Professional Documents
Culture Documents
LEVEL: Simple/Intermediate
Tools Needed
-SoftICE
-Brains
-W32Dasm [OPTIONAL]
-DLL Demon v1.0 (http://members.aol.com/progency)
OK Lets begin our trace... Enter Softice and set the Breakpoint
on hmemcpy. Enter in our names and Fake Serial and hit enter.
Softice Should Break.. hit F5 once then we can begin our
trace.. F12 until you get into The process of DLL Demon.
Soon you will come accross this code:
This Area Sets the Strings Up for some part. We notice that
It appends the Serial # to the end of our Name..
We first notice that ALL Single User Serials Start with the letters "DSU"
Next we take a look at the maths part.
So what the above code does is get all your ascii values
added up and divide it by 13 and take the remainder.
To the remainder it adds 59 HEX NOT DEcimal!
It also Takes your Accumulated ascii and logical AND's it
with 80000003 HEX.
So we see the BASIC Alogorithm for the Single User Key is:
GIVEN
=====
NAME And Serial combined into 1 string
X= Sum of all ascii values of NAme and Serial Combined
THEN...
Ok, trace into the second call you will ciom accross this...
This Area Sets the Strings Up for some part. We notice that
It appends the Serial # to the end of our Name..
For The Site License it Simply Takes your Name and the
Serial # Does NOT Matter!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00467711(C)
|
:00467705 8B4DFC mov ecx, dword ptr [ebp-04]
:00467708 0FB64C11FF movzx ecx, byte ptr [ecx+edx-01] <-get character
:0046770D 03D9 add ebx, ecx <-add ascii to
EBX
:0046770F 42 inc edx <-increase
position in string
:00467710 48 dec eax <-decrease
counter of letters left
:00467711 75F2 jne 00467705 <-repeat if
more letters left
So we see the BASIC Alogorithm for the Site License Key is:
GIVEN
=====
X= Sum of all ascii values of Name
THEN...
BElow is MY KEYGEN SOURCE CODE.. Yeah im a shitty PAS programmer but it works!
===Start Code===
var
name:string;
secondc:integer;
serialn:string;
eax,ecx,edx:longint;
pos:integer;
begin
end.
===END CODE===
Flu[X]/PC98
http://tuts98.cjb.net
pcflux@hotmail.com