This guy is here: http://crackmes.de/users/moofy/moofys_namegenme/
I had a fairly hard time with this one for some reason, although the solution was right in front of my face…
Most the logic for calculating the generation is in the function 00401852. The Serial is stored in a global variable, and the name is generated by taking certain bytes from the serial and doing addition on them.
Here is all the relevant logic, although finding it was sort of a pain.
.text:004018FD lea eax, [ebp+var_10] .text:00401900 add dword ptr [eax], 4 .text:00401903 lea eax, [ebp+var_14] .text:00401906 sub dword ptr [eax], 3 .text:00401909 lea eax, [ebp+var_18] .text:0040190C sub dword ptr [eax], 2 .text:0040190F lea eax, [ebp+var_1C] .text:00401912 add dword ptr [eax], 2 .text:00401915 lea eax, [ebp+var_20] .text:00401918 dec dword ptr [eax] .text:0040191A lea eax, [ebp+var_24] .text:0040191D add dword ptr [eax], 3 .text:00401920 lea eax, [ebp+var_28] .text:00401923 sub dword ptr [eax], 2 .text:00401926 lea eax, [ebp+var_2C] .text:00401929 sub dword ptr [eax], 4 .text:0040192C lea eax, [ebp+var_30] .text:0040192F add dword ptr [eax], 3 .text:00401932 lea eax, [ebp+var_34] .text:00401935 inc dword ptr [eax]
Here is a keygen written in C
void main(int argc, char* argv[]) {
char Name [10];
char* ser = argv[1];
if (argc != 2 || strlen(argv[1]) < 21) {
printf("Invalid serialn");
return (-1);
}
Name[0] = ser[0] + 4;
Name[1] = ser[1] - 3;
Name[2] = ser[2] - 2;
Name[3] = ser[6] + 2;
Name[4] = ser[7] - 1;
Name[5] = ser[8] + 3;
Name[6] = ser[13] - 2;
Name[7] = ser[14] - 4;
Name[8] = ser[15] + 3;
Name[9] = ser[20] + 1;
Name[10] = "\0";
printf("Name: %sn", Name);
}
