Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Burningmace's KeyGenMe v2.5

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Wed Mar 24, 2010 5:49 pm    Post subject: Burningmace's KeyGenMe v2.5 Reply with quote
I've got a lot better at C and ASM now, so I figured I'd let you guys have a go at keygen'ing my newer code. I've gone pretty much all out on this one: obfuscated jumps/calls, obfuscated math, chained procedures, anti-debug mechanisms, string packing, the lot. Written in Notepad++, compiled with Microsoft's cl.

Challenge:
Download binary and find at least two valid keys by reversing. Producing a working keygen / posting the verification algorithm is a bonus. No bruteforcing! Keys are 7 digit numbers.

Link: http://www.sendspace.com/file/e82sti
Mirror: http://www.megaupload.com/?d=BDVQMBKG
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.


Last edited by Polynomial on Mon Apr 05, 2010 9:00 pm; edited 1 time in total
Back to top
View user's profile Send private message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Mon Apr 05, 2010 8:57 pm    Post subject: Reply with quote
Nobody cracked it yet?
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Mon Apr 26, 2010 8:37 pm    Post subject: Reply with quote
Still nobody!? I can't be *THAT* good at coding this kinda stuff. Confused Shocked
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
ColdDoT
Grandmaster Cheater
Reputation: 0

Joined: 18 May 2006
Posts: 703
Location: The netherlands
PostPosted: Fri Jul 23, 2010 7:40 am    Post subject: Reply with quote
few seconds of looking, i'm busy with a summercamp.

Code:

004012A0  /$ 55             PUSH EBP
004012A1  |. 8BEC           MOV EBP,ESP
004012A3  |. 83EC 08        SUB ESP,8
004012A6  |. 53             PUSH EBX
004012A7  |. FF15 04B04000  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
004012AD  |. 8945 FC        MOV [LOCAL.1],EAX
004012B0  |. C745 F8 C7C7C7>MOV [LOCAL.2],C7C7C7C7
004012B7  |. 50             PUSH EAX
004012B8  |. 53             PUSH EBX
004012B9  |. 51             PUSH ECX
004012BA  |. 83E0 00        AND EAX,0
004012BD  |. 83E3 00        AND EBX,0
004012C0  |. 83E1 00        AND ECX,0
004012C3  |. EB 3F          JMP SHORT macekey.00401304
004012C5  |> 48             /DEC EAX
004012C6  |> 83F8 05        |/CMP EAX,5
004012C9  |. 75 03          ||JNZ SHORT macekey.004012CE
004012CB  |. 83E8 02        ||SUB EAX,2
004012CE  |> 8BC8           ||MOV ECX,EAX
004012D0  |. 40             ||INC EAX
004012D1  |. F7E1           ||MUL ECX
004012D3  |. 81F9 C23F0000  ||CMP ECX,3FC2
004012D9  |.^7C EB          |\JL SHORT macekey.004012C6
004012DB  |. 49             |DEC ECX
004012DC  |. 8B1D 60E24000  |MOV EBX,DWORD PTR DS:[40E260]
004012E2  |. 43             |INC EBX
004012E3  |. C1FB 03        |SAR EBX,3
004012E6  |. 2BD9           |SUB EBX,ECX
004012E8  |. 8B0D 94D14000  |MOV ECX,DWORD PTR DS:[40D194]
004012EE  |. 81E1 FF030000  |AND ECX,3FF
004012F4  |. 2BD9           |SUB EBX,ECX
004012F6  |. 81F3 3B70A71C  |XOR EBX,1CA7703B
004012FC  |. 4B             |DEC EBX
004012FD  |. 53             |PUSH EBX
004012FE  |. E8 6DFEFFFF    |CALL macekey.00401170
00401303  |. 5B             |POP EBX
00401304  |> 83F9 00         CMP ECX,0
00401307  |. 75 05          |JNZ SHORT macekey.0040130E
00401309  |. 83F0 06        |XOR EAX,6
0040130C  |.^EB B7          \JMP SHORT macekey.004012C5
0040130E  |> 83E0 00        AND EAX,0
00401311  |. 83E3 00        AND EBX,0
00401314  |. 83E1 00        AND ECX,0
00401317  |. 59             POP ECX
00401318  |. 5B             POP EBX
00401319  |. 58             POP EAX
0040131A  |. FF15 04B04000  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
00401320  |. 8945 F8        MOV [LOCAL.2],EAX
00401323  |. 8B45 F8        MOV EAX,[LOCAL.2]
00401326  |. 2B45 FC        SUB EAX,[LOCAL.1]
00401329  |. 83F8 32        CMP EAX,32
0040132C  |. 7E 05          JLE SHORT macekey.00401333
0040132E  |. E8 EDFDFFFF    CALL macekey.00401120
00401333  |> 5B             POP EBX
00401334  |. 8BE5           MOV ESP,EBP
00401336  |. 5D             POP EBP
00401337  \. C3             RETN


//Edit
epic
Code:

00401658  |> 833D 90D14000 >CMP DWORD PTR DS:[40D190],1


:p Well its not to harsh but you can not selfkeygen it thats a + Wink well back to work for me, sorry that i dont have time to fix it.

+ColdDoT
_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites