boislucasnicolas@gmail.com

Doing a keygen - 31/7/2023

KeygenMePls walkthrough crackmes.one

keygenmepls.exe

KeygenMePls.exe screenshot

Analysis

Starting with the info I got from the Crackmes.ones website, tried to see if this .exe is obsfucated or encrypted using ProtectionID, PID said it was just .NET code, so then I opened the .exe using the x86 version of dnSpy to debug this challenge.

Debugging

Once dnSpy is opened with keygenmepls.exe loaded, I can track the submit button to the function called “Check()”, that takes the 3 key inputs as parameter and finally the name input. Looking at the Check() function, I can see that is just a return that calls other 3 functions called Key1, Key2 and finally Key3, all this functions getting the variable “name” as a parameter. Function Check(), validates if the first key input is equal to the value that returns the function Key1(), same with the function Key2 with the second input.

private string Key1(string name)
{
  return this.nameParser(base.Name)[this.namelength(base.Name) - 1].ToString() + 118.ToString() + this.nameParser(base.Name)[this.namelength(base.Name) - 3].ToString() + 4.ToString();
}

private string Key2(string name)
{
  return 132.ToString() + this.nameParser(base.Name)[3].ToString() + 5.ToString() + this.nameParser(base.Name)[3].ToString();
}

private string Key3(string name)
{
  122.ToString() + 54.ToString() + this.nameParser(base.Name)[2].ToString();
}

Key1() Function

Function Key1(), returns a string consisting of … first of all, the last character of the Form name, in this case, the number 1. Then it adds to the string a fixed value “118”, next it adds the character number 3, but counting backwards. And at the end, it just adds a “4”.

Finally we get this string ➜ 1118r4

Key2() Function

This function starts with the fixed string “132”, then adds the fourth character of the Form name, beign this, the letter m, then adds a fixed character “5”, and finally repeats adding the 4th letter.

Ends up returning the string ➜ 132m5m

Key3() Function

This is the easiest function, is just a string composed by “12254” and the 3rd letter of the Form title.

Final string ➜ 12254r

private bool Check(string s1, string s2, string s3, string name)
{
  return s1 == this.Key3(name) & s3 == this.Key2(name) & s2 == this.Key1(name);
}

Taking a deeper look at Check(), I can see the order of Key functions, beign this …

Key3 / Key1 / Key2

So the correct key if the form title is “Form1” is ➜ 12254r - 1118r4 - 132m5m

Download my Keygen