a4apphack

Patching Security Holes With OllyDbg (Part 3/3)

Posted by rajivvishwa On February - 10 - 2009
This entry is part 3 of 3 in the series OllyDbg

OllyDbg

Tutorial 3 – Deriving the logic of the generated key to create Keygens

Enter any test string to get the error message.

3_crackme_ss

Search for the referenced text strings and locate the message displayed in the error box. After analyzing the text references we find that there are no hardcoded keys or presence of any fragments of keys.

3_searchreferencestring

We have Double click to open the CPU window and set breakpoint by pressing ‘F2′

3_setbreakpoint

Check whether there are any new strings generated at the CPU window (and trust me you wont find any :( ). Now check the memory stack and scroll to the instruction where the userid we have entered is displayed. If you scroll a bit down you can find a ‘Key Like’ string below the userid string. Try to enter that in the key field, it should work.

3_serialfound

There is no point in finding out the key without understanding the logic behind the generation of the key. Once if we find the logic, we can reverse engineer and create a distributable keygens.

We can segregate the userid and corresponding key values as follows

t – D8
e – C9
s – D7
t – D8
e – None
r – None

Now open ‘calc’ in scientific mode – Select Hex mode – Type D8

3_valuehex

Select Dec mode to convert HEX value to Decimal.

3_valuedec

Note down the corresponding Decimal value for each HEX equivalent.

Now open any asciichart and note down the ascii value for the userid chars.

3_testascii

We can notice a difference of 100 between the converted HEX value and ascii value of the userid.

So we can derive the logic to create our own Keygen

Logic Sequence

  1. Take the 4 four characters of the username
  2. Convert chars to corresponding decimal value
  3. Add 100 to the decimal value obtained in step 2
  4. Covert this to HEX and the Key is obtained!

CrackMe App Download : Download Alt: Download

Video
If you can see this, then you might need a Flash Player upgrade or you need to install Flash Player if it's missing. Get Flash Player from Adobe.

Conclusion: Always use a multilevel, complex logic to derive your own key. Always advised to use any standard encryption algorithm to generate the key used for comparison.

Note: The apps used in the tutorials are downloaded from the DeathSpawn Website (Not working anymore :( ) and detailed ‘How-to’ is can be read from the text file which is present along with the app package.

References

Series Navigation«Patching Security Holes With OllyDbg (Part 2/3)

Related Posts

Programming, Security, Tutorials

Subscribe RSS
Follow me on TwitterTechnoratiYoutube VidsLinkedIn ProfileDelicious

    Popular Posts

    Most Commented

    Recent Posts

    Recent Comments