I Cracked this Program and Generated Unlimited CD Keys (baby’s first keygenme)
ฝัง
- เผยแพร่เมื่อ 22 มิ.ย. 2023
- Key generators are a hallmark of early 2000's computing, an epic battle between companies trying to secure their software and hackers trying to steal it. Now, Reverse Engineering is a FUN way to learn more about computers. BUT, we need to do it legally.
In this video, I'll go step by step through a keygenme problem.
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord - วิทยาศาสตร์และเทคโนโลยี
Keygens are Diamonds made of Knowledge, Craftsmanship and Passion.
Often enough they were only a few bytes in size while also being aesthetically sophisticated designed with original chiptune music in the background.
Keygens are a high form of art.
Lost to time, some have evolved with the times and made custom installers with the same chiptune music in the background
A few bytes? That's literally impossible. A single instruction takes up more space on average than a few bytes. Possibly you mean a few kilobytes or megabytes?
@@nikkiofthevalley I'm aware of that and yes: Bytes. A few hundreds of them but thats it. Rarely even less. No assets or libraries - only procedural beauty - cleverly arranged and used.
@@TheBigLou13 "A few" usually means in the range of 2-5, not hundreds.
Also the sophisticated viruses that comes with it
It is never this easy on real keygens. Vendors go to extraordinary lengths to obfuscate their key checkers.
Yeah, but it shows the principle
yeah probably nowadays, and I think they would use a cryptographic signature, which is a definitive solution for the manufacturer to safely verify keys.
Well of course, it's meant to be a teaching tool
@@hobrin4242 This just means that it’s better to patch the thing I guess, which is why there’s so much focus on verifying file integrity and shit these days.
it really depends on the program, even the ones that connects to online server :) one i know fist had a bought key for a known antivirus, and when gotten close to expire he registered a new key to his account, key was similar to the original key but some of the last digit changed and it got validated it worked for 4-5 years lol so even i got free antivirus hehe :D similar dcan also work on games too both with or without locked to internett chekking :)
reetro hack on adobe and photoshop on win98 was using 30 days trail and turn back date&time lol XD
Man the nostalgia!!! I remember being about 13 and trying to get a StarCraft: Brood War activation key! I just couldnt wait for my allowance and probably put a few thousand viruses on the family desktop😂😅
Same, Warcraft 3 Reign of Chaos. And sometimes I’d manage to get a legit BattleNET-working key for awhile (til it would get burned). Simpler times man.
bro i saved up my money to keep buying the walmart box set, i ended up with like 6 prima guides bc my sisters kept scratching up my cds. the keygen that eluded me was for the harry potter games for win 98
As a noob (I still am!) I used to simply edit the instruction from `je` to `jne` to invert the if statement, so that always in license check for wrong keys it will start working. Honestly, patching is much much easier than reverse engineering the algorithm.
While I haven't done keygens, I do agree that reverse engineering is way harder than patching but.... BACKWARDS COMPATIBILITY
I remember doing this for the securom method, if the CD was there... so then I put, if the CD is NOT there, and... voila! You could play without the disk which was completely unnecessary.
if there isnt a hash check of the file or somerthing youure good
@@lPlanetarizado Even if there is one, we can patch that function as well with the same logic. Tools like Ghidra can visualise the assembly code for you.
@@Socket775a When I was young, I always hated the CD DRM, though I didn't know it was DRM at the time. I thought it was just poor engineering that they couldn't get the game, which is obviously installed on the hard drive and off of the disc, to run without the disc.
Keygens are such a nostalgic hit from the demoscene days. You still get chiptunes in contemporary crack installers, sometimes, but it's nothing like back when RELOADED would put out a release and you'd get a whole animated credit sequence.
The idea that there are gamers alive that don’t know what a keygen is is terrifying.
I was always fascinated by how keygens were made (though I never knew how it was done til I got curious many years later).
Learned about keygens from this video wdym
How is this terrifying? There are kids who only know what Steam is and boxed games are not a thing. If you expect generations to have implicit knowledge of some nostalgic event in your life then I expect you to know how to carve a stick and go hunt an animal with it.
Too young to have had the chance to actually use them, but my parents tell me many tales of their PC gaming experiences. What a magical time to be alive (from an outside perspective, at least.)
If cracking denuvo were that simple.
was*
Actually for the past with subjunctive were is appropriate
@@mattrs1 no.
@@Proferk Under Standard (white) American English, "were" is correct.
@@DrewTNaylor and everybody understood the meaning of the sentence so language is functioning as it should and as there is no authority on the English language, both are correct
Good video. The precedence of multiplication over XOR was directly visible in Ghidra's disassembly window. The code multiplied the value by 2, added it again and then XOR'd sum. ;-) I have written so many keygens in the 90's for BBS Door programs and stuff... Debugging in the Borland debugger was fun!
the dark mode in ghidra actually harm the eyes more then white mode !
because its pure black instead of being dark grey, pure black will force your eyes to change the focus quickly when you look outside your screen which will cause your eyes sometime to become blurry , and this blurriness may continue for a while and can cause vision problems for the long term
That's a fair point. I usually use a dark gray background, except in vim where I use a navy blue background.
I used to use a little dumber (or is it) approach: find a branch point between "Wrong key" and "Good job" and replace JZ/JNZ with JMP. Yep, I did it in pure asm and AFDPro. That olde times.
I miss the times where you had neat crack setup wizards that would play a cool hacky-style music super loudly while it was installing all the files
Here u go :D
th-cam.com/video/1DqhpuEYNko/w-d-xo.html
What do you mean, you can still find them nowadays with new software
@@mariuster Many people don't even bother with todays software anymore. Software quality has so degreded of the past 10+ years.., its more important in society to have quantity and the latest instead of actual quality.., nobody is willing to learn stuff since nothing is possible/allowed/valueable anymore or for longer than a few moments... So what's even worth cracking anymore? So they're sadly fine with dumbed down dopamine streams on surveilance capitalism devices.
@@mariuster cue pirate sea shanty
FitGirl 💪
Back in the days - we didn't have such cool tools like you used. It reminds me the modern lockpicking. With the tools you can buy now picking any lock is quite easy even for a beginner. Without modern tools it would be much, much harder and more tedious.
What the fuck are you talking about
I've been a security professional for a while and just now started to play with low level stuff. Your content is amazing dude, for real, keep it up
I preferred creating keygens (when I was young) with the help of the original program.
Sometimes they generate a key and compare it with your input.
If the program shows an error message, you can change the text.
The only thing you have to do is to change the pointer of the text to the generated key.
The reverse engineering part is to find the generated key in the memory and change the executable.
You took me on a journey through time. More videos like this please!
Keep working on these kinds of videos. Super interesting to me!
cool but here's the thing: it misses the tracker music. add that and everything golden
This is actually a really insightful introduction to ghidra
Good video, though it's missing the most important part about those old key gens. The awesome tracker music that would (loudly) play when you opened them.
Many games from smaller studios released as "demos" but they actually contained all the necessary files, all you had to do was register to get a key to unlock the full game. Some of these have not yet been preserved as full versions sadly.
Which games specifically?
You could have seen the order of operations in the assembly code.
yeah, it was just }sum" twice to itself (instead of multiplying explicitly by 3) which i thought was really cool
@@samcousins3204 yeah, I wrote a calculator in pure assembly and all I can say, you don't want to multiply if not totally necessary. It's slow and cumbersome, so neither compiler nor assembly devs like it. The only basic operation worse is division. It's such a pain and even slower than multiplication.
@@redcrafterlppa303 What's wrong with mul/fmul?
EDIT: Oh, you might have written it on a processor without those instructions. D'oh.
EDIT2: What platform was this on?
@@mr_gerber no I have imul, idiv... but the split registers make it awkward to use.
I mul returns into 2 registers and idiv expects 3 registers as input
This is straight up nostalgia, as a kid my dad once got me one of these types of games for my first laptop that once had Windows Vista
My favorite story about a key generator was a very well-known Mac program I can't remember what it was but I think it was office related or something like that had a well-known key that circulated around the internet and everybody is that key. There was an update to the program and the key no longer worked but the funniest thing was that that key was hard coded in plaintext in the application itself so all you had to do was open up the application in a hex editor and change the key to something else and then the key worked again.
I learned something. Thank you! This is super cool!
in linux, compositors mostly can reverse the colors of a window....
currently i am using kde rather than a twm so ctrl-meta-u flip colors.... so i can basiclly use light mode only apps like ghidra in dark mode :)
and for geogebra, it's really cool
a proper dark theme is always better than the inverse of a light theme
@@user-qp3qj2jv6f True, but color inversion is better than nothing. Though, I use the shortcut Super+U for single window and Super+I for everything because I look at it as global functionality.
Ahh the good old days of Softice debugger and Fravia's tutorials!
I feel that this way using decompilation is way easier that using windbg like most other “tutorials”
Bruh, I remember downloading the shareware from a dial up BBS.
You just encouraged me to keygen a lot of stuff..... (for educational purposes ofc :)
Pretty awesome video, I always wondered how these were done!
@LowLevelLearning, love your channel first and foremost. Newer to C, been doing Python for a while. Downloaded this one and followed your instructions and noticed that len(prog_name)&0x1f and len(prog_name) returns the same value... Not sure if it has an effect in C; but it looks like replacing your line before returning the key to:
key = key
len(prog_name)&0x1f I suspect truncates the digits of len(). On 32bit systems len() might return something different from 64 bit machines. This truncates the len() to a byte. My guess as to what's happening anyway.
You are such a young blossom. Buying games on CD, wow! I’m so old that we bought games on cassette tapes 😂 I got my start in cracking video games and software in the 80s and 90s as I demonstrate a lot of this channel too. I mostly just jumped over the check or made it evaluate properly.
Yeah, if you're going to pirate, easier to just patch the binary. Not that I'm advocating for piracy.
@@anon_y_mousse sure you don’t 😉🤭😝
Wait until you find out people buy games online now..
@@CallousCoder I patched a game once to just jump over the key check. Unfortunately it turned out the game randomly crashed on you if you did that as extra protection :/
@@Bobbias some software has indeed a checksum on its own binary. That needs to get the same treatment. That always was nasty. Especially when they did it with a timer then it’s very hard to track.
And you didn’t have to touch a single line of assembly… that decompiler works pretty well!
amazing video, thanks as always man!!!
Dude I haven't thought about EBGames in a decade or more. Thanks for the memories.
Good boy, nice run.
I have no idea what you are doing, but I find it very interesting.
I need to go back in time and show me this video, it would make things a lot easier.
0:16 truly ancient would be games on cassete tape mate, ah the days of a double tape deck being the answer to expanded the collection, not that I indulged in such things of course, just gonna close the curtains & turn off the lights "no ones home"
I remember the days ... Using WinDASM to disassemble programs/games and cracking them or writing keygens ... Fun times.
Tools were "a bit" more primitive back in the day
we need more of those ;)
Yeah I definitely remember these. Cracking got me into embedded!
Why reverse engineering appealed to me so much?
its a fun little puzzle
Because it takes an almost pathological commitment to solving a problem sometimes, which is extremely rewarding when you get there
You're bouncing from instruction traces that are hieroglyphs to most people to picking minutiae out of the back of 1000-page manuals to reading forum posts to emailing someone who wrote a paper in 2013 about some deobfuscation technique you think would help with figuring something out but didn't publish his example code...
Then you figure out you can piggyback patching 3 different things that'll get a program in a state where you can figure out just where something important even is 😊
A lot of times you're trying to defeat something another person specifically setup to try to thwart you, and you end up needing to understand how 5 other low level things work to trick some of those and coordinate the workaround. It's like getting a parking ticket and showing up with some statute you dug up from 1859 after a week of research that absolves you and it actually working. It's safe cracking or lock picking. You have to know 10x what the guy who put the lock on did. And you still got it open
@@charlesnathansmith This is the kind of comment that brings reflection, should say thank you?
you forgot to make it play some songs
nice video dude thank you for this
Good Times, easily the most exciting part of my growing up, whilst trying to dodge viruses and mallard, so many dodgy websites to get keys or key gens or cd cracks from. Miss all that.
the best things about the keygens, was the music. there are sites dedicated to it too.
If I was old like you, I might remember game cracks from the early 2000s? Oh, that's adorable. If you were old like me, you were cracking games yourself in the early 80s
Amazing content!
dude , I went first in 1998 and a few years later I was doing this shijt with key gens. those scene release groups were very rare. But some of them are still out there in 2023.
the time that internet was still for nerds. and pay by the minute for your internet with your monthly phone bill (land line ) . greets from The Netherlands.
Reverse engineering is awesome
I remember a friend had a legit Diablo 2 key from a store, and the KeyGen had his key too.
CD ancient times?? That's new tech! I started with cassette tapes (and still have several)
"there were key generators that generated keys for you"
In a lot of cases, keygens gave your computer a lot more than just the keys!
CIA - FBI, if you are reading this, I never ever used a key generator.
To all others: I definitely remember. I liked the sick chip tunes
Ahh, the music on Keygens was always fun
if you pass "./blabla" as the program name, doesn't it also count the "./" part in the len(program) and why does this work, did the makers of keygenme use use that too? what if you'd pass an absolute path?
yes. In this case "./" is actually part of program name. This works because whatever you type to run the program will be placed in stack of main function of the process. you can also access the program's invocation name in "/proc/pid/cmdline" of each process. (where pid is the process ID of desired process). This solution in the video remains effective even if you choose to rename the executable file. :)
basically, this means that the key will differ if the path or name of the binary is different, so the keygen will have to account for that, which the one in the video does account for.
What distro are you on that your Python and GCC are less up to date than mine? I haven't updated for 2 years and I'm still more up to date. Also, why did you write it in Python instead of just using C, especially when you could've just copied the code straight from Ghidra?
Ancient times? Jeez thanks for aging me. We made ISOs so the PC thought yhe disc was always in the optical drive.
I miss the keygen jams.
there was a time, Softice was only used and only x86 assembly listing. this is somewhat easy at the C level listing.
I had a friend that would go to the store, and write down all the CD keys he could find from the back covers of the manuals they used to leave in the cases, and then later download those games and use the key.
This is fascinating even though I can only write a small .bat file.
I'm guessing you might find em somewhere, but there use to be some websites/torrents/etc(don't specifically remember where; apparently I'm getting old and this was to long ago:P) tutorial kits that would include old versions of software and abandonware with tutorials on how to crack the software/etc..... I guess sorta a precursor to this sorta thing:P
i'm not 100% sure but 4:45 looks like a for loop. With the increment at the end and the if statement after an assignment etc. so i think it would be something like for (int i = 0; i < strlen(name); i++) { /* body */ }
Ah that explains the inefficient call to strlen
@@shadamethyst1258 yeah that threw me off aswell and that's how i came to that conclusion. I think if 'name' were marked as const char * the compiler would move the call to strlen up a few instructions to avoid the redundant calling but any optimization flag passed to the compiler would have taken care of that i think (gcc and clang are really smart).
The dirty little secret of keygens, cracked and pre-activated programs is many use your computer to process crypto. It's a small amount that's hard to detect because they rely on volume to help avoid detection.
Some programs are worth it if that's all their doing but some do more malicious things.
Old Guy here. Help me understand. Imagine a play ground inside a fence and locked gate. In order to play on the play ground you have to have a key for the locked gate. If you don't have the key for the locked gate, why not just jump over the fence and locked gate? Which came first? The full version of the game, or the fence/locked gate to play the game? When the creators of Hyperspace.Invader.v2.01 created the game, did they play/create the game then put it inside the fence and locked gate, or did the fence and locked gate come first? How to jump over the fence and just go to playing the full version of the downloaded trial version without fussing with all this keygen business. I know the full version is there to play, just help an old man jump over the fence to play on the play ground. Or.........just tear the fence down and walk on in like the creators of the game did. What am I saying, the creators of the game didn't even have a fence/locked gate around the play ground until the playground was finished. A? 2005 is when the game came out. You won't be able to find a trial version to download anymore, unless you know someone who still has the trial version to share. The company that made and sold the game quit selling it years ago. Other wise I'd just buy the game. $19.95 easy peazy
Aaaah, the good old days. They really got me labeled as a nerd in school. Fast forward 25 years and I'm a 30 something sysadmin who loves (and hates) his job.
I remember keys stored in a file on the the floppy install disks.
Great video! RE is fun and enjoy~😀
Yes! Thank you!
I remember those days when the crack came with the game. Those were good times.
Cool video, would recommend
Thanks!
pHrozen Crew/Hell in the house!
2:50 Actually I think that in posix systems the main function also can take a third argument named envp and defined as const char* envp[ ]
I used to start keygens just to listen to the music
What's the name of the program you're using to do the C code extraction?
Most offline keys / serial gens are just encoding a product code and a checksum / secret and then scrambling it. Online keys are probably completely random and use a lookup service to validate them.
I remember installing Doom from 1.44 MB floppy disc. Actually not installing, just copying.
We need Denuvo crack 😆
I remember buying physical games.PC Games were $15-$20 and the console version was $30-40
Enderman almost got bloody terminated for doing this. Just a fair warning.
Hello, can you pass the crack of the PADSVX.2.4_ESDM
Keygens are still widely used on cracked Windows software.
I use one at least once a week. Much better than overwriting a .dll file.
Onces or thousand times😂😂😂. Nice. Me too. 1990s era.
Wow teach me more man
I was just here for the cool keygen chiptune music...........
As an outsider i ask this, has anyone cracked intel management engine?
I don't know, but I believe it runs Minix (minix is the version of UNIX that inspired linux)
People have managed to disable it on some processors
These days with elliptic curve crypto being liberated, especially Ed25519, vendors could actually make short Cd-keys that were backed by real strong security to render keygens moot. But eh, modding the software to remove the entire key verification defeats that :-)
Warcraft 3's anti-piracy check looked for a volume mounted with the name of the disc. So ya use the disk utility to create an empty virtual disc with the same name. Still annoying to jump through hoops as a paying customer.
Where are the Chiptunes?
OLD LIKE ME....? Two seconds in and I was like WHAT? OLD? hahahaha
What font is using to code the program? Does anyone know?
I recently downloaded a keygen for 3ds max 8 and I literally opened it through 2 virtual machines to make sure it could not possibly get through my pc if it was a Trojan LOL
what is the command re at 1:27
I bashed and crashed my way through many a program back in the day in order to achieve this. Some worked, many didn't. Still don't know what I did right when it did. It was a lot of fun though.
great video
Thanks!
very interesting!
Actually checking argv zero is not that uncommon. It lets you check to see if someone renames a file. If you really want to have fun with. a little hacker trick. check argv -1. yes negative it returns the path of the file. so you can check the location of the file on the hard drive. Used to use it as primitive copy protection. Id the file was moved it would come back with put me back where you found me. Depending on your compiler i wouldn't suggest checking out other strange values of argv you start getting access to different parts of memory. if it doesn;'t blow up.
I am old enough to remember when people never said "off of"
Also, someone needs to tell him that key generators are still in widespread use today
#Phrozencrew was here 💪