My keygen
Sunday, 02-May-1999 13:49:18
Greetings,
After I found out how the program checked the entered code,I searched for a way to reverse it and to get the security code.I have written this keygen pretty fast,but it didn't gave any code.I almost gave up,but after reading Joseph's post about the anti-SICE code,all became clear (great work Joseph).I changed a character in the sourcecode and it worked.
2 codes are displayed as being valid: CAPSULE1 and A[PSULE1,but since [ is not a valid character,CAPSULE1 is the only good one.
#include #include #include
char hardcoded[]={0xD0,0x6f,0xbf,0xcc,0xc7,0x31,0xb3, 0xc1,0xea,0x99,0xD7,0x72,0xc2,0xaf, 0xde,0xa0,0x4d,0xa6,0xb0,0xea,0x90, 0xa0,0x47,0x96,0x98,0x72,0xd3,0x51, 0xb2,0x41,0x60,0xe6,0x7f,0xa4,0xca, 0x5f,0xa0,0xc1,0xb3,0x73,0x9e,0x71, 0x49,0xcd,0xc3,0xce,0xb0,0x77,0xb0, 0xf3};//hardcoded in the program char ca[60]; char rez[60]; char code[60]; char code2[60];//used by the check routine int lcode; int ve; int nesting=0;//for debugging only
#define ISCH(x) (((x)>=' ')&&((x)<='~')) //Is character?
int check(char *newcode) //check routine { int r; lcode=strlen(ca); strcpy(code2,ca); for (int i=0;i<(50-lcode);i++) { r=(code2[i]*code2[i+1]) % '4';//if SICE: % '&'; if (r<=25) code2[lcode+i]='A'+r; else code2[lcode+i]='F'+r; } int sum=1; for (i=0;i<50;sum+=code2[i++]); sum=sum % '1'; int s2=0; for (i=0;i<=sum;s2+=code2[i++]); unsigned char aux=s2 & 0xff; unsigned char v=aux ^ code2[sum],v1; for (i=0;i<48;i++) // main loop { v+=code2[i+1]+1; v1=v; v+=code2[i+2]; newcode[i]=v1^v; } v+=code2[49]; v1=v; v+=code2[2]; newcode[48]=v1^v; v+=code2[2]; v1=v; v+=code2[3]; newcode[49]=v1^v; for (i=0;i<50;i++) if (newcode[i]!=hardcoded[i]) return 0; return -1; }
void go3(char v,int poz)//reverses the main loop { if (poz<0) { for (int i=0;i<50;i++) ca[i]=code[i]; for (i=' ';i<'~'+1;i++) for (int j=' ';j<'~'+1;j++) { ca[0]=i; ca[1]=j; code[0]=i; code[1]=j; for (int k=2;k<14;k++) { ca[k]=0; if (check(rez)) { printf("%s\n",ca); } ca[k]=code[k]; }
} return; } for (int c=0;c<256;c++) { char c1=v-(char)c,c2=v-2*(char)c; if (((c1^c2)==hardcoded[poz])&&ISCH(c)) { nesting++; code[poz+2]=c; go3(v-2*(char)c-1,poz-1); nesting--; } } }
void go2(char v) { for (int c=0;c<256;c++) { char c1=v-(char)c,c2=v-2*(char)c; if (((c1^c2)==hardcoded[48])&&ISCH(c)) { code[2]=c; go3(v-2*code[2],47); } } }
void go1(char v) { code[3]=v-(hardcoded[49]^v); go2(v-code[3]); } void main() { printf("%d",check(rez)); clrscr(); gotoxy(1,2); for (ve=0;ve<256;ve++) { int x=wherex(); //----------- int y=wherey(); gotoxy(1,1); printf("%d\n",ve);//These lines are for debugging only gotoxy(x,y); code[0]=' '; code[1]=' ';//--------------- go1(ve); } }
Andy
Andy
|