downloadbrowseTaliesin's KGM1Tal

Download KGM1Tal.zip, 2 kb (password: crackmes.de)
Browse contents of KGM1Tal.zip

KeyGenMe 1 by Taliesin

Window32 - Tested on XP and Win98.
Assembler - MASM32.


To complete:

1. Bypass debugger checks.
2. Write a keygenerator.
3. Submit keygen and tutorial.

Completion should be relatively easy. Only a few debugger checks. Algorithm for serial is not too complex.


Greetings go out to:

l0calh0st
HMX0101

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows 2000/XP only
Language: Assembler

Published: 14. May, 2006
Downloads: 774

Rating

Waiting for at least 3 votes
(we have only 2).

Rate this crackme:

Send a message to Taliesin »

View profile of Taliesin »

Solutions

Solution by indomit, published 17. may, 2006; download (11 kb), password: crackmes.de or browse.

indomit has not rated this crackme yet.

Solution by l0calh0st, published 17. may, 2006; download (12 kb), password: crackmes.de or browse.

l0calh0st has rated this crackme as awesome.

Submit your solution »

Discussion and comments

l0calh0st
15. May 2006		Nice work Tal :)
Debugger checks were different from what i have seen till now :)
HMX0101
15. May 2006		Good Job, Taliesin

I have fished a serial for my name, but i can't understand when the crackme use my name :(

Debugger checks, not is working for me :D
Ox87k
15. May 2006		yes, very nice work! i don't understand the debug tricks however not working for me!! =)
indomit
15. May 2006		I say it wonderful debugger checks! :) Very nice!
The idea to check BP is good :)
indomit
15. May 2006		Maybe it bug?
when you check first letter you do next:

00401423 . 80EE 41 SUB DH,41 <<-- not need!!!
00401426 . 8AF2 MOV DH,DL <<<<

and when you check 3rd and other letters you do:

0040145F . 80EE 41 SUB DH,41
00401462 . 8AD6 MOV DL,DH <<<<

it isn't important for solution, but... ;)
indomit
15. May 2006		not need!!! = have no effect...

sorry for spam and my poor english %)
l0calh0st
15. May 2006		indomit ...are you sure what you said is right
indomit
15. May 2006		I'm not sure that is bug, but I sure that first operation SUB have no effect :)

PS... I mistake... it is about 3rd and 4..9 symbols =)
Taliesin
Author
15. May 2006		indomit, the minus 41 is used for the table...table is only 24 characters.
Originally, when I wrote it, I had self-modifying code in it - Olly instead of skipping breaks, just told me I had overwritten it's Int3 instruction. That gave me the idea.
The first call after GetDlgItemTextA does do something, it checks part of the serial format, among other things.
indomit
15. May 2006		Arrrgh %) I want say that Mov dh, dl and mov dl, dh is not the same!
In first case u use minus 41 but on next operation u overvrite result stored in dh by dl. )
In second case all fine...

Anyway, I wrote the tut and upload it yet :)
Taliesin
Author
17. May 2006		Good job indomit & l0calh0st, nice tutorials. And thanks to everyone that tried this one. I see I'll have to increase the challenge so my next one isn't solved in 3 days. ;)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.