KeyGen Studio 2002

home *** CD-ROM | disk | FTP | other *** search

/ KeyGen Studio 2002 / KeyGen_Studio_2002.iso / Tutorials / CrackMesCbjNet / nh-k4n3.ZIP / nh-k4n3.txt next >

Wrap

Text File | 2001-04-23 | 7.3 KB | 194 lines

K4N Crackme #3 keygen by nh E-Mail: nh666@mail.ru crackme is easy. this is commented listing from ida: .text:004011F5 imul eax, 3 .text:004011F8 shl eax, 2 .text:004011FB add eax, 0CDh .text:00401200 mov [ebp+number], eax ; ((1a5h-0cdh) shr 2) div 3=12h =) .text:00401203 cmp [ebp+number], 1A5h .text:0040120A jnz BadKey .text:00401210 xor eax, eax .text:00401212 mov al, [ebp+key] .text:00401215 test al, al .text:00401217 jz short loc_0_40122C .text:00401219 lea ecx, [ebp+key] .text:0040121C .text:0040121C cycle1: ; CODE XREF: Check+CAj .text:0040121C cmp al, 30h .text:0040121E jb loc_0_4012EA .text:00401224 mov al, [ecx+1] .text:00401227 inc ecx .text:00401228 test al, al .text:0040122A jnz short cycle1 .text:0040122C .text:0040122C loc_0_40122C: ; CODE XREF: Check+B7j .text:0040122C call null_regs .text:00401231 lea eax, [ebp+name] .text:00401237 push eax .text:00401238 call get_number .text:0040123D mov [ebp+number], eax .text:00401240 call null_regs .text:00401245 lea ecx, [ebp+name] .text:0040124B push esi .text:0040124C push ecx .text:0040124D call clear_whore .text:00401252 add esp, 0Ch .text:00401255 xor ecx, ecx .text:00401257 .text:00401257 cycle2: ; CODE XREF: Check+124j .text:00401257 mov eax, [ebp+number] .text:0040125A xor edx, edx .text:0040125C mov esi, 1Ah .text:00401261 div esi .text:00401263 mov dl, [ebp+edx+alphabet] .text:0040126A mov [ebp+ecx+generated], dl .text:0040126E mov eax, [ebp+number] .text:00401271 shl eax, 3 .text:00401274 mov edx, 12345h .text:00401279 imul eax .text:0040127B add eax, edx .text:0040127D mov [ebp+number], eax .text:00401280 inc ecx .text:00401281 cmp ecx, 12h .text:00401284 jb short cycle2 .text:00401286 call null_regs .text:0040128B xor eax, eax .text:0040128D .text:0040128D cycle3: ; CODE XREF: Check+142j .text:0040128D mov cl, [ebp+eax+key] .text:00401291 mov dl, [ebp+eax+generated] .text:00401295 sub cl, 30h .text:00401298 xor dl, cl .text:0040129A mov [ebp+eax+generated], dl .text:0040129E inc eax .text:0040129F cmp eax, 12h .text:004012A2 jb short cycle3 .text:004012A4 call null_regs .text:004012A9 lea edx, [ebp+generated] .text:004012AC push edx .text:004012AD call xoring .text:004012B2 call null_regs .text:004012B7 lea eax, [ebp+generated] .text:004012BA push offset aKeygenning4new .text:004012BF push eax .text:004012C0 call sub_0_401130 .text:004012C5 add esp, 0Ch .text:004012C8 test eax, eax .text:004012CA jnz short GoodKey .text:004012CC .text:004012CC BadKey: ; CODE XREF: Check+AAj .text:004012CC mov ecx, [ebp+arg_0] .text:004012CF push 10h .text:004012D1 push offset aError .text:004012D6 push offset aBadSerialO .text:004012DB push ecx .text:004012DC call ds:MessageBoxA .text:00401080 .text:00401080 ; ███████████████████████████████████████████████████████████████████████████ .text:00401080 .text:00401080 ; S u b r o u t i n e .text:00401080 ; Attributes: bp-based frame .text:00401080 .text:00401080 get_number proc near ; CODE XREF: Check+D8p .text:00401080 .text:00401080 var_4 = dword ptr -4 .text:00401080 arg_0 = dword ptr 8 .text:00401080 .text:00401080 push ebp .text:00401081 mov ebp, esp .text:00401083 push ecx .text:00401084 push ebx .text:00401085 push esi .text:00401086 push edi .text:00401087 push offset aEheh .text:0040108C push 0 .text:0040108E call getdword .text:00401093 add esp, 8 .text:00401096 mov ebx, eax .text:00401098 call null_regs .text:0040109D mov edi, offset aIsAWhore_ ; %))))))))))) .text:004010A2 or ecx, 0FFFFFFFFh .text:004010A5 xor eax, eax .text:004010A7 repne scasb .text:004010A9 not ecx .text:004010AB sub edi, ecx .text:004010AD mov esi, edi .text:004010AF mov edi, [ebp+arg_0] .text:004010B2 mov edx, ecx .text:004010B4 or ecx, 0FFFFFFFFh .text:004010B7 repne scasb .text:004010B9 mov ecx, edx .text:004010BB dec edi .text:004010BC shr ecx, 2 .text:004010BF repe movsd .text:004010C1 mov ecx, edx .text:004010C3 and ecx, 3 .text:004010C6 repe movsb .text:004010C8 xor edi, edi .text:004010CA xor esi, esi .text:004010CC .text:004010CC loc_0_4010CC: ; CODE XREF: get_number+76j .text:004010CC mov eax, [ebp+arg_0] .text:004010CF push eax .text:004010D0 push esi .text:004010D1 call getdword .text:004010D6 mov ecx, arr[esi] .text:004010DC add esp, 8 .text:004010DF xor ecx, edi .text:004010E1 add eax, ecx .text:004010E3 mov [ebp+var_4], eax .text:004010E6 rol [ebp+var_4], 7 .text:004010EA mov eax, [ebp+var_4] .text:004010ED add esi, 4 .text:004010F0 xor ebx, eax .text:004010F2 inc edi .text:004010F3 cmp esi, 40h .text:004010F6 jl short loc_0_4010CC .text:004010F8 pop edi .text:004010F9 mov eax, ebx .text:004010FB pop esi .text:004010FC pop ebx .text:004010FD mov esp, ebp .text:004010FF pop ebp .text:00401100 retn .text:00401100 get_number endp .text:00401110 .text:00401110 ; ███████████████████████████████████████████████████████████████████████████ .text:00401110 .text:00401110 ; S u b r o u t i n e .text:00401110 .text:00401110 xoring proc near ; CODE XREF: Check+14Dp .text:00401110 .text:00401110 arg_0 = dword ptr 4 .text:00401110 .text:00401110 mov ecx, [esp+arg_0] .text:00401114 xor eax, eax .text:00401116 .text:00401116 loc_0_401116: ; CODE XREF: xoring+12j .text:00401116 mov dl, [eax+ecx] .text:00401119 xor dl, al .text:0040111B mov [eax+ecx], dl .text:0040111E inc eax .text:0040111F cmp eax, 12h .text:00401122 jb short loc_0_401116 .text:00401124 retn .text:00401124 xoring endp .text:00401124 .text:00401124 ; ─────────────────────────────────────────────────────────────────────────── keygen was written in Visual C++. that's all /nh