iSSoGoo's KeygenMe #3
| Download issogoo_keygenme_3_fixed.zip, 45 kb (password: crackmes.de) Browse contents of issogoo_keygenme_3_fixed.zip Intro:
Difficulty: 2 - Needs a little brain (or luck) | Send a message to iSSoGoo » View profile of iSSoGoo » |
Solutions
Solution by hit02, published 29. jul, 2015; download (69 kb), password: crackmes.de or browse.
hit02 has not rated this crackme yet.
Solution by tr4ceflow, published 01. jul, 2014; download (124 kb), password: crackmes.de or browse.
tr4ceflow has rated this crackme as boring.
Solution by grayfox, published 01. jul, 2014; download (2 kb), password: crackmes.de or browse.
grayfox has not rated this crackme yet.
Solution by Kirjava, published 09. jun, 2014; download (94 kb), password: crackmes.de or browse.
Kirjava has not rated this crackme yet.
The submission of solutions is closed.
Discussion and comments
| tr4ceflow 29. May 2014 | ok, understanding the disassembly is done within 5 minutes. I am pretty sure that there isn't a no-bruteforcing-way. |
|---|---|
| iSSoGoo Author 29. May 2014 | I think I made a little mistake with the buffersize, will upload a fixed version very soon! |
| r0bert 29. May 2014 | No problems with the keygenme, i found a plethora of valid keys from bruteforcing... |
| givses 01. Jun 2014 | The keygen is about bruteforcing. Not about calculus & stuff. There are 2 bytes to match. |
| redsees 03. Jun 2014 | so what's a 'stupid' and a 'smart' keygen? how can I rate mine to be any of them? |
| r0bert 03. Jun 2014 | redsees, i thought about that myself. I figured 'stupid' and 'smart' refer to the keygens level awareness on how the key is validated. I initially thought that a smart keygen meant no bruteforcing, until i saw the Platinum section... hmm... I concluded this..: stupid: Since the serial validation portion can be ripped from the assembly listing, a 'stupid' keygen could simply throw a serial at the validation routine and check whether it passed or not. This could be likened to black box testing: the keygen has no awareness of the logic involved in the validation process (it does not need to). smart: A smart keygen would involve understanding what is required to produce a valid key (white box), then rewrite the logic involved in the validation process (based upon the assembly). to rate your keygen: did you simply rip the asm byte for byte and throw random serials at it? -> silver did you understand the validation routine and rewrite it in your own code? -> gold did you write a keygen that doesnt bruteforce -> platinum or, i speak a bunch of garbage and the author had something else in mind ;) |
| iSSoGoo Author 03. Jun 2014 | A 'silver' rated keygen for me would be if you simply bruteforce the whole serial. The probability for finding a valid serial in that case would be 1:65536. So yes, this is some kind of blackboxing. But as far as I know a valid serial can be found slightly faster. It's not that much faster and you still have to use bruteforcing, but it's faster ;) |
| tr4ceflow 04. Jun 2014 | One can simplify the validation algorithm up to only 30 lines of beautiful easy c++ code. You only have to bruteforce the last 4 characters for a stupid keygen. At least to compute a valid serial without bruteforcing you have to solve a linear equation system having non-linear constraints. Well this is a bad keygenMe since there does not exists a serial beginning with "tr4cefl" ;-) But you can test something like: tr4cefqijL tr4ceftRzL tr4cefuUzL ... A samrt way is to leave the last 4 characters empty and compute them from the first 6 characters. |
| tr4ceflow 04. Jun 2014 | In fact you only have to test 3844 to get a valid serial. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.