Doing a keygen - 31/7/2023
KeygenMePls walkthrough crackmes.one
KeygenMePls.exe screenshot
Analysis
Starting with the info I got from the Crackmes.ones website, tried to see if this .exe is obsfucated or encrypted using ProtectionID, PID said it was just .NET code, so then I opened the .exe using the x86 version of dnSpy to debug this challenge.
Debugging
Once dnSpy is opened with keygenmepls.exe loaded, I can track the submit button to the function called “Check()”, that takes the 3 key inputs as parameter and finally the name input. Looking at the Check() function, I can see that is just a return that calls other 3 functions called Key1, Key2 and finally Key3, all this functions getting the variable “name” as a parameter. Function Check(), validates if the first key input is equal to the value that returns the function Key1(), same with the function Key2 with the second input.
private string Key1(string name)
{
return this.nameParser(base.Name)[this.namelength(base.Name) - 1].ToString() + 118.ToString() + this.nameParser(base.Name)[this.namelength(base.Name) - 3].ToString() + 4.ToString();
}
private string Key2(string name)
{
return 132.ToString() + this.nameParser(base.Name)[3].ToString() + 5.ToString() + this.nameParser(base.Name)[3].ToString();
}
private string Key3(string name)
{
122.ToString() + 54.ToString() + this.nameParser(base.Name)[2].ToString();
}
Key1()
Function
Function Key1(), returns a string consisting of … first of all, the last character of the Form name, in this case, the number 1. Then it adds to the string a fixed value “118”, next it adds the character number 3, but counting backwards. And at the end, it just adds a “4”.
Finally we get this string ➜ 1118r4
Key2()
Function
This function starts with the fixed string “132”, then adds the fourth character of the Form name, beign this, the letter m, then adds a fixed character “5”, and finally repeats adding the 4th letter.
Ends up returning the string ➜ 132m5m
Key3()
Function
This is the easiest function, is just a string composed by “12254” and the 3rd letter of the Form title.
Final string ➜ 12254r
private bool Check(string s1, string s2, string s3, string name)
{
return s1 == this.Key3(name) & s3 == this.Key2(name) & s2 == this.Key1(name);
}
Taking a deeper look at Check()
, I can see the order of Key functions, beign this …
Key3 / Key1 / Key2
So the correct key if the form title is “Form1” is ➜ 12254r - 1118r4 - 132m5m
Download my Keygen