darkelf's Darkelf KeygenMe #2
| Download Darkelf_KeygenMe2.zip, 133 kb (password: crackmes.de) Browse contents of Darkelf_KeygenMe2.zip Hey folks,
Difficulty: 2 - Needs a little brain (or luck) | RatingWaiting for at least 3 votes View profile of darkelf » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| mausy131 06. Aug 2012 | Couldn't read value.. Exiting now! Some kind of nag?? |
|---|---|
| darkelf Author 06. Aug 2012 | @mausy131 If you are actually facing this message, you must either have absolutely no rights on your computer or you are using a weird version of Windows. Weird means in this case damn old or too new (because I didn't have Win8 to check if the KeygenMe is running there without fault). |
| sasue11 06. Aug 2012 | lol I have Windows 7.And I have UAC disabled.Couldn't read value.What should I do? |
| darkelf Author 07. Aug 2012 | @sasue11 Well, actually this should be impossible! Even if I spoil something now: the KeygenMe reads out some registry value. If you don't have this value, your Windows doesn't have a serial number. |
| ceycey 07. Aug 2012 | I have the same problem as mausy131 and I know I have a valid windows serial number but you may know that windows 7 encrypts the serial number and you are trying to pull it with RegQueryValueExA API directly. I have not gone through to see whether you use the decryption algo or that's your goal to use the encrytped data but I think that may be the problem. I am not sure |
| darkelf Author 07. Aug 2012 | @ceycey No, there must be some other reason. I tested it really excessively. The problem is not an encrypted serial but the lack of this certain registry value. This KeygenMe is also availabe over there at Woodmann's and was announced at Exetools. It was slightly over 180 times downloaded and the was no complaint at all. Please have a look if you have this regvalue: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId" Thank you. |
| Pride 07. Aug 2012 | @darkelf I receive this "Coudln't read value" error too. I have Win7 64 Bit. I've checked the registry path, but there is no "DigitalProductId" under "CurrentVersion"; However, there is a "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey" and it has some keys named "DigitalProductId", "DigitalProductId64" and "ProductId". The first two are of type REG_BINARY and the latter one is of type REG_SZ I hope this information helps somehow. |
| darkelf Author 07. Aug 2012 | @Pride Now, that's some useful information. If the two others with this message are also use a 64bit Windows, we'll have a winner ;-) I myself use Win7 32bit and there it is the key I mentioned above. Unfortunately I have no 64bit Win7 but if the two others are also using 64bit, I will make a fixed version of the KeygenMe which takes the different key under the 64bit OS into account. Thank you very much. |
| Saduz 08. Aug 2012 | I use Windows Xp Service Pack 3 and there is no nag. |
| Pride 08. Aug 2012 | @darkelf Maybe you should read the path to the reg key from a .ini file so everyone can change the path to that reg key, because it seems that everyone has this value stored somewhere else :S |
| darkelf Author 08. Aug 2012 | @Pride No, it's not! It is just different in the 32bit and the 64bit version. I will install a 64bit version of Win7 today and adjust the KeygenMe. My fault was that I didn't take into account that someone really uses a 64bit OS for reversing. |
| JMBrito 09. Aug 2012 | About the read value problem, use this to bypass the message: 0040243E EB 1E JMP SHORT KeygenMe.0040245E |
| darkelf Author 10. Aug 2012 | @JMBrito your patch may circumvent the message but you won't be able to do a working keygen then. I've asked the moderators to enhance the KeygenMe description and add a "32bit only" guideline. Sorry for this. |
| darkelf Author 01. Sep 2012 | Well, maybe I should have chosen a somewhat higher level. Level "2" was a bit dewy-eyed, I guess. You know, if you code a KeygenMe, it will look a lot easier than it is in fact. Maybe it's more a level "4". |
| tamaroth Moderator 04. Sep 2012 | The main problem for people, I believe, is that you wrote it in pascal, the language many of us consider extinct. So it might take some time before anyone reaches any conclusions on how this works (you know, we have to familiarise ourselfs with pascal once again) |
| tamaroth Moderator 04. Sep 2012 | edit: I'm sorry, not pascal but basic :) |
| tamaroth Moderator 04. Sep 2012 | name: tamaroth mail: tamaroth[at]tamaroth[dot]eu (fake, obviously, you must replace [at] with @ and [dot] with .) serial: ADC76CFDC6598A6A10BDEDCEDADE9095184D7138D6B87 in order for this to work, you must create a new user called 'tester' or simply change your name because serial is dependant on os username. Authors intention was for serial to be dependant on C: drive's volume serial number, but due to the bug in code, it's completely irrelevant. I'll write a keygen soon. |
| darkelf Author 05. Sep 2012 | Well done tamaroth. The bug is really a pity. Right now I'm digging to find the reason for it. I'd consider the language not a problem. As I wrote, it's PureBasic NOT Basic which is a whole different thing. PB has no crappy runtime like Basic has and it produces nice, clean and tiny Assemblercode. Actually, the Assembler used is FASM. If I hadn't played with the first bytes myself, PEiD identifies the .exe as FASM. Again, well done. I'm looking forward to your keygen although I fear that the bug took away a lot of the difficulties. |
| tamaroth Moderator 05. Sep 2012 | The bug's you use 'C:' as a root while it should be 'C:\'. From MSDN: If this parameter is NULL, the root of the current directory is used. A trailing backslash is required. For example, you specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\". The bugitself simplifies things somewhat, I have just have two values that are static rather than computed from hdd's serial. I tell you what, I'll code the keygen like you would've used correct value for GetVolumeInformationA and in meantime you can fix it :) |
| darkelf Author 06. Sep 2012 | @tamaroth the bug should be fixed now. Please give it a try. |
| tamaroth Moderator 11. Sep 2012 | Now it makes it more interesting, I need to trace the regkey generation (damn fpu ...) and the formentioned keys. At the moment I don't really have time to write a fully working keygen, but maybe soon. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.