I Reverse Engineered this Program and Generated Infinite CD Keys (child’s first keygenme)


Key mills are a trademark of early 2000’s computing, an epic battle between corporations attempting to safe their software program and …

Should you’re previous like me chances are you’ll bear in mind a day in gaming the place as a substitute of downloading a recreation off of steam or off of the EA Play Retailer you needed to truly go to a retailer within the bodily location and buy a recreation you bought that recreation on

A CD that you’d use to put in in your pc I do know we’re speaking historic occasions whenever you had been putting in that recreation you had been truly prompted to place a CD key into that installer now additionally round that point for those who had been in sort of the hacker cyberspaces you

Keep in mind that there have been issues known as key mills there have been packages that will generate a key for you mechanically that will allow you to play the sport with out having to pay for it the best way these labored had been individuals had truly gone into the sport and reverse engineered how the important thing algorithm labored

That validated that the important thing was appropriate they might create a program that will generate an infinite variety of keys and put them onto the web for individuals to obtain at no cost more often than not these key mills had been malware and would get you hacked and I could or could not have

Performed that one or a thousand occasions on my mother and father pc however that is inappropriate now whereas it might be unlawful for me to take a recreation and make key generator on this video for you right now fortunately there are pattern issues that emulate that very same situation we are able to reverse

Engineer that after which write a script to Output our infinite variety of keys so with out additional Ado let’s dive proper into it so the positioning that I discussed earlier than is crack means one it is a web site that has a close to infinite variety of reverse engineering challenges that you simply

Can use to sort of hone your reverse engineering expertise sort of a enjoyable little puzzle web site and with it downloaded we’ll do sort of our preliminary triage right here so what I would love to do with any program is simply run strings on it to get an thought

Of what we’re taking a look at at like a extremely excessive stage inform me sort of how massive the issue is after which additionally what features I can anticipate so we have now a pair strings right here so key gen me title and key that is seemingly going to be the

Utilization if we give it the fallacious inputs after which I am assuming our two states the nice job that means we acquired it appropriate after which the fallacious key we acquired it fallacious okay fairly straightforward um we have now places for the printing Sterling to most likely checked the size of some inputs that truly tells us

{That a} appropriate key could have a sure size that’s required to fulfill so we are able to verify that out later after which a2i that is ASCII to integer so it’ll take enter that we give this system and convert that to an integer from ascu so

That is good to know okay that is sort of a excessive stage overview of what is going on on right here so let’s dive proper into the meat and potatoes right here I’ve this system opened up in ghidra if you do not know what guidra is it is airburst engineering platform they not too long ago truly in

Guidra 10 launched the darkish mode for guidra I am unsure if I am an enormous fan of the colour scheme however it’s significantly better than the white shade scheme that was obtainable by default so let’s dive into it proper now in ghidro right here we have now

The breakdown of the elf and we then we have now the entry level for that elf the entry level leads us to you recognize the place the beginning label is after which the beginning label for lib c could have the ellipse you begin foremost perform which can all the time have the principle perform because the

First argument so we are able to click on on that we’ll Kind L on the perform title and simply rename this foremost so I need to preserve monitor of the place the principle perform is so foremost as everyone knows in C takes two arguments ARG C

And arc V and it’s already forged as a care pointer pointer that is appropriate after which so mainly it’ll search for if Arc C equals three that means we give it three arguments the command line title after which two extra arguments we do one thing in any other case it offers us a utilization

So let’s sort of return and ensure that is taking place in actual life I do key gen me okay so if I do not give it the suitable variety of arguments it tells me hey I want your title and I want your key after which so now we all know additionally the title is

Arc V1 and the hot button is arcv2 so then if the factor is appropriate we are saying that one thing equals Arc V1 so like we simply came upon that is our title so let’s name that title after which that is going to be fascinating so it is truly doing one thing sort of bizarre right here it is taking

The stir Len of arcv0 which goes to be the title of this system so that is going to be program title very odd that is truly a part of the Keygen drawback usually the title of this system isn’t even considered after which so lastly we have now a2i which is the asciative function

Of Arc V2 which is the important thing so that is going to be the important thing we are able to say key as int alright superior so then we have now UV uver1 which is the return of this perform that they are calling on the title so let’s go into this perform to see what’s taking place so

That is going to be most likely um magic Egen perform let’s simply make an assumption there and once more that is being forged onto the title argument we have now two counters right here we are saying wall true some variable is the same as the Sterling of the title if the size is lower than some quantity break in any other case

This is the same as this plus title of oh okay so what is going on on right here is it is including all of the ASCII values within the title buffer is that this wall our counter is bigger than the size of our title take the worth that began at zero so we’ll name this the let’s name this the

Checksum as a result of it sort of is sort of a checksum operation after which we have now we’ll say I proper so it is like checksum is the same as the verify sum presently plus the ASCII worth at that place after which we’ll improve by one superior so primarily all this does we are able to name this uh checksum title

We’ll simply say some title truly to maintain it easy it’ll be the sum of the title superior so we have now that we are able to return to the the principle perform that known as us and so let’s take a look at what the algorithm is doing right here now so we’ll name

This variable additionally sum as a result of that is what’s Taking place Right here so we sum the title we have now the title so this system title program title size after which we are saying the important thing as int so then we are saying if the sum of our title xord with oh no I am sorry this isn’t

The title that is the primary character of the title that is first care title okay and that is the place the essential piece occurs proper if we go this comparability if we give it this enter as the important thing then we get the nice job which implies that we handed our take a look at in

The important thing allowed us to put in the sport so we’ll discuss concerning the operation that occurs right here so first it does the sum of our title xored with the primary character within the title and let me make it possible for that is taking place first once more I do not know the order of

Operations uh in relation to xor I am unsure if if it is pemdex or pexam Des or one thing what does the order of operations right here I am fairly certain it is once more it is no matter C would achieve this we are able to truly most likely simply assume that it’ll be pink left to proper so the sum

Of our title as an integer xored with the primary character within the title occasions three okay as a result of it is known as sum proper as a result of we add that 3 times then we left shift that by the size of our program title ended with ox1f so let’s undergo all of that and ensure we

Know like let’s take a look at our speculation so what’s it once more let’s take a look at our speculation so I assume we’ll write down the algorithm to determine what is going on on with the important thing gen simply so I can do some fast mathing proper so once more it’s the

Sum of our title xored with the primary character in our title that occasions three left shifted by the size of this system title and x1f all proper so let’s maintain that proper there so I can learn that for the longer term so now we’ll do is we’re

Going to enter Python and do our fast little operation so we’ll begin with our title being simply the letter A A Single Character in order that it is quite simple to take action what we’ll do right here is we’re going to have the character a which has the ordinal worth

Of 65. so let’s examine what this evaluates to to determine what the order of operations is in Python for verse xor versus multiplication Okay cool so it is not zero as a result of 65x or 65 ought to have been zero then this occasions zero is zero in order that implies that multiplication takes priority over xor

So it is pemdasics on the finish do it final cool so then we take 130 left shifted by the title of this system title which goes to be kijen me after which we finish that with hex 1f oh order of operations I’ve to wrap this parenthesis almost certainly

There we go in order that’s that is going to be our key worth if we use the title a let’s give her a shot me I’ve the title a after which I’ve the important thing increase child however wait we’re not executed we could have solved a single occasion of the important thing

Gen me however what if I need to have a special title we’ll create a script that can arbitrarily produce a special key for each title that we supplied so let’s get into that proper now dot Pi so we’re in our code right here we’ll arrange the usual python stuff person

Ben M python3 we’ll import sys import sys to get the arc V and we’ll create our perform gen takes an argument title and we’ll say if this system runs as foremost uh we’ll print gen sys.arg V of 1 so there you go that is going to run our program on the primary

Argument we get so what we’ll do is return the important thing worth for a given title so we have now to once more do our operation so we do sum X or First Care occasions three let’s wrap this in parentheses to ensure we perceive the order of

Operations and I need to emphasize this as nicely as a result of I might think about some interpreters Might deal with it in a different way than others so we have now some additional first Sq. occasions three left shifted by this system title fascinating that is going to be title and program title so we’ll name it

Program it’ll additionally take uh sys.arg V2 and we’ll add a utilization to this as nicely left shifted by program Len program was known as program uh uh when textual content that or finish that fantastic so we’ll begin with this we’ll say that the E equals zero say for character in title

P plus equals c and we’ll do order of C as a result of truly argue will are available as a string in order that’s truly going to be the suitable approach to do that we’ll say or after which we’ll say then we’ll say that key xor equals title of zero

Board of title of zero so for those who get the ordinal worth occasions three and we’ll say that key equals key left shifted by Len of program and hex 1f I am going to go together with that and we’ll return key and that’ll be it and I am certain we’ll have some sort of syntax error

Right here simply because you recognize byte strings and strings are annoying as hell and python um we additionally need to add some utilization right here if lets say if Len of sys.arc V not equal three we’ll say print AO give title and program title one thing like I am like

All proper cool let’s examine if we will not play with this so Python 3 key gen bye I am unhealthy at python coding is tough cool there you go it’s going to simply proceed to execute see even even senior devs make errors you make them cool so we’ll say that our title is a and

This system title is essential gen me okay cool and it gave us a correct key wow that truly labored first attempt I am very shocked by that uh let’s examine if we are saying that our title is Steve Jobs and the title is kijen me okay let’s examine what Steve Jobs key’s nope

All proper survey says good job nicely guys I hope you discovered one thing new I hope you discovered the artwork of key cracking like we did again within the early 2000s for those who like this video hit the like button depart a remark after which go watch this

Video about how NASA writes dope code or this one

43 thoughts on “I Reverse Engineered this Program and Generated Infinite CD Keys (child’s first keygenme)”

  1. @LowLevelLearning, love your channel first and foremost. Newer to C, been doing Python for a while. Downloaded this one and followed your instructions and noticed that len(prog_name)&0x1f and len(prog_name) returns the same value… Not sure if it has an effect in C; but it looks like replacing your line before returning the key to:
    key = key << ( len(program))
    It will still return the right value.

  2. As an old-school and retired (must mention that) cracker from the 8 and 16-bit era, it's cool to see new guys into the "reverse engineering" stuff. Nice. Brings me memories back from my trusty SoftIce debugger and back-tracking virii code (vlab anyone?). Greetings from Brazil!

  3. Still using them now on old Windows pc for friends and family, lol. Old programs still do the basic work, why upgrade to new version when years later still basically only using five percent of program, jus sayin

  4. dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023.
    the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.

  5. Description is wrong…. Software keys go back to the 80s, maybe even earlier. Hell, every game I owned from the 90s had a cd key, the floppy disk version of windows 95 still used a license key.

  6. I'm guessing you might find em somewhere, but there use to be some websites/torrents/etc(don't specifically remember where; apparently I'm getting old and this was to long ago:P) tutorial kits that would include old versions of software and abandonware with tutorials on how to crack the software/etc….. I guess sorta a precursor to this sorta thing:P

  7. That's complete horseshit that most keygens were malware. You only found malware because you downloaded them from some shitty website or torrent. Groups would get nuked for releasing shit that didn't work or was malware.

    And that's how you can spot a good reverse engineer from a bad one. Good ones aren't generally decompiling code, they're reading and debugging the assembly. Let's see how well decompilation works out for you if you're working on vm, obfuscated, packed or executables that have been specifically modified to be difficult to disassemble.

  8. Lmaoo I remember downloading those xbox live gold & ms point key generators back in somewhere ~2006. If the pc wasn't slow enough already, well after running the program it defo was.. 😅

  9. I preferred creating keygens (when I was young) with the help of the original program.
    Sometimes they generate a key and compare it with your input.
    If the program shows an error message, you can change the text.
    The only thing you have to do is to change the pointer of the text to the generated key.
    The reverse engineering part is to find the generated key in the memory and change the executable.

  10. Would love to see a video about what you consider to be your best "crack" as you said in the video we all did it back then, it was the thing today, now we just pay for it as we got older, its just simpler.

    Whilst it aint exactly rocket science my triumph was mIRC at 13 years old, i was so excited when it took my own generated key, i jumped up, banged the desk, the monitor (a 19" CRT BEAST of a thing) rolled of the desk, and my dad was not one bit impressed with the result, however i was chipper as fuck for weeks afterwards, and even generated a key or 2 for my buddies

  11. These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that 🙂

  12. Actually checking argv zero is not that uncommon. It lets you check to see if someone renames a file. If you really want to have fun with. a little hacker trick. check argv -1. yes negative it returns the path of the file. so you can check the location of the file on the hard drive. Used to use it as primitive copy protection. Id the file was moved it would come back with put me back where you found me. Depending on your compiler i wouldn't suggest checking out other strange values of argv you start getting access to different parts of memory. if it doesn;'t blow up.

  13. Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.

  14. Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.


Leave a Comment