I Reverse Engineered this Program and Generated Infinite CD Keys
Вставка
- Опубліковано 29 вер 2024
- Key generators are a hallmark of early 2000's computing, an epic battle between companies trying to secure their software and hackers trying to steal it. Now, Reverse Engineering is a FUN way to learn more about computers. BUT, we need to do it legally.
In this video, I'll go step by step through a keygenme problem.
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord - Наука та технологія
As a noob (I still am!) I used to simply edit the instruction from `je` to `jne` to invert the if statement, so that always in license check for wrong keys it will start working. Honestly, patching is much much easier than reverse engineering the algorithm.
While I haven't done keygens, I do agree that reverse engineering is way harder than patching but.... BACKWARDS COMPATIBILITY
I remember doing this for the securom method, if the CD was there... so then I put, if the CD is NOT there, and... voila! You could play without the disk which was completely unnecessary.
if there isnt a hash check of the file or somerthing youure good
@@lPlanetarizado Even if there is one, we can patch that function as well with the same logic. Tools like Ghidra can visualise the assembly code for you.
@@Socket775a When I was young, I always hated the CD DRM, though I didn't know it was DRM at the time. I thought it was just poor engineering that they couldn't get the game, which is obviously installed on the hard drive and off of the disc, to run without the disc.
It is never this easy on real keygens. Vendors go to extraordinary lengths to obfuscate their key checkers.
Yeah, but it shows the principle
yeah probably nowadays, and I think they would use a cryptographic signature, which is a definitive solution for the manufacturer to safely verify keys.
Well of course, it's meant to be a teaching tool
@@hobrin4242 This just means that it’s better to patch the thing I guess, which is why there’s so much focus on verifying file integrity and shit these days.
it really depends on the program, even the ones that connects to online server :) one i know fist had a bought key for a known antivirus, and when gotten close to expire he registered a new key to his account, key was similar to the original key but some of the last digit changed and it got validated it worked for 4-5 years lol so even i got free antivirus hehe :D similar dcan also work on games too both with or without locked to internett chekking :)
reetro hack on adobe and photoshop on win98 was using 30 days trail and turn back date&time lol XD
Keygens are Diamonds made of Knowledge, Craftsmanship and Passion.
Often enough they were only a few bytes in size while also being aesthetically sophisticated designed with original chiptune music in the background.
Keygens are a high form of art.
Lost to time, some have evolved with the times and made custom installers with the same chiptune music in the background
A few bytes? That's literally impossible. A single instruction takes up more space on average than a few bytes. Possibly you mean a few kilobytes or megabytes?
@@nikkiofthevalley I'm aware of that and yes: Bytes. A few hundreds of them but thats it. Rarely even less. No assets or libraries - only procedural beauty - cleverly arranged and used.
@@TheBigLou13 "A few" usually means in the range of 2-5, not hundreds.
Also the sophisticated viruses that comes with it
the dark mode in ghidra actually harm the eyes more then white mode !
because its pure black instead of being dark grey, pure black will force your eyes to change the focus quickly when you look outside your screen which will cause your eyes sometime to become blurry , and this blurriness may continue for a while and can cause vision problems for the long term
That's a fair point. I usually use a dark gray background, except in vim where I use a navy blue background.
Good video, though it's missing the most important part about those old key gens. The awesome tracker music that would (loudly) play when you opened them.
You just encouraged me to keygen a lot of stuff..... (for educational purposes ofc :)
I remember a friend had a legit Diablo 2 key from a store, and the KeyGen had his key too.
I remember buying physical games.PC Games were $15-$20 and the console version was $30-40
Good boy, nice run.
Reverse engineering is awesome
Aaaah, the good old days. They really got me labeled as a nerd in school. Fast forward 25 years and I'm a 30 something sysadmin who loves (and hates) his job.
Enderman almost got bloody terminated for doing this. Just a fair warning.
amazing video, thanks as always man!!!
These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that :-)
Wow teach me more man
What distro are you on that your Python and GCC are less up to date than mine? I haven't updated for 2 years and I'm still more up to date. Also, why did you write it in Python instead of just using C, especially when you could've just copied the code straight from Ghidra?
I miss physical media
I didn't understand anything but i loved it
honestly same
fyi Windows XP just got a keygen that actually lets you activate online
Dude i would boot up a virtual machine and download all the sketchy keygens and just copy paste into whatever needed that key
If I could go back and teach 15 yr old me what a VM is.. yikes
my doubt is.. keygens infect pc with trojans?
i mean real keygens from CORE, Deviance, PARADOX, razor 1911
are those keygens has some malware inside?
Maybe not when the keygen was made, but who knows by the time it gets to you? Back in the day it was pretty much a coin toss.
Try making a keygen for something real.. That might take more than an 11 minute video.
Wait! The keygen uses exactly this algorithm inside, for every game/software?
nope, actual keygens are a lot more complicated, this is obviously just an example teaching you the method you would need to use to write a keygen for a program
@@barry5 thanks 🤝
Man the nostalgia!!! I remember being about 13 and trying to get a StarCraft: Brood War activation key! I just couldnt wait for my allowance and probably put a few thousand viruses on the family desktop😂😅
Same, Warcraft 3 Reign of Chaos. And sometimes I’d manage to get a legit BattleNET-working key for awhile (til it would get burned). Simpler times man.
bro i saved up my money to keep buying the walmart box set, i ended up with like 6 prima guides bc my sisters kept scratching up my cds. the keygen that eluded me was for the harry potter games for win 98
If cracking denuvo were that simple.
Actually for the past with subjunctive were is appropriate
@@Proferk Under Standard (white) American English, "were" is correct.
@@DrewTNaylor and everybody understood the meaning of the sentence so language is functioning as it should and as there is no authority on the English language, both are correct
@@kaitlynethylia Yes.
@@DrewTNaylor I have to admit, my expectations have been subverted, because I never expected to see racism here.
I miss the times where you had neat crack setup wizards that would play a cool hacky-style music super loudly while it was installing all the files
Here u go :D
ua-cam.com/video/1DqhpuEYNko/v-deo.html
What do you mean, you can still find them nowadays with new software
@@mariuster Many people don't even bother with todays software anymore. Software quality has so degreded of the past 10+ years.., its more important in society to have quantity and the latest instead of actual quality.., nobody is willing to learn stuff since nothing is possible/allowed/valueable anymore or for longer than a few moments... So what's even worth cracking anymore? So they're sadly fine with dumbed down dopamine streams on surveilance capitalism devices.
@@mariuster cue pirate sea shanty
FitGirl 💪
Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.
90s internet was wildaf
I used to use a little dumber (or is it) approach: find a branch point between "Wrong key" and "Good job" and replace JZ/JNZ with JMP. Yep, I did it in pure asm and AFDPro. That olde times.
The idea that there are gamers alive that don’t know what a keygen is is terrifying.
I was always fascinated by how keygens were made (though I never knew how it was done til I got curious many years later).
Learned about keygens from this video wdym
How is this terrifying? There are kids who only know what Steam is and boxed games are not a thing. If you expect generations to have implicit knowledge of some nostalgic event in your life then I expect you to know how to carve a stick and go hunt an animal with it.
Too young to have had the chance to actually use them, but my parents tell me many tales of their PC gaming experiences. What a magical time to be alive (from an outside perspective, at least.)
Good video. The precedence of multiplication over XOR was directly visible in Ghidra's disassembly window. The code multiplied the value by 2, added it again and then XOR'd sum. ;-) I have written so many keygens in the 90's for BBS Door programs and stuff... Debugging in the Borland debugger was fun!
cool but here's the thing: it misses the tracker music. add that and everything golden
you forgot to make it play some songs
Why reverse engineering appealed to me so much?
its a fun little puzzle
Because it takes an almost pathological commitment to solving a problem sometimes, which is extremely rewarding when you get there
You're bouncing from instruction traces that are hieroglyphs to most people to picking minutiae out of the back of 1000-page manuals to reading forum posts to emailing someone who wrote a paper in 2013 about some deobfuscation technique you think would help with figuring something out but didn't publish his example code...
Then you figure out you can piggyback patching 3 different things that'll get a program in a state where you can figure out just where something important even is 😊
A lot of times you're trying to defeat something another person specifically setup to try to thwart you, and you end up needing to understand how 5 other low level things work to trick some of those and coordinate the workaround. It's like getting a parking ticket and showing up with some statute you dug up from 1859 after a week of research that absolves you and it actually working. It's safe cracking or lock picking. You have to know 10x what the guy who put the lock on did. And you still got it open
@@charlesnathansmith This is the kind of comment that brings reflection, should say thank you?
if you pass "./blabla" as the program name, doesn't it also count the "./" part in the len(program) and why does this work, did the makers of keygenme use use that too? what if you'd pass an absolute path?
yes. In this case "./" is actually part of program name. This works because whatever you type to run the program will be placed in stack of main function of the process. you can also access the program's invocation name in "/proc/pid/cmdline" of each process. (where pid is the process ID of desired process). This solution in the video remains effective even if you choose to rename the executable file. :)
Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.
Which games specifically?
Bruh, I remember downloading the shareware from a dial up BBS.
Ancient times? Jeez thanks for aging me. We made ISOs so the PC thought yhe disc was always in the optical drive.
I preferred creating keygens (when I was young) with the help of the original program.
Sometimes they generate a key and compare it with your input.
If the program shows an error message, you can change the text.
The only thing you have to do is to change the pointer of the text to the generated key.
The reverse engineering part is to find the generated key in the memory and change the executable.
You could have seen the order of operations in the assembly code.
yeah, it was just }sum" twice to itself (instead of multiplying explicitly by 3) which i thought was really cool
@@samcousins3204 yeah, I wrote a calculator in pure assembly and all I can say, you don't want to multiply if not totally necessary. It's slow and cumbersome, so neither compiler nor assembly devs like it. The only basic operation worse is division. It's such a pain and even slower than multiplication.
@@redcrafterlppa303 What's wrong with mul/fmul?
EDIT: Oh, you might have written it on a processor without those instructions. D'oh.
EDIT2: What platform was this on?
@@mr_gerber no I have imul, idiv... but the split registers make it awkward to use.
I mul returns into 2 registers and idiv expects 3 registers as input
My favorite story about a key generator was a very well-known Mac program I can't remember what it was but I think it was office related or something like that had a well-known key that circulated around the internet and everybody is that key. There was an update to the program and the key no longer worked but the funniest thing was that that key was hard coded in plaintext in the application itself so all you had to do was open up the application in a hex editor and change the key to something else and then the key worked again.
Back in the days - we didn't have such cool tools like you used. It reminds me the modern lockpicking. With the tools you can buy now picking any lock is quite easy even for a beginner. Without modern tools it would be much, much harder and more tedious.
What the fuck are you talking about
CIA - FBI, if you are reading this, I never ever used a key generator.
To all others: I definitely remember. I liked the sick chip tunes
I feel that this way using decompilation is way easier that using windbg like most other “tutorials”
"there were key generators that generated keys for you"
In a lot of cases, keygens gave your computer a lot more than just the keys!
As an outsider i ask this, has anyone cracked intel management engine?
I don't know, but I believe it runs Minix (minix is the version of UNIX that inspired linux)
People have managed to disable it on some processors
Ahh the good old days of Softice debugger and Fravia's tutorials!
dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023.
the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.
the best things about the keygens, was the music. there are sites dedicated to it too.
You are such a young blossom. Buying games on CD, wow! I’m so old that we bought games on cassette tapes 😂 I got my start in cracking video games and software in the 80s and 90s as I demonstrate a lot of this channel too. I mostly just jumped over the check or made it evaluate properly.
Yeah, if you're going to pirate, easier to just patch the binary. Not that I'm advocating for piracy.
@@anon_y_mousse sure you don’t 😉🤭😝
Wait until you find out people buy games online now..
@@CallousCoder I patched a game once to just jump over the key check. Unfortunately it turned out the game randomly crashed on you if you did that as extra protection :/
@@Bobbias some software has indeed a checksum on its own binary. That needs to get the same treatment. That always was nasty. Especially when they did it with a timer then it’s very hard to track.
in linux, compositors mostly can reverse the colors of a window....
currently i am using kde rather than a twm so ctrl-meta-u flip colors.... so i can basiclly use light mode only apps like ghidra in dark mode :)
and for geogebra, it's really cool
a proper dark theme is always better than the inverse of a light theme
@@ИльяВитцев True, but color inversion is better than nothing. Though, I use the shortcut Super+U for single window and Super+I for everything because I look at it as global functionality.
Don't give the XP era script kiddies too much credit, a lot of those old key generators just randomly pick a key from a static list. I'm sure some of them were actual generators but that seemed much less common
Hah, was just about to make that very comment. Yeah, there's nothing technically wrong with anything he says, but what you say is 100% true - a lot of keygens were just lists of stolen keys
From my experience, those kinds of key list were obvious. The key list programs I used from that era were literally just drop downs or you just hit the generate button continuously without any input from the user.
i'm not 100% sure but 4:45 looks like a for loop. With the increment at the end and the if statement after an assignment etc. so i think it would be something like for (int i = 0; i < strlen(name); i++) { /* body */ }
Ah that explains the inefficient call to strlen
@@shadamethyst1258 yeah that threw me off aswell and that's how i came to that conclusion. I think if 'name' were marked as const char * the compiler would move the call to strlen up a few instructions to avoid the redundant calling but any optimization flag passed to the compiler would have taken care of that i think (gcc and clang are really smart).
Hello, can you pass the crack of the PADSVX.2.4_ESDM
And you didn’t have to touch a single line of assembly… that decompiler works pretty well!
I remember those days when the crack came with the game. Those were good times.
I remember the days ... Using WinDASM to disassemble programs/games and cracking them or writing keygens ... Fun times.
Tools were "a bit" more primitive back in the day
0/10 you didn't add some FM chiptune jams to the keygen
I downloaded a keygen from napster once.
I used to start keygens just to listen to the music
This is actually a really insightful introduction to ghidra
Where are the Chiptunes?
Yeah, also old, and I fucking hate that UA-cam is using so much RAM. Insane, just watching a video, takes up about 1gb of ram. Seems like youtube is using my device for crypto mining. The symptoms are exactly the same, my machine is on high load all the time when I have youtube opened. Must dig deeper to fight back those crooks.
Obviously a real key checking algorithm would check if a cryptographic signature signed by the manufacturer is correct
I need to go back in time and show me this video, it would make things a lot easier.
I recently downloaded a keygen for 3ds max 8 and I literally opened it through 2 virtual machines to make sure it could not possibly get through my pc if it was a Trojan LOL
I had a friend that would go to the store, and write down all the CD keys he could find from the back covers of the manuals they used to leave in the cases, and then later download those games and use the key.
It's been a million years it seems like, but I remember using SoftICE back in the DOS days to patch a CAD program's license routine for a friend who lost their key (wink wink). These tools look way more in depth than hunting thru unlabeled assembly language.
Hello, I have an old software that runs on Windows 7 32 bit. I can no longer activate this software because the manufacturer no longer exists. Can someone help me with that?
It's about the software Fminer Pro 9.81
When I first started gaming they came on floppy disks, and used weak bits on the disk to prevent copying. You could however reverse engineer the binary to find where it made the DOS system interrupt call to check for this weak bit and bypass the check. Things like IDA didn’t exist then, so you had to disassemble it by hand and modify the binary in a ‘debug’.
I remember installing Doom from 1.44 MB floppy disc. Actually not installing, just copying.
Hello, Sir, I am very new in reverse engineering, right now i am practising at home, but one exe file which is packed by expressor, I cant unpaced it for reverse enginerring, Please can you help to do this process. Please help me.
This is not how we did this 10 or 20 years ago.
You missed several important steps.
We didn't have Ghedra back then, you needed to know how to read dissassember output.
You explained nothing about reading setting a breakpoint, finding program resources, or how to test if you got caught in a dummy function?
While this is usefull, it might have been better if you had a friend code the key tester, because this was obviously contrived.
My homeboy using the same face on a fuckton of thumbnails lmao
If I was old like you, I might remember game cracks from the early 2000s? Oh, that's adorable. If you were old like me, you were cracking games yourself in the early 80s
Old Guy here. Help me understand. Imagine a play ground inside a fence and locked gate. In order to play on the play ground you have to have a key for the locked gate. If you don't have the key for the locked gate, why not just jump over the fence and locked gate? Which came first? The full version of the game, or the fence/locked gate to play the game? When the creators of Hyperspace.Invader.v2.01 created the game, did they play/create the game then put it inside the fence and locked gate, or did the fence and locked gate come first? How to jump over the fence and just go to playing the full version of the downloaded trial version without fussing with all this keygen business. I know the full version is there to play, just help an old man jump over the fence to play on the play ground. Or.........just tear the fence down and walk on in like the creators of the game did. What am I saying, the creators of the game didn't even have a fence/locked gate around the play ground until the playground was finished. A? 2005 is when the game came out. You won't be able to find a trial version to download anymore, unless you know someone who still has the trial version to share. The company that made and sold the game quit selling it years ago. Other wise I'd just buy the game. $19.95 easy peazy
Description is wrong.... Software keys go back to the 80s, maybe even earlier. Hell, every game I owned from the 90s had a cd key, the floppy disk version of windows 95 still used a license key.
Then there is god also he lighting the darkness. Sorry i prefer the darkness as a woman of name pricesslighting. Know you of her on private chat lobby.😂😅❤
Gone are the days when you could literally download naughty cracked software from the likes of Limewire and Pirate bay. The ISPs got wise to people exploiting the software vulnerabilities and people got sent to prison for doing it. How I miss being able to get hookey copies of office and the like 😂
Still using them now on old Windows pc for friends and family, lol. Old programs still do the basic work, why upgrade to new version when years later still basically only using five percent of program, jus sayin
The dirty little secret of keygens, cracked and pre-activated programs is many use your computer to process crypto. It's a small amount that's hard to detect because they rely on volume to help avoid detection.
Some programs are worth it if that's all their doing but some do more malicious things.
Cool video, would recommend
Thanks!
I bashed and crashed my way through many a program back in the day in order to achieve this. Some worked, many didn't. Still don't know what I did right when it did. It was a lot of fun though.
Ancient times... CD. LOL. that was modern technology. I see your cd and raise you a punchcard
This is fascinating even though I can only write a small .bat file.
I learned something. Thank you! This is super cool!
But how can it be a proper key gen without sick chiptune music. Everyone knows that's an essential part of a key gen.
or we just bypass that keygen. bcoz if it done real keygen you use not buyed so its not activated on server to use LOL
No, if you're old you got your games on a floppy disk pirated by the milk man who was using xcopy
I am old enough to remember when people never said "off of"
Also, someone needs to tell him that key generators are still in widespread use today
i would recommend you learn basics of python before watching this video
CD ancient times?? That's new tech! I started with cassette tapes (and still have several)
python is the most readable program language ... right, not! ;-)
i grew up doing this stuff. now as an adult i still do it for fun, i always love me some RE
I was lost after Hello.....watched until the end, didn't understand a bit of it....
So called “influencers “ In other words they can’t contribute to society
I was just here for the cool keygen chiptune music...........
What's the name of the program you're using to do the C code extraction?
Yeah I definitely remember these. Cracking got me into embedded!
I'm 40. I definitely remember more then just that
'old, like me' That's hilarious! You don't know old yet.