How To: The Hacks Behind Cracking, Part 2: How to Generate Software Keys

The Hacks Behind Cracking, Part 2: How to Generate Software Keys

If you've ever heard software piracy terminology being discussed, I'm sure the term KeyGens came up. KeyGens is short for key generator, which is a program that exploits algorithmic faults in software by generating software license keys that appear to be genuine. Normally used as a technique to protect the source code software and prevent piracy, a key generator exploits the key algorithm to effectively nullify the need for any software licenses. For example, we must try to find patterns in the keys, such as three 5s in every key, all even numbers, etc. Any way that the program could validate a program without being online could be a way that software is protected.

Normally, something like this would be of no use, but everything has its purpose. Suppose that you lose source to one of your programs, wouldn't you want to have the ability to reverse it and recover the source code? Alternatively, if you made a tool that people enjoyed, and decided to sell it via licenses, you need to check it for vulnerabilities such as these to mitigate the chances of your own software being stolen.

In today's Null Byte, let's go over how a KeyGen could work by cracking the algorithm used to verify software keys in a few examples. I will not be walking you through how to actually crack a program, because I can't just crack a program for demonstration, but the techniques applied to my examples should give you the foundation needed to create your own. At that point, it's a test of your morals if you want to use your knowledge for good or bad.

You must follow The Hacks Behind Cracking, Part 1 through until just before the final step, and then you can begin the tutorial below.

Step 1 Step Into the Function

  1. Run the program with the debugger and resume where you are asked to enter the key again with an interrupt on it.
  2. Strike F7 to go inside the function.
  3. Keep striking F7 until you find the credentials and key you entered in the disassembler again, followed by a jump.
  4. Shortly thereafter, you should find CMP 2D, DL, or something similar. This is the function that is validating our key.

Step 2 Start Reversing for the Key

  1. You should see a bunch of CMP and shorts on the screen, likely alternating in pattern.
  2. Click on, and examine CMP and what it is looking for, as opposed to what you entered.The Hacks Behind Cracking, Part 2: How to Generate Software Keys
  3. This shows that it is looking for a dash, so let's try adding a dash anywhere in the key we are testing to see how far we can get in the validation. Remove all breakpoints and set a new one here.
  4. Scroll down to the next null byte and find the one where the EAX is equal to the first part of your serial in decimal. You can use the converter built in to the Windows calculator.The Hacks Behind Cracking, Part 2: How to Generate Software Keys
  5. Remove all previous breakpoints and set the new breakpoint to the CMP section that, when clicked on, shows our key value in hex being compared to the value it should be (because keys are generated based upon the name entered in the registration process). The Hacks Behind Cracking, Part 2: How to Generate Software Keys
  6. The value here is actually the first correct part of the key written in the field, so if we convert it from hex to decimal, we now have the next part of our key. Set your new breakpoint, and rinse and repeat the past two steps until you receive a full key code and register successfully.

To make a key generator program, you have to repeat the steps at least one or two more times with different usernames so you can get different and working keys. These keys will be compared and examined for commonalities for algorithmic reversing. I hope you learned something.

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

Image via onlyhdwallpapers

4 Comments

I'll have to read this again some time I have… more time. Which I will do. Reversing <3

I want to make another tutorial on actually hackiing at the algorithm..there are a few ways to do it (some don't even involve getting more than one key). But that would end up being sooo many pages. Maybe I could tackle each method, one at a time, and jsut link back to this article.

I would read it. Algorithms <3

man i have a software registered but if i cloned the hdd to another one it asks me to register it again
each hard disk i use gives me new request code and i send it to the company then they send me the reg code
i dont want to need them every time i have to format or change the hdd
now i have tow request codes with there register serial
each one works on a hard disk does not work on the other

so can we use them to come up with a keygen that after i change the hdd and get the new request code i put it in the keygen and and get its activation code??

Share Your Thoughts

  • Hot
  • Latest