I Cracked this Program and Generated Unlimited CD Keys (baby’s first keygenme)
Vložit
- čas přidán 22. 06. 2023
- Key generators are a hallmark of early 2000's computing, an epic battle between companies trying to secure their software and hackers trying to steal it. Now, Reverse Engineering is a FUN way to learn more about computers. BUT, we need to do it legally.
In this video, I'll go step by step through a keygenme problem.
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord - Věda a technologie
Keygens are Diamonds made of Knowledge, Craftsmanship and Passion.
Often enough they were only a few bytes in size while also being aesthetically sophisticated designed with original chiptune music in the background.
Keygens are a high form of art.
Lost to time, some have evolved with the times and made custom installers with the same chiptune music in the background
A few bytes? That's literally impossible. A single instruction takes up more space on average than a few bytes. Possibly you mean a few kilobytes or megabytes?
@@nikkiofthevalley I'm aware of that and yes: Bytes. A few hundreds of them but thats it. Rarely even less. No assets or libraries - only procedural beauty - cleverly arranged and used.
@@TheBigLou13 "A few" usually means in the range of 2-5, not hundreds.
Also the sophisticated viruses that comes with it
As a noob (I still am!) I used to simply edit the instruction from `je` to `jne` to invert the if statement, so that always in license check for wrong keys it will start working. Honestly, patching is much much easier than reverse engineering the algorithm.
While I haven't done keygens, I do agree that reverse engineering is way harder than patching but.... BACKWARDS COMPATIBILITY
I remember doing this for the securom method, if the CD was there... so then I put, if the CD is NOT there, and... voila! You could play without the disk which was completely unnecessary.
if there isnt a hash check of the file or somerthing youure good
@@lPlanetarizado Even if there is one, we can patch that function as well with the same logic. Tools like Ghidra can visualise the assembly code for you.
@@Socket775a When I was young, I always hated the CD DRM, though I didn't know it was DRM at the time. I thought it was just poor engineering that they couldn't get the game, which is obviously installed on the hard drive and off of the disc, to run without the disc.
Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.
Man the nostalgia!!! I remember being about 13 and trying to get a StarCraft: Brood War activation key! I just couldnt wait for my allowance and probably put a few thousand viruses on the family desktop😂😅
Same, Warcraft 3 Reign of Chaos. And sometimes I’d manage to get a legit BattleNET-working key for awhile (til it would get burned). Simpler times man.
bro i saved up my money to keep buying the walmart box set, i ended up with like 6 prima guides bc my sisters kept scratching up my cds. the keygen that eluded me was for the harry potter games for win 98
It is never this easy on real keygens. Vendors go to extraordinary lengths to obfuscate their key checkers.
Yeah, but it shows the principle
yeah probably nowadays, and I think they would use a cryptographic signature, which is a definitive solution for the manufacturer to safely verify keys.
Well of course, it's meant to be a teaching tool
@@hobrin4242 This just means that it’s better to patch the thing I guess, which is why there’s so much focus on verifying file integrity and shit these days.
it really depends on the program, even the ones that connects to online server :) one i know fist had a bought key for a known antivirus, and when gotten close to expire he registered a new key to his account, key was similar to the original key but some of the last digit changed and it got validated it worked for 4-5 years lol so even i got free antivirus hehe :D similar dcan also work on games too both with or without locked to internett chekking :)
reetro hack on adobe and photoshop on win98 was using 30 days trail and turn back date&time lol XD
The idea that there are gamers alive that don’t know what a keygen is is terrifying.
I was always fascinated by how keygens were made (though I never knew how it was done til I got curious many years later).
Learned about keygens from this video wdym
How is this terrifying? There are kids who only know what Steam is and boxed games are not a thing. If you expect generations to have implicit knowledge of some nostalgic event in your life then I expect you to know how to carve a stick and go hunt an animal with it.
Too young to have had the chance to actually use them, but my parents tell me many tales of their PC gaming experiences. What a magical time to be alive (from an outside perspective, at least.)
I used to use a little dumber (or is it) approach: find a branch point between "Wrong key" and "Good job" and replace JZ/JNZ with JMP. Yep, I did it in pure asm and AFDPro. That olde times.
If cracking denuvo were that simple.
was*
Actually for the past with subjunctive were is appropriate
@@mattrs1 no.
@@Proferk Under Standard (white) American English, "were" is correct.
@@DrewTNaylor and everybody understood the meaning of the sentence so language is functioning as it should and as there is no authority on the English language, both are correct
Good video. The precedence of multiplication over XOR was directly visible in Ghidra's disassembly window. The code multiplied the value by 2, added it again and then XOR'd sum. ;-) I have written so many keygens in the 90's for BBS Door programs and stuff... Debugging in the Borland debugger was fun!
I miss the times where you had neat crack setup wizards that would play a cool hacky-style music super loudly while it was installing all the files
Here u go :D
czcams.com/video/1DqhpuEYNko/video.html
What do you mean, you can still find them nowadays with new software
@@mariuster Many people don't even bother with todays software anymore. Software quality has so degreded of the past 10+ years.., its more important in society to have quantity and the latest instead of actual quality.., nobody is willing to learn stuff since nothing is possible/allowed/valueable anymore or for longer than a few moments... So what's even worth cracking anymore? So they're sadly fine with dumbed down dopamine streams on surveilance capitalism devices.
@@mariuster cue pirate sea shanty
FitGirl 💪
Thank you. Just want to let you know that this one never get old. I'm on the path of learning Assembly and videos like this is extremely helpful. There're countless of beginners like me now and the future will be benefit of this helpful guide.
cool but here's the thing: it misses the tracker music. add that and everything golden
the dark mode in ghidra actually harm the eyes more then white mode !
because its pure black instead of being dark grey, pure black will force your eyes to change the focus quickly when you look outside your screen which will cause your eyes sometime to become blurry , and this blurriness may continue for a while and can cause vision problems for the long term
That's a fair point. I usually use a dark gray background, except in vim where I use a navy blue background.
You took me on a journey through time. More videos like this please!
Keep working on these kinds of videos. Super interesting to me!
I've been a security professional for a while and just now started to play with low level stuff. Your content is amazing dude, for real, keep it up
Back in the days - we didn't have such cool tools like you used. It reminds me the modern lockpicking. With the tools you can buy now picking any lock is quite easy even for a beginner. Without modern tools it would be much, much harder and more tedious.
What the fuck are you talking about
I preferred creating keygens (when I was young) with the help of the original program.
Sometimes they generate a key and compare it with your input.
If the program shows an error message, you can change the text.
The only thing you have to do is to change the pointer of the text to the generated key.
The reverse engineering part is to find the generated key in the memory and change the executable.
Ahh the good old days of Softice debugger and Fravia's tutorials!
This is actually a really insightful introduction to ghidra
Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.
Which games specifically?
Pretty awesome video, I always wondered how these were done!
amazing video, thanks as always man!!!
I learned something. Thank you! This is super cool!
My favorite story about a key generator was a very well-known Mac program I can't remember what it was but I think it was office related or something like that had a well-known key that circulated around the internet and everybody is that key. There was an update to the program and the key no longer worked but the funniest thing was that that key was hard coded in plaintext in the application itself so all you had to do was open up the application in a hex editor and change the key to something else and then the key worked again.
This is straight up nostalgia, as a kid my dad once got me one of these types of games for my first laptop that once had Windows Vista
Good video, though it's missing the most important part about those old key gens. The awesome tracker music that would (loudly) play when you opened them.
Ancient times? Jeez thanks for aging me. We made ISOs so the PC thought yhe disc was always in the optical drive.
Bruh, I remember downloading the shareware from a dial up BBS.
nice video dude thank you for this
You just encouraged me to keygen a lot of stuff..... (for educational purposes ofc :)
Amazing content!
You are such a young blossom. Buying games on CD, wow! I’m so old that we bought games on cassette tapes 😂 I got my start in cracking video games and software in the 80s and 90s as I demonstrate a lot of this channel too. I mostly just jumped over the check or made it evaluate properly.
Yeah, if you're going to pirate, easier to just patch the binary. Not that I'm advocating for piracy.
@@anon_y_mousse sure you don’t 😉🤭😝
Wait until you find out people buy games online now..
@@CallousCoder I patched a game once to just jump over the key check. Unfortunately it turned out the game randomly crashed on you if you did that as extra protection :/
@@Bobbias some software has indeed a checksum on its own binary. That needs to get the same treatment. That always was nasty. Especially when they did it with a timer then it’s very hard to track.
Why reverse engineering appealed to me so much?
its a fun little puzzle
Because it takes an almost pathological commitment to solving a problem sometimes, which is extremely rewarding when you get there
You're bouncing from instruction traces that are hieroglyphs to most people to picking minutiae out of the back of 1000-page manuals to reading forum posts to emailing someone who wrote a paper in 2013 about some deobfuscation technique you think would help with figuring something out but didn't publish his example code...
Then you figure out you can piggyback patching 3 different things that'll get a program in a state where you can figure out just where something important even is 😊
A lot of times you're trying to defeat something another person specifically setup to try to thwart you, and you end up needing to understand how 5 other low level things work to trick some of those and coordinate the workaround. It's like getting a parking ticket and showing up with some statute you dug up from 1859 after a week of research that absolves you and it actually working. It's safe cracking or lock picking. You have to know 10x what the guy who put the lock on did. And you still got it open
@@charlesnathansmith This is the kind of comment that brings reflection, should say thank you?
the best things about the keygens, was the music. there are sites dedicated to it too.
Good boy, nice run.
And you didn’t have to touch a single line of assembly… that decompiler works pretty well!
I feel that this way using decompilation is way easier that using windbg like most other “tutorials”
in linux, compositors mostly can reverse the colors of a window....
currently i am using kde rather than a twm so ctrl-meta-u flip colors.... so i can basiclly use light mode only apps like ghidra in dark mode :)
and for geogebra, it's really cool
a proper dark theme is always better than the inverse of a light theme
@@user-qp3qj2jv6f True, but color inversion is better than nothing. Though, I use the shortcut Super+U for single window and Super+I for everything because I look at it as global functionality.
we need more of those ;)
I have no idea what you are doing, but I find it very interesting.
I remember the days ... Using WinDASM to disassemble programs/games and cracking them or writing keygens ... Fun times.
Tools were "a bit" more primitive back in the day
Dude I haven't thought about EBGames in a decade or more. Thanks for the memories.
I need to go back in time and show me this video, it would make things a lot easier.
If I was old like you, I might remember game cracks from the early 2000s? Oh, that's adorable. If you were old like me, you were cracking games yourself in the early 80s
What distro are you on that your Python and GCC are less up to date than mine? I haven't updated for 2 years and I'm still more up to date. Also, why did you write it in Python instead of just using C, especially when you could've just copied the code straight from Ghidra?
if you pass "./blabla" as the program name, doesn't it also count the "./" part in the len(program) and why does this work, did the makers of keygenme use use that too? what if you'd pass an absolute path?
yes. In this case "./" is actually part of program name. This works because whatever you type to run the program will be placed in stack of main function of the process. you can also access the program's invocation name in "/proc/pid/cmdline" of each process. (where pid is the process ID of desired process). This solution in the video remains effective even if you choose to rename the executable file. :)
basically, this means that the key will differ if the path or name of the binary is different, so the keygen will have to account for that, which the one in the video does account for.
0:16 truly ancient would be games on cassete tape mate, ah the days of a double tape deck being the answer to expanded the collection, not that I indulged in such things of course, just gonna close the curtains & turn off the lights "no ones home"
You could have seen the order of operations in the assembly code.
yeah, it was just }sum" twice to itself (instead of multiplying explicitly by 3) which i thought was really cool
@@samcousins3204 yeah, I wrote a calculator in pure assembly and all I can say, you don't want to multiply if not totally necessary. It's slow and cumbersome, so neither compiler nor assembly devs like it. The only basic operation worse is division. It's such a pain and even slower than multiplication.
@@redcrafterlppa303 What's wrong with mul/fmul?
EDIT: Oh, you might have written it on a processor without those instructions. D'oh.
EDIT2: What platform was this on?
@@mr_gerber no I have imul, idiv... but the split registers make it awkward to use.
I mul returns into 2 registers and idiv expects 3 registers as input
When I first started gaming they came on floppy disks, and used weak bits on the disk to prevent copying. You could however reverse engineer the binary to find where it made the DOS system interrupt call to check for this weak bit and bypass the check. Things like IDA didn’t exist then, so you had to disassemble it by hand and modify the binary in a ‘debug’.
It's been a million years it seems like, but I remember using SoftICE back in the DOS days to patch a CAD program's license routine for a friend who lost their key (wink wink). These tools look way more in depth than hunting thru unlabeled assembly language.
you forgot to make it play some songs
CIA - FBI, if you are reading this, I never ever used a key generator.
To all others: I definitely remember. I liked the sick chip tunes
@LowLevelLearning, love your channel first and foremost. Newer to C, been doing Python for a while. Downloaded this one and followed your instructions and noticed that len(prog_name)&0x1f and len(prog_name) returns the same value... Not sure if it has an effect in C; but it looks like replacing your line before returning the key to:
key = key
len(prog_name)&0x1f I suspect truncates the digits of len(). On 32bit systems len() might return something different from 64 bit machines. This truncates the len() to a byte. My guess as to what's happening anyway.
Good Times, easily the most exciting part of my growing up, whilst trying to dodge viruses and mallard, so many dodgy websites to get keys or key gens or cd cracks from. Miss all that.
Yeah I definitely remember these. Cracking got me into embedded!
I remember a friend had a legit Diablo 2 key from a store, and the KeyGen had his key too.
Hello, can you pass the crack of the PADSVX.2.4_ESDM
I had a friend that would go to the store, and write down all the CD keys he could find from the back covers of the manuals they used to leave in the cases, and then later download those games and use the key.
What's the name of the program you're using to do the C code extraction?
"there were key generators that generated keys for you"
In a lot of cases, keygens gave your computer a lot more than just the keys!
What font is using to code the program? Does anyone know?
Reverse engineering is awesome
dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023.
the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.
This is fascinating even though I can only write a small .bat file.
I remember buying physical games.PC Games were $15-$20 and the console version was $30-40
CD ancient times?? That's new tech! I started with cassette tapes (and still have several)
Great video! RE is fun and enjoy~😀
Yes! Thank you!
The dirty little secret of keygens, cracked and pre-activated programs is many use your computer to process crypto. It's a small amount that's hard to detect because they rely on volume to help avoid detection.
Some programs are worth it if that's all their doing but some do more malicious things.
Ahh, the music on Keygens was always fun
Cool video, would recommend
Thanks!
I remember keys stored in a file on the the floppy install disks.
there was a time, Softice was only used and only x86 assembly listing. this is somewhat easy at the C level listing.
I remember those days when the crack came with the game. Those were good times.
Hello, I have an old software that runs on Windows 7 32 bit. I can no longer activate this software because the manufacturer no longer exists. Can someone help me with that?
It's about the software Fminer Pro 9.81
very interesting!
i'm not 100% sure but 4:45 looks like a for loop. With the increment at the end and the if statement after an assignment etc. so i think it would be something like for (int i = 0; i < strlen(name); i++) { /* body */ }
Ah that explains the inefficient call to strlen
@@shadamethyst1258 yeah that threw me off aswell and that's how i came to that conclusion. I think if 'name' were marked as const char * the compiler would move the call to strlen up a few instructions to avoid the redundant calling but any optimization flag passed to the compiler would have taken care of that i think (gcc and clang are really smart).
what is the command re at 1:27
Aaaah, the good old days. They really got me labeled as a nerd in school. Fast forward 25 years and I'm a 30 something sysadmin who loves (and hates) his job.
I remember installing Doom from 1.44 MB floppy disc. Actually not installing, just copying.
I'm guessing you might find em somewhere, but there use to be some websites/torrents/etc(don't specifically remember where; apparently I'm getting old and this was to long ago:P) tutorial kits that would include old versions of software and abandonware with tutorials on how to crack the software/etc..... I guess sorta a precursor to this sorta thing:P
I used to start keygens just to listen to the music
Most offline keys / serial gens are just encoding a product code and a checksum / secret and then scrambling it. Online keys are probably completely random and use a lookup service to validate them.
Enderman almost got bloody terminated for doing this. Just a fair warning.
I was just here for the cool keygen chiptune music...........
Don't give the XP era script kiddies too much credit, a lot of those old key generators just randomly pick a key from a static list. I'm sure some of them were actual generators but that seemed much less common
Hah, was just about to make that very comment. Yeah, there's nothing technically wrong with anything he says, but what you say is 100% true - a lot of keygens were just lists of stolen keys
From my experience, those kinds of key list were obvious. The key list programs I used from that era were literally just drop downs or you just hit the generate button continuously without any input from the user.
pHrozen Crew/Hell in the house!
I am old enough to remember when people never said "off of"
Also, someone needs to tell him that key generators are still in widespread use today
OLD LIKE ME....? Two seconds in and I was like WHAT? OLD? hahahaha
Pretty cool 😎
Keygens are still widely used on cracked Windows software.
I use one at least once a week. Much better than overwriting a .dll file.
Warcraft 3's anti-piracy check looked for a volume mounted with the name of the disc. So ya use the disk utility to create an empty virtual disc with the same name. Still annoying to jump through hoops as a paying customer.
2:50 Actually I think that in posix systems the main function also can take a third argument named envp and defined as const char* envp[ ]
These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that :-)
I bashed and crashed my way through many a program back in the day in order to achieve this. Some worked, many didn't. Still don't know what I did right when it did. It was a lot of fun though.
great video
Thanks!
I recently downloaded a keygen for 3ds max 8 and I literally opened it through 2 virtual machines to make sure it could not possibly get through my pc if it was a Trojan LOL
We need Denuvo crack 😆
As an outsider i ask this, has anyone cracked intel management engine?
I don't know, but I believe it runs Minix (minix is the version of UNIX that inspired linux)
People have managed to disable it on some processors
Onces or thousand times😂😂😂. Nice. Me too. 1990s era.