Keygens are Diamonds made of Knowledge, Craftsmanship and Passion. Often enough they were only a few bytes in size while also being aesthetically sophisticated designed with original chiptune music in the background. Keygens are a high form of art.
A few bytes? That's literally impossible. A single instruction takes up more space on average than a few bytes. Possibly you mean a few kilobytes or megabytes?
@@nikkiofthevalley I'm aware of that and yes: Bytes. A few hundreds of them but thats it. Rarely even less. No assets or libraries - only procedural beauty - cleverly arranged and used.
yeah probably nowadays, and I think they would use a cryptographic signature, which is a definitive solution for the manufacturer to safely verify keys.
@@hobrin4242 This just means that it’s better to patch the thing I guess, which is why there’s so much focus on verifying file integrity and shit these days.
it really depends on the program, even the ones that connects to online server :) one i know fist had a bought key for a known antivirus, and when gotten close to expire he registered a new key to his account, key was similar to the original key but some of the last digit changed and it got validated it worked for 4-5 years lol so even i got free antivirus hehe :D similar dcan also work on games too both with or without locked to internett chekking :) reetro hack on adobe and photoshop on win98 was using 30 days trail and turn back date&time lol XD
As a noob (I still am!) I used to simply edit the instruction from `je` to `jne` to invert the if statement, so that always in license check for wrong keys it will start working. Honestly, patching is much much easier than reverse engineering the algorithm.
I remember doing this for the securom method, if the CD was there... so then I put, if the CD is NOT there, and... voila! You could play without the disk which was completely unnecessary.
@@lPlanetarizado Even if there is one, we can patch that function as well with the same logic. Tools like Ghidra can visualise the assembly code for you.
@@Socket775a When I was young, I always hated the CD DRM, though I didn't know it was DRM at the time. I thought it was just poor engineering that they couldn't get the game, which is obviously installed on the hard drive and off of the disc, to run without the disc.
Man the nostalgia!!! I remember being about 13 and trying to get a StarCraft: Brood War activation key! I just couldnt wait for my allowance and probably put a few thousand viruses on the family desktop😂😅
Same, Warcraft 3 Reign of Chaos. And sometimes I’d manage to get a legit BattleNET-working key for awhile (til it would get burned). Simpler times man.
bro i saved up my money to keep buying the walmart box set, i ended up with like 6 prima guides bc my sisters kept scratching up my cds. the keygen that eluded me was for the harry potter games for win 98
Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.
The idea that there are gamers alive that don’t know what a keygen is is terrifying. I was always fascinated by how keygens were made (though I never knew how it was done til I got curious many years later).
How is this terrifying? There are kids who only know what Steam is and boxed games are not a thing. If you expect generations to have implicit knowledge of some nostalgic event in your life then I expect you to know how to carve a stick and go hunt an animal with it.
Too young to have had the chance to actually use them, but my parents tell me many tales of their PC gaming experiences. What a magical time to be alive (from an outside perspective, at least.)
I used to use a little dumber (or is it) approach: find a branch point between "Wrong key" and "Good job" and replace JZ/JNZ with JMP. Yep, I did it in pure asm and AFDPro. That olde times.
Good video. The precedence of multiplication over XOR was directly visible in Ghidra's disassembly window. The code multiplied the value by 2, added it again and then XOR'd sum. ;-) I have written so many keygens in the 90's for BBS Door programs and stuff... Debugging in the Borland debugger was fun!
the dark mode in ghidra actually harm the eyes more then white mode ! because its pure black instead of being dark grey, pure black will force your eyes to change the focus quickly when you look outside your screen which will cause your eyes sometime to become blurry , and this blurriness may continue for a while and can cause vision problems for the long term
Back in the days - we didn't have such cool tools like you used. It reminds me the modern lockpicking. With the tools you can buy now picking any lock is quite easy even for a beginner. Without modern tools it would be much, much harder and more tedious.
@@mariuster Many people don't even bother with todays software anymore. Software quality has so degreded of the past 10+ years.., its more important in society to have quantity and the latest instead of actual quality.., nobody is willing to learn stuff since nothing is possible/allowed/valueable anymore or for longer than a few moments... So what's even worth cracking anymore? So they're sadly fine with dumbed down dopamine streams on surveilance capitalism devices.
I preferred creating keygens (when I was young) with the help of the original program. Sometimes they generate a key and compare it with your input. If the program shows an error message, you can change the text. The only thing you have to do is to change the pointer of the text to the generated key. The reverse engineering part is to find the generated key in the memory and change the executable.
@@DrewTNaylor and everybody understood the meaning of the sentence so language is functioning as it should and as there is no authority on the English language, both are correct
Thank you. Just want to let you know that this one never get old. I'm on the path of learning Assembly and videos like this is extremely helpful. There're countless of beginners like me now and the future will be benefit of this helpful guide.
My favorite story about a key generator was a very well-known Mac program I can't remember what it was but I think it was office related or something like that had a well-known key that circulated around the internet and everybody is that key. There was an update to the program and the key no longer worked but the funniest thing was that that key was hard coded in plaintext in the application itself so all you had to do was open up the application in a hex editor and change the key to something else and then the key worked again.
Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.
in linux, compositors mostly can reverse the colors of a window.... currently i am using kde rather than a twm so ctrl-meta-u flip colors.... so i can basiclly use light mode only apps like ghidra in dark mode :) and for geogebra, it's really cool
@@ИльяВитцев True, but color inversion is better than nothing. Though, I use the shortcut Super+U for single window and Super+I for everything because I look at it as global functionality.
When I first started gaming they came on floppy disks, and used weak bits on the disk to prevent copying. You could however reverse engineer the binary to find where it made the DOS system interrupt call to check for this weak bit and bypass the check. Things like IDA didn’t exist then, so you had to disassemble it by hand and modify the binary in a ‘debug’.
Because it takes an almost pathological commitment to solving a problem sometimes, which is extremely rewarding when you get there You're bouncing from instruction traces that are hieroglyphs to most people to picking minutiae out of the back of 1000-page manuals to reading forum posts to emailing someone who wrote a paper in 2013 about some deobfuscation technique you think would help with figuring something out but didn't publish his example code... Then you figure out you can piggyback patching 3 different things that'll get a program in a state where you can figure out just where something important even is 😊
A lot of times you're trying to defeat something another person specifically setup to try to thwart you, and you end up needing to understand how 5 other low level things work to trick some of those and coordinate the workaround. It's like getting a parking ticket and showing up with some statute you dug up from 1859 after a week of research that absolves you and it actually working. It's safe cracking or lock picking. You have to know 10x what the guy who put the lock on did. And you still got it open
You are such a young blossom. Buying games on CD, wow! I’m so old that we bought games on cassette tapes 😂 I got my start in cracking video games and software in the 80s and 90s as I demonstrate a lot of this channel too. I mostly just jumped over the check or made it evaluate properly.
@@CallousCoder I patched a game once to just jump over the key check. Unfortunately it turned out the game randomly crashed on you if you did that as extra protection :/
@@Bobbias some software has indeed a checksum on its own binary. That needs to get the same treatment. That always was nasty. Especially when they did it with a timer then it’s very hard to track.
Good video, though it's missing the most important part about those old key gens. The awesome tracker music that would (loudly) play when you opened them.
I remember the days ... Using WinDASM to disassemble programs/games and cracking them or writing keygens ... Fun times. Tools were "a bit" more primitive back in the day
@@samcousins3204 yeah, I wrote a calculator in pure assembly and all I can say, you don't want to multiply if not totally necessary. It's slow and cumbersome, so neither compiler nor assembly devs like it. The only basic operation worse is division. It's such a pain and even slower than multiplication.
@@redcrafterlppa303 What's wrong with mul/fmul? EDIT: Oh, you might have written it on a processor without those instructions. D'oh. EDIT2: What platform was this on?
@@mr_gerber no I have imul, idiv... but the split registers make it awkward to use. I mul returns into 2 registers and idiv expects 3 registers as input
It's been a million years it seems like, but I remember using SoftICE back in the DOS days to patch a CAD program's license routine for a friend who lost their key (wink wink). These tools look way more in depth than hunting thru unlabeled assembly language.
if you pass "./blabla" as the program name, doesn't it also count the "./" part in the len(program) and why does this work, did the makers of keygenme use use that too? what if you'd pass an absolute path?
yes. In this case "./" is actually part of program name. This works because whatever you type to run the program will be placed in stack of main function of the process. you can also access the program's invocation name in "/proc/pid/cmdline" of each process. (where pid is the process ID of desired process). This solution in the video remains effective even if you choose to rename the executable file. :)
dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023. the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.
If I was old like you, I might remember game cracks from the early 2000s? Oh, that's adorable. If you were old like me, you were cracking games yourself in the early 80s
0:16 truly ancient would be games on cassete tape mate, ah the days of a double tape deck being the answer to expanded the collection, not that I indulged in such things of course, just gonna close the curtains & turn off the lights "no ones home"
I had a friend that would go to the store, and write down all the CD keys he could find from the back covers of the manuals they used to leave in the cases, and then later download those games and use the key.
Good Times, easily the most exciting part of my growing up, whilst trying to dodge viruses and mallard, so many dodgy websites to get keys or key gens or cd cracks from. Miss all that.
i'm not 100% sure but 4:45 looks like a for loop. With the increment at the end and the if statement after an assignment etc. so i think it would be something like for (int i = 0; i < strlen(name); i++) { /* body */ }
@@shadamethyst1258 yeah that threw me off aswell and that's how i came to that conclusion. I think if 'name' were marked as const char * the compiler would move the call to strlen up a few instructions to avoid the redundant calling but any optimization flag passed to the compiler would have taken care of that i think (gcc and clang are really smart).
Aaaah, the good old days. They really got me labeled as a nerd in school. Fast forward 25 years and I'm a 30 something sysadmin who loves (and hates) his job.
@LowLevelLearning, love your channel first and foremost. Newer to C, been doing Python for a while. Downloaded this one and followed your instructions and noticed that len(prog_name)&0x1f and len(prog_name) returns the same value... Not sure if it has an effect in C; but it looks like replacing your line before returning the key to: key = key
len(prog_name)&0x1f I suspect truncates the digits of len(). On 32bit systems len() might return something different from 64 bit machines. This truncates the len() to a byte. My guess as to what's happening anyway.
Don't give the XP era script kiddies too much credit, a lot of those old key generators just randomly pick a key from a static list. I'm sure some of them were actual generators but that seemed much less common
Hah, was just about to make that very comment. Yeah, there's nothing technically wrong with anything he says, but what you say is 100% true - a lot of keygens were just lists of stolen keys
From my experience, those kinds of key list were obvious. The key list programs I used from that era were literally just drop downs or you just hit the generate button continuously without any input from the user.
The dirty little secret of keygens, cracked and pre-activated programs is many use your computer to process crypto. It's a small amount that's hard to detect because they rely on volume to help avoid detection. Some programs are worth it if that's all their doing but some do more malicious things.
Most offline keys / serial gens are just encoding a product code and a checksum / secret and then scrambling it. Online keys are probably completely random and use a lookup service to validate them.
Maybe our timelines are different, but in the 90s/early 2000s I never ran into malware with these. And I downloaded A LOT. Thousands of apps I never once even installed (I had the collector mentality back then - I was young). Every day there would be announced releases from cracking teams and I would just grab them all from dump sites. Never had an issue. This didn't involve WWW sites though, so maybe that was the difference.
I just looked at the controlling expression for a while and noticed that if I just call the program with an argv[0] of 31 characters (remember zsh allows you to specify argv[0] on the command line), then only the least significant bit of that first expression matters, and I can set the second arg to 0 or -0x80000000 as needed.
I bashed and crashed my way through many a program back in the day in order to achieve this. Some worked, many didn't. Still don't know what I did right when it did. It was a lot of fun though.
These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that :-)
@@Sammysapphira 7 year old me wouldn't know the right places to look. All I wanted was to play that one game on the family computer by any means necessary. That poor computer endured through so much viruses and factory resets...
While sometimes they were malware. Many AV programs flagged keygens as malware just to scare users and stop using them even when they were totally clean.
@@pvc988f some fixed binary got flagged as a virus enough times, it would end up in databases and AVs would start flagging it. That's still how most of it most it works, despite what all the tech AVs claim. If a large company wanted a program on that db then it would get there. Most cracks would get flagged because they were just that. They'd edit executables or foreign process memory, or you'd just get a patched file the cracker didn't bother to fix the PE checksum on. There was definitely malware too, but it was probably rarer than you'd think, and usually packaged with legit keygens. The worst actual "viruses" back then were usually just adware that was easily removal with an Ad-aware scan or just removing "WinFilereal882.exe" from your start-up folder. Windows PCs and servers had such abysmal security then that worms were the same constant threat. You didn't have to do anything particularly dumb to get Blaster. Security was still and afterthought. Windows got better. It's still so bloated you can't figure out what it's supposed to be running. Companies still get their data and networks ransomed due to bad OPSEC. It tends to be harder now, but everyone figure out the business model to monetize getting it right
What distro are you on that your Python and GCC are less up to date than mine? I haven't updated for 2 years and I'm still more up to date. Also, why did you write it in Python instead of just using C, especially when you could've just copied the code straight from Ghidra?
I'm guessing you might find em somewhere, but there use to be some websites/torrents/etc(don't specifically remember where; apparently I'm getting old and this was to long ago:P) tutorial kits that would include old versions of software and abandonware with tutorials on how to crack the software/etc..... I guess sorta a precursor to this sorta thing:P
Actually checking argv zero is not that uncommon. It lets you check to see if someone renames a file. If you really want to have fun with. a little hacker trick. check argv -1. yes negative it returns the path of the file. so you can check the location of the file on the hard drive. Used to use it as primitive copy protection. Id the file was moved it would come back with put me back where you found me. Depending on your compiler i wouldn't suggest checking out other strange values of argv you start getting access to different parts of memory. if it doesn;'t blow up.
Keygens are Diamonds made of Knowledge, Craftsmanship and Passion.
Often enough they were only a few bytes in size while also being aesthetically sophisticated designed with original chiptune music in the background.
Keygens are a high form of art.
Lost to time, some have evolved with the times and made custom installers with the same chiptune music in the background
A few bytes? That's literally impossible. A single instruction takes up more space on average than a few bytes. Possibly you mean a few kilobytes or megabytes?
@@nikkiofthevalley I'm aware of that and yes: Bytes. A few hundreds of them but thats it. Rarely even less. No assets or libraries - only procedural beauty - cleverly arranged and used.
@@TheBigLou13 "A few" usually means in the range of 2-5, not hundreds.
Also the sophisticated viruses that comes with it
It is never this easy on real keygens. Vendors go to extraordinary lengths to obfuscate their key checkers.
Yeah, but it shows the principle
yeah probably nowadays, and I think they would use a cryptographic signature, which is a definitive solution for the manufacturer to safely verify keys.
Well of course, it's meant to be a teaching tool
@@hobrin4242 This just means that it’s better to patch the thing I guess, which is why there’s so much focus on verifying file integrity and shit these days.
it really depends on the program, even the ones that connects to online server :) one i know fist had a bought key for a known antivirus, and when gotten close to expire he registered a new key to his account, key was similar to the original key but some of the last digit changed and it got validated it worked for 4-5 years lol so even i got free antivirus hehe :D similar dcan also work on games too both with or without locked to internett chekking :)
reetro hack on adobe and photoshop on win98 was using 30 days trail and turn back date&time lol XD
As a noob (I still am!) I used to simply edit the instruction from `je` to `jne` to invert the if statement, so that always in license check for wrong keys it will start working. Honestly, patching is much much easier than reverse engineering the algorithm.
While I haven't done keygens, I do agree that reverse engineering is way harder than patching but.... BACKWARDS COMPATIBILITY
I remember doing this for the securom method, if the CD was there... so then I put, if the CD is NOT there, and... voila! You could play without the disk which was completely unnecessary.
if there isnt a hash check of the file or somerthing youure good
@@lPlanetarizado Even if there is one, we can patch that function as well with the same logic. Tools like Ghidra can visualise the assembly code for you.
@@Socket775a When I was young, I always hated the CD DRM, though I didn't know it was DRM at the time. I thought it was just poor engineering that they couldn't get the game, which is obviously installed on the hard drive and off of the disc, to run without the disc.
Man the nostalgia!!! I remember being about 13 and trying to get a StarCraft: Brood War activation key! I just couldnt wait for my allowance and probably put a few thousand viruses on the family desktop😂😅
Same, Warcraft 3 Reign of Chaos. And sometimes I’d manage to get a legit BattleNET-working key for awhile (til it would get burned). Simpler times man.
bro i saved up my money to keep buying the walmart box set, i ended up with like 6 prima guides bc my sisters kept scratching up my cds. the keygen that eluded me was for the harry potter games for win 98
Coll, don't shit urself. Noone cares...
Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.
90s internet was wildaf
The idea that there are gamers alive that don’t know what a keygen is is terrifying.
I was always fascinated by how keygens were made (though I never knew how it was done til I got curious many years later).
Learned about keygens from this video wdym
How is this terrifying? There are kids who only know what Steam is and boxed games are not a thing. If you expect generations to have implicit knowledge of some nostalgic event in your life then I expect you to know how to carve a stick and go hunt an animal with it.
Too young to have had the chance to actually use them, but my parents tell me many tales of their PC gaming experiences. What a magical time to be alive (from an outside perspective, at least.)
I used to use a little dumber (or is it) approach: find a branch point between "Wrong key" and "Good job" and replace JZ/JNZ with JMP. Yep, I did it in pure asm and AFDPro. That olde times.
Good video. The precedence of multiplication over XOR was directly visible in Ghidra's disassembly window. The code multiplied the value by 2, added it again and then XOR'd sum. ;-) I have written so many keygens in the 90's for BBS Door programs and stuff... Debugging in the Borland debugger was fun!
the dark mode in ghidra actually harm the eyes more then white mode !
because its pure black instead of being dark grey, pure black will force your eyes to change the focus quickly when you look outside your screen which will cause your eyes sometime to become blurry , and this blurriness may continue for a while and can cause vision problems for the long term
That's a fair point. I usually use a dark gray background, except in vim where I use a navy blue background.
Back in the days - we didn't have such cool tools like you used. It reminds me the modern lockpicking. With the tools you can buy now picking any lock is quite easy even for a beginner. Without modern tools it would be much, much harder and more tedious.
What the fuck are you talking about
I miss the times where you had neat crack setup wizards that would play a cool hacky-style music super loudly while it was installing all the files
Here u go :D
ua-cam.com/video/1DqhpuEYNko/v-deo.html
What do you mean, you can still find them nowadays with new software
@@mariuster Many people don't even bother with todays software anymore. Software quality has so degreded of the past 10+ years.., its more important in society to have quantity and the latest instead of actual quality.., nobody is willing to learn stuff since nothing is possible/allowed/valueable anymore or for longer than a few moments... So what's even worth cracking anymore? So they're sadly fine with dumbed down dopamine streams on surveilance capitalism devices.
@@mariuster cue pirate sea shanty
FitGirl 💪
I preferred creating keygens (when I was young) with the help of the original program.
Sometimes they generate a key and compare it with your input.
If the program shows an error message, you can change the text.
The only thing you have to do is to change the pointer of the text to the generated key.
The reverse engineering part is to find the generated key in the memory and change the executable.
cool but here's the thing: it misses the tracker music. add that and everything golden
If cracking denuvo were that simple.
Actually for the past with subjunctive were is appropriate
@@Proferk Under Standard (white) American English, "were" is correct.
@@DrewTNaylor and everybody understood the meaning of the sentence so language is functioning as it should and as there is no authority on the English language, both are correct
@@kaitlynethylia Yes.
@@DrewTNaylor I have to admit, my expectations have been subverted, because I never expected to see racism here.
I've been a security professional for a while and just now started to play with low level stuff. Your content is amazing dude, for real, keep it up
Thank you. Just want to let you know that this one never get old. I'm on the path of learning Assembly and videos like this is extremely helpful. There're countless of beginners like me now and the future will be benefit of this helpful guide.
My favorite story about a key generator was a very well-known Mac program I can't remember what it was but I think it was office related or something like that had a well-known key that circulated around the internet and everybody is that key. There was an update to the program and the key no longer worked but the funniest thing was that that key was hard coded in plaintext in the application itself so all you had to do was open up the application in a hex editor and change the key to something else and then the key worked again.
This is actually a really insightful introduction to ghidra
Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.
Which games specifically?
Ahh the good old days of Softice debugger and Fravia's tutorials!
in linux, compositors mostly can reverse the colors of a window....
currently i am using kde rather than a twm so ctrl-meta-u flip colors.... so i can basiclly use light mode only apps like ghidra in dark mode :)
and for geogebra, it's really cool
a proper dark theme is always better than the inverse of a light theme
@@ИльяВитцев True, but color inversion is better than nothing. Though, I use the shortcut Super+U for single window and Super+I for everything because I look at it as global functionality.
When I first started gaming they came on floppy disks, and used weak bits on the disk to prevent copying. You could however reverse engineer the binary to find where it made the DOS system interrupt call to check for this weak bit and bypass the check. Things like IDA didn’t exist then, so you had to disassemble it by hand and modify the binary in a ‘debug’.
This added to the annoyance of having to use a floppy disk drive and a hex editor to clear the code.
Why reverse engineering appealed to me so much?
its a fun little puzzle
Because it takes an almost pathological commitment to solving a problem sometimes, which is extremely rewarding when you get there
You're bouncing from instruction traces that are hieroglyphs to most people to picking minutiae out of the back of 1000-page manuals to reading forum posts to emailing someone who wrote a paper in 2013 about some deobfuscation technique you think would help with figuring something out but didn't publish his example code...
Then you figure out you can piggyback patching 3 different things that'll get a program in a state where you can figure out just where something important even is 😊
A lot of times you're trying to defeat something another person specifically setup to try to thwart you, and you end up needing to understand how 5 other low level things work to trick some of those and coordinate the workaround. It's like getting a parking ticket and showing up with some statute you dug up from 1859 after a week of research that absolves you and it actually working. It's safe cracking or lock picking. You have to know 10x what the guy who put the lock on did. And you still got it open
@@charlesnathansmith This is the kind of comment that brings reflection, should say thank you?
You are such a young blossom. Buying games on CD, wow! I’m so old that we bought games on cassette tapes 😂 I got my start in cracking video games and software in the 80s and 90s as I demonstrate a lot of this channel too. I mostly just jumped over the check or made it evaluate properly.
Yeah, if you're going to pirate, easier to just patch the binary. Not that I'm advocating for piracy.
@@anon_y_mousse sure you don’t 😉🤭😝
Wait until you find out people buy games online now..
@@CallousCoder I patched a game once to just jump over the key check. Unfortunately it turned out the game randomly crashed on you if you did that as extra protection :/
@@Bobbias some software has indeed a checksum on its own binary. That needs to get the same treatment. That always was nasty. Especially when they did it with a timer then it’s very hard to track.
I remember a friend had a legit Diablo 2 key from a store, and the KeyGen had his key too.
the best things about the keygens, was the music. there are sites dedicated to it too.
You just encouraged me to keygen a lot of stuff..... (for educational purposes ofc :)
I feel that this way using decompilation is way easier that using windbg like most other “tutorials”
Bruh, I remember downloading the shareware from a dial up BBS.
Good video, though it's missing the most important part about those old key gens. The awesome tracker music that would (loudly) play when you opened them.
And you didn’t have to touch a single line of assembly… that decompiler works pretty well!
I remember the days ... Using WinDASM to disassemble programs/games and cracking them or writing keygens ... Fun times.
Tools were "a bit" more primitive back in the day
i grew up doing this stuff. now as an adult i still do it for fun, i always love me some RE
This is straight up nostalgia, as a kid my dad once got me one of these types of games for my first laptop that once had Windows Vista
I need to go back in time and show me this video, it would make things a lot easier.
You could have seen the order of operations in the assembly code.
yeah, it was just }sum" twice to itself (instead of multiplying explicitly by 3) which i thought was really cool
@@samcousins3204 yeah, I wrote a calculator in pure assembly and all I can say, you don't want to multiply if not totally necessary. It's slow and cumbersome, so neither compiler nor assembly devs like it. The only basic operation worse is division. It's such a pain and even slower than multiplication.
@@redcrafterlppa303 What's wrong with mul/fmul?
EDIT: Oh, you might have written it on a processor without those instructions. D'oh.
EDIT2: What platform was this on?
@@mr_gerber no I have imul, idiv... but the split registers make it awkward to use.
I mul returns into 2 registers and idiv expects 3 registers as input
Dude I haven't thought about EBGames in a decade or more. Thanks for the memories.
I have no idea what you are doing, but I find it very interesting.
It's been a million years it seems like, but I remember using SoftICE back in the DOS days to patch a CAD program's license routine for a friend who lost their key (wink wink). These tools look way more in depth than hunting thru unlabeled assembly language.
if you pass "./blabla" as the program name, doesn't it also count the "./" part in the len(program) and why does this work, did the makers of keygenme use use that too? what if you'd pass an absolute path?
yes. In this case "./" is actually part of program name. This works because whatever you type to run the program will be placed in stack of main function of the process. you can also access the program's invocation name in "/proc/pid/cmdline" of each process. (where pid is the process ID of desired process). This solution in the video remains effective even if you choose to rename the executable file. :)
dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023.
the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.
you forgot to make it play some songs
Ancient times? Jeez thanks for aging me. We made ISOs so the PC thought yhe disc was always in the optical drive.
Reverse engineering is awesome
If I was old like you, I might remember game cracks from the early 2000s? Oh, that's adorable. If you were old like me, you were cracking games yourself in the early 80s
0:16 truly ancient would be games on cassete tape mate, ah the days of a double tape deck being the answer to expanded the collection, not that I indulged in such things of course, just gonna close the curtains & turn off the lights "no ones home"
CIA - FBI, if you are reading this, I never ever used a key generator.
To all others: I definitely remember. I liked the sick chip tunes
Keep working on these kinds of videos. Super interesting to me!
You took me on a journey through time. More videos like this please!
I had a friend that would go to the store, and write down all the CD keys he could find from the back covers of the manuals they used to leave in the cases, and then later download those games and use the key.
we need more of those ;)
I remember those days when the crack came with the game. Those were good times.
I downloaded a keygen from napster once.
I learned something. Thank you! This is super cool!
Good Times, easily the most exciting part of my growing up, whilst trying to dodge viruses and mallard, so many dodgy websites to get keys or key gens or cd cracks from. Miss all that.
i'm not 100% sure but 4:45 looks like a for loop. With the increment at the end and the if statement after an assignment etc. so i think it would be something like for (int i = 0; i < strlen(name); i++) { /* body */ }
Ah that explains the inefficient call to strlen
@@shadamethyst1258 yeah that threw me off aswell and that's how i came to that conclusion. I think if 'name' were marked as const char * the compiler would move the call to strlen up a few instructions to avoid the redundant calling but any optimization flag passed to the compiler would have taken care of that i think (gcc and clang are really smart).
Aaaah, the good old days. They really got me labeled as a nerd in school. Fast forward 25 years and I'm a 30 something sysadmin who loves (and hates) his job.
Good boy, nice run.
This is fascinating even though I can only write a small .bat file.
@LowLevelLearning, love your channel first and foremost. Newer to C, been doing Python for a while. Downloaded this one and followed your instructions and noticed that len(prog_name)&0x1f and len(prog_name) returns the same value... Not sure if it has an effect in C; but it looks like replacing your line before returning the key to:
key = key
len(prog_name)&0x1f I suspect truncates the digits of len(). On 32bit systems len() might return something different from 64 bit machines. This truncates the len() to a byte. My guess as to what's happening anyway.
CD ancient times?? That's new tech! I started with cassette tapes (and still have several)
Cool video, would recommend
Thanks!
I remember buying physical games.PC Games were $15-$20 and the console version was $30-40
nice video dude thank you for this
Don't give the XP era script kiddies too much credit, a lot of those old key generators just randomly pick a key from a static list. I'm sure some of them were actual generators but that seemed much less common
Hah, was just about to make that very comment. Yeah, there's nothing technically wrong with anything he says, but what you say is 100% true - a lot of keygens were just lists of stolen keys
From my experience, those kinds of key list were obvious. The key list programs I used from that era were literally just drop downs or you just hit the generate button continuously without any input from the user.
Actually, the left shift assignement (`> a = 5
>>> 5> a > a
10
```
The dirty little secret of keygens, cracked and pre-activated programs is many use your computer to process crypto. It's a small amount that's hard to detect because they rely on volume to help avoid detection.
Some programs are worth it if that's all their doing but some do more malicious things.
Yeah I definitely remember these. Cracking got me into embedded!
Most offline keys / serial gens are just encoding a product code and a checksum / secret and then scrambling it. Online keys are probably completely random and use a lookup service to validate them.
I used to start keygens just to listen to the music
Pretty awesome video, I always wondered how these were done!
Ahh, the music on Keygens was always fun
I was just here for the cool keygen chiptune music...........
I remember installing Doom from 1.44 MB floppy disc. Actually not installing, just copying.
amazing video, thanks as always man!!!
there was a time, Softice was only used and only x86 assembly listing. this is somewhat easy at the C level listing.
Amazing content!
"there were key generators that generated keys for you"
In a lot of cases, keygens gave your computer a lot more than just the keys!
Maybe our timelines are different, but in the 90s/early 2000s I never ran into malware with these. And I downloaded A LOT. Thousands of apps I never once even installed (I had the collector mentality back then - I was young). Every day there would be announced releases from cracking teams and I would just grab them all from dump sites. Never had an issue. This didn't involve WWW sites though, so maybe that was the difference.
I just looked at the controlling expression for a while and noticed that if I just call the program with an argv[0] of 31 characters (remember zsh allows you to specify argv[0] on the command line), then only the least significant bit of that first expression matters, and I can set the second arg to 0 or -0x80000000 as needed.
I remember keys stored in a file on the the floppy install disks.
Keygens are still widely used on cracked Windows software.
I use one at least once a week. Much better than overwriting a .dll file.
Enderman almost got bloody terminated for doing this. Just a fair warning.
I bashed and crashed my way through many a program back in the day in order to achieve this. Some worked, many didn't. Still don't know what I did right when it did. It was a lot of fun though.
Hello, can you pass the crack of the PADSVX.2.4_ESDM
'old, like me' That's hilarious! You don't know old yet.
These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that :-)
As an outsider i ask this, has anyone cracked intel management engine?
I don't know, but I believe it runs Minix (minix is the version of UNIX that inspired linux)
People have managed to disable it on some processors
We need Denuvo crack 😆
Most of these key-generators back in the day actually were just malware and viruses :D
Not true, you just needed to know the right places to get them.
@@Sammysapphira 7 year old me wouldn't know the right places to look. All I wanted was to play that one game on the family computer by any means necessary. That poor computer endured through so much viruses and factory resets...
While sometimes they were malware. Many AV programs flagged keygens as malware just to scare users and stop using them even when they were totally clean.
@@pvc988f some fixed binary got flagged as a virus enough times, it would end up in databases and AVs would start flagging it. That's still how most of it most it works, despite what all the tech AVs claim. If a large company wanted a program on that db then it would get there.
Most cracks would get flagged because they were just that. They'd edit executables or foreign process memory, or you'd just get a patched file the cracker didn't bother to fix the PE checksum on. There was definitely malware too, but it was probably rarer than you'd think, and usually packaged with legit keygens. The worst actual "viruses" back then were usually just adware that was easily removal with an Ad-aware scan or just removing "WinFilereal882.exe" from your start-up folder.
Windows PCs and servers had such abysmal security then that worms were the same constant threat. You didn't have to do anything particularly dumb to get Blaster. Security was still and afterthought. Windows got better. It's still so bloated you can't figure out what it's supposed to be running.
Companies still get their data and networks ransomed due to bad OPSEC. It tends to be harder now, but everyone figure out the business model to monetize getting it right
@@pvc988there's 500 typos in that response but UA-cam's app is so bad it's easier to add an addendum than to try to fix them
pHrozen Crew/Hell in the house!
What distro are you on that your Python and GCC are less up to date than mine? I haven't updated for 2 years and I'm still more up to date. Also, why did you write it in Python instead of just using C, especially when you could've just copied the code straight from Ghidra?
Great video! RE is fun and enjoy~😀
Yes! Thank you!
great video
Thanks!
Where are the Chiptunes?
I'm guessing you might find em somewhere, but there use to be some websites/torrents/etc(don't specifically remember where; apparently I'm getting old and this was to long ago:P) tutorial kits that would include old versions of software and abandonware with tutorials on how to crack the software/etc..... I guess sorta a precursor to this sorta thing:P
Did I learn something? !yes
Obviously a real key checking algorithm would check if a cryptographic signature signed by the manufacturer is correct
I'm 40. I definitely remember more then just that
Actually checking argv zero is not that uncommon. It lets you check to see if someone renames a file. If you really want to have fun with. a little hacker trick. check argv -1. yes negative it returns the path of the file. so you can check the location of the file on the hard drive. Used to use it as primitive copy protection. Id the file was moved it would come back with put me back where you found me. Depending on your compiler i wouldn't suggest checking out other strange values of argv you start getting access to different parts of memory. if it doesn;'t blow up.
Onces or thousand times😂😂😂. Nice. Me too. 1990s era.