. The seed (FUN_140001ce0) = HWID
serial = GetVolumeInformationA("C:\") // volume serial
fnv = FNV-1a-64 over GetComputerNameA() // computer name
cpu = cpuid(0).ebx ^ ecx ^ edx // vendor id
ram = GlobalMemoryStatusEx().ullTotalPhys
mix = (ram>>30)*0x9E3779B97F4A7C15
^ ((serial<<32)|((serial*0x45D9F3B)&0xFFFFFFFF))
^ (fnv<<16)
^ ((cpu<<8)|(cpu>>24))
seed = fmix64(mix) // murmur3 finalizer: *0xFF51AFD7ED558CCD, *0xC4CEB9FE1A85EC53
3. The keygen PRNG
M=(1<<64)-1
charset="0123456789ABCDEFGHJKLMNPQRSTUVWXYZ" # 34 chars
st=seed; out=[]; idx=0
for g in range(4):
for _ in range(4):
st=(((st>>13)^st)*0x5DEECE66D + 0xB)&M
out.append(charset[st%34])
st=((((st>>5)^seed)+idx)*0x27BB2EE687B0B0FD)&M
idx+=1
if g<3: out.append('-')
key=''.join(out) # XXXX-XXXX-XXXX-XXXX
4. Recovering the key
Read the four HWID components with the same Win32 APIs via ctypes (GetVolumeInformationA, GetComputerNameA, a tiny cpuid stub, GlobalMemoryStatusEx), reproduce the seed, run the PRNG → key. Type it into a normal run → "You have defeated OBSIDIAN."
Notes
- Anti-debug (IsDebuggerPresent / NtGlobalFlag / hw bp / RDTSC / process scan / patch detection) never matters — the algorithm is recovered statically and the key computed offline.
- It's a genuine keygen: feed any machine's (serial, computer name, cpuid vendor, total RAM) → its valid key.
---