Cracking and Keygen:
This tutorial aims to provide you with the knowledge of cracking an application and creating a keygen.Tools:
GRE 4800 words from ienglishtest or mediafire.com
OllyDBG
IDAPro v5.0 Freeware or find the v6.0 via google.com
ILspy
Visual Studio 2012 or any other
Install the software and then try to enter any activation code. You'll fail.
Now try to open the Pacific Lava.exe from OllyDBG.
 | |
| click to view larger size |
 | |
| Click to view larger size |
But we get Error!!
Error : Unable to start 'E:\PacificLava\PacificLava.exe'
Well, this sucks. But let's open it with IDAPro.
On analyzing the executable with IDAPro, you'll find out that the executable is not PE but a .net executable.
Due to this reason OllyDBG was not able to disassemble it.
Now, Open the executable in ILspy. ILSpy is the best open-source .NET assembly browser and decompiler.
Press CTRL+O and Select the Pacific Lava.exe
This should load the exe in ILSpy.
Now expand the PacificLava upto the point shown in the fig. below.
 |
| Click to view larger size |
The class highlighted above is ActivationCode. Expand it and you'll see the implementation of that class.
Click on File->Save Code.(Ctrl+S) and save the code in a new directory. I'll name the directory "PCode". Close ILSpy and open the "PCode" directory. You'll find PacificLava.csproj inside that folder. Double click on it and your Visual Studio will open that project. Expand the project upto ActivationCode as shown in the figure below. Scroll down the code pane until you see VerifyActivationCode() method.
 |
| Click to view larger size |
The method is as below:
public bool VerifyActivationCode(string code) //code is the string entered by the user.
{
bool result = false;
if (code.Substring(0, 2).Equals("H1")) //The first two characters of code are compared to "H1"
{
string x = code.Substring(2, 6); //gets 6 characters from the 2nd pos.
string value = code.Substring(8, 3); //gets 3 characters from the 8th pos.
string sXCH = this.GetSXCH(x, "CAT"); //GetSXCH method is called
if (sXCH.Equals(value)) // if values are equal
{
result = true; // then the key entered is correct
}
}
return result;
}
Let the code = "H1757807300".Now, the first two character of "code" are "H1" so the if() statement in the third line is evaluated as true and the code continues to execute.
The variable x becomes = "757807" and value becomes = "300".
The function GetSXCH is called with "757807" and "CAT"and the returned string is stored in sXCH.
Let's suppose the returned string is "500". Now this "500" is compared to our "300" (stored in the variable "value") in the 7th statement. and if they are equal then the key entered is correct. So we need to understand how to bypass this if() statement to correctly register the program.
Copy the VerifyActivationCode() block and the GetSXCH() block into a file.
Click on File->Close Solution.
Click on File->New Project(Ctrl+Shift+N) and select a form based Visual C# application.
Name it PLGREKeygen or whatever you like.
 |
| Click to view larger size |
After that add a text box and Button via the toolbox.
The name property of the textbox should be "textBox1". Put whatever you like in the "Text" property of the textbox and the button.
After that double click on the button. and you'll be in the code editing window.
Paste the ActivateVerificationCode() and the GetSXCH() functions in this window below the closing bracket of button1_Click. So your code will look like this.
private void button1_Click(object sender, EventArgs e)
{
}
public bool VerifyActivationCode(string code)
{
bool result = false;
if (code.Substring(0, 2).Equals("H1"))
{
string x = code.Substring(2, 6);
string value = code.Substring(8, 3);
string sXCH = this.GetSXCH(x, "CAT");
if (sXCH.Equals(value))
{
result = true;
}
}
return result;
}
private string GetSXCH(string x, string d)
{
string text = d;
try
{
int num = (int)Convert.ToInt16(x.Substring(0, 1));
int num2 = (int)Convert.ToInt16(x.Substring(0, 2));
int num3 = (int)Convert.ToInt16(x.Substring(0, 3));
int num4 = (int)Convert.ToInt16(x.Substring(1, 1));
int num5 = (int)Convert.ToInt16(x.Substring(1, 2));
int num6 = (int)Convert.ToInt16(x.Substring(1, 3));
int num7 = (int)Convert.ToInt16(x.Substring(3, 3));
int num8 = (int)Convert.ToInt16(x.Substring(4, 1));
int num9 = (int)Convert.ToInt16(x.Substring(4, 2));
int num10 = (int)Convert.ToInt16(x.Substring(5, 1));
text = "000" + Convert.ToString(Math.Abs(1000 - (num + num2 + num3 + num4 + num5 + num6 + num7 + num8 + num9 + num10)));
text = text.Substring(text.Length - 3);
}
catch
{
}
return text;
}
"private void button1_Click(object sender, EventArgs e)" is called and the code inside this function is executed whenever user clicks on the button on the keygen.
To generate a legitimate key we need:
1. a string starting with H1
2. 6 digit number
3. 3 digit number which can validate the 6 digit number.
The first two conditions can be satisfied easily but what about the third one? Look at the VerifyActivationCode function. In the 6th line a call to GetSXCH is made with 6 digit number string and "CAT" string. We'll use this for our benefit.
Code:
private void button1_Click(object sender, EventArgs e)
{
Random rand = new Random(DateTime.Now.Second);
int ran = rand.Next(0,1000000);
int code = this.GetSXCH(ran.ToString(), "CAT");
String key = "H1" + ran.ToString() + code.ToString();
textBox1.text = key;
}
This function above will generate the key and display it on the textbox. Save the file and click on Debug->Start Debugging or Press F5.
To check if your key gen is working properly you can also code the above function like this:
private void button1_MouseClick(object sender, MouseEventArgs e)
{
Random rand = new Random(DateTime.Now.Second);
int ran = rand.Next(0,1000000);
textBox1.Text = "H1" + ran.ToString() + this.GetSXCH(ran.ToString() , "CAT");
if (VerifyActivationCode(textBox1.Text))
{
button1.Text = "Done.";
}
}
Cheers!!!
