CrackMe® Practices for Newbies
Project 11: DREADX by noos

My keygen
Sunday, 02-May-1999 13:49:18

    Greetings,

    After I found out how the program checked the entered code,I searched for a way to reverse it and to get the security code.I have written this keygen pretty fast,but it didn't gave any code.I almost gave up,but after reading Joseph's post about the anti-SICE code,all became clear (great work Joseph).I changed a character in the sourcecode and it worked.

    2 codes are displayed as being valid: CAPSULE1 and A[PSULE1,but since [ is not a valid character,CAPSULE1 is the only good one.


    #include
    #include
    #include

    char hardcoded[]={0xD0,0x6f,0xbf,0xcc,0xc7,0x31,0xb3,
    0xc1,0xea,0x99,0xD7,0x72,0xc2,0xaf,
    0xde,0xa0,0x4d,0xa6,0xb0,0xea,0x90,
    0xa0,0x47,0x96,0x98,0x72,0xd3,0x51,
    0xb2,0x41,0x60,0xe6,0x7f,0xa4,0xca,
    0x5f,0xa0,0xc1,0xb3,0x73,0x9e,0x71,
    0x49,0xcd,0xc3,0xce,0xb0,0x77,0xb0,
    0xf3};//hardcoded in the program
    char ca[60];
    char rez[60];
    char code[60];
    char code2[60];//used by the check routine
    int lcode;
    int ve;
    int nesting=0;//for debugging only

    #define ISCH(x) (((x)>=' ')&&((x)<='~')) //Is character?


    int check(char *newcode) //check routine
    {
    int r;
    lcode=strlen(ca);
    strcpy(code2,ca);
    for (int i=0;i<(50-lcode);i++)
    {
    r=(code2[i]*code2[i+1]) % '4';//if SICE: % '&';
    if (r<=25) code2[lcode+i]='A'+r;
    else code2[lcode+i]='F'+r;
    }
    int sum=1;
    for (i=0;i<50;sum+=code2[i++]);
    sum=sum % '1';
    int s2=0;
    for (i=0;i<=sum;s2+=code2[i++]);
    unsigned char aux=s2 & 0xff;
    unsigned char v=aux ^ code2[sum],v1;
    for (i=0;i<48;i++) // main loop
    {
    v+=code2[i+1]+1;
    v1=v;
    v+=code2[i+2];
    newcode[i]=v1^v;
    }
    v+=code2[49];
    v1=v;
    v+=code2[2];
    newcode[48]=v1^v;
    v+=code2[2];
    v1=v;
    v+=code2[3];
    newcode[49]=v1^v;
    for (i=0;i<50;i++)
    if (newcode[i]!=hardcoded[i]) return 0;
    return -1;
    }

    void go3(char v,int poz)//reverses the main loop
    {
    if (poz<0)
    {
    for (int i=0;i<50;i++) ca[i]=code[i];
    for (i=' ';i<'~'+1;i++)
    for (int j=' ';j<'~'+1;j++)
    {
    ca[0]=i;
    ca[1]=j;
    code[0]=i;
    code[1]=j;
    for (int k=2;k<14;k++)
    {
    ca[k]=0;
    if (check(rez)) {
    printf("%s\n",ca);
    }
    ca[k]=code[k];
    }

    }
    return;
    }
    for (int c=0;c<256;c++)
    {
    char c1=v-(char)c,c2=v-2*(char)c;
    if (((c1^c2)==hardcoded[poz])&&ISCH(c))
    {
    nesting++;
    code[poz+2]=c;
    go3(v-2*(char)c-1,poz-1);
    nesting--;
    }
    }
    }

    void go2(char v)
    {
    for (int c=0;c<256;c++)
    {
    char c1=v-(char)c,c2=v-2*(char)c;
    if (((c1^c2)==hardcoded[48])&&ISCH(c))
    {
    code[2]=c;
    go3(v-2*code[2],47);
    }
    }
    }

    void go1(char v)
    {
    code[3]=v-(hardcoded[49]^v);
    go2(v-code[3]);
    }
    void main()
    {
    printf("%d",check(rez));
    clrscr();
    gotoxy(1,2);
    for (ve=0;ve<256;ve++)
    {
    int x=wherex(); //-----------
    int y=wherey();
    gotoxy(1,1);
    printf("%d\n",ve);//These lines are for debugging only
    gotoxy(x,y);
    code[0]=' ';
    code[1]=' ';//---------------
    go1(ve);
    }
    }


    Andy

    Andy


Message thread:

Andy's thread(my first approach) (Andy) (25-Apr-1999 06:16:09)

Back to main board