Key Generators & Serial Number Schemes

Cryptography Related
Duelist's Recommended Cryptography Links
fleur's Cryptography CrackMe Solutions
Other Crypto Sites

This section will probably be the most popular section of my site seeing as most reversers enjoy the challenge of serial number schemes. With many of these tutorials you'll find source codes to key generators written by me and various other authors, (mostly in ASM) but some in C/Pascal, even my little experiment using Java & Perl :-). You are of course respectfully reminded that stealing these sources and modifying just the authors name and then passing them off as your own work is a pretty lame pastime, as of course is using them to register the software for free.

I shouldn't really need to say this but I will anyhow, to build these source codes into working key generators you'll need an appropriate assembler/compiler/linker. The following list indicates those programs which I have personally tested. Please also note that some of my ASM key generators may contain very specific oversights (I've corrected a few), all of them are tested so far as is possible and are only for illustrative purposes, rather than indicative of good coding style.

C Source Codes - Borland C++ v5.0x, v4.5, v4.0, MSVC++ (not tested).
ASM Source Codes - TASM 5 (with minor adjustments should work under MASM).
Pascal Source Codes - Turbo Pascal v7.0.

Common SoftICE BPX's

GetDlgItemInt, GetDlgItemTextA, GetTabbedTextExtentA, GetWindowTextA, Hmemcpy (Windows 95/98 only), lstrcmp, lstrlen, memcpy (NT).

Teacher Logo

The following table lists all of the tutorials covering serial # validation and key generators, a cross in the appropriate column indicates whether or not source code is available and in what language. The entire key generator source code package can be downloaded here (427k, 437,901 bytes), it contains over 200 individual source codes courtesy of many authors, a list of the programs which do not have corresponding tutorials is included in the package. You might like to also download PaRKeR's Angus v3.0 (114k, 116,872 bytes), another worthy collection of source codes.

If you are having trouble writing your own key generators, try TMG's Ripper Studio (38k, 38.849 bytes) which claims to automate the process, personally I don't think you'll gain anything in the long run using this, then again I find the whole concept of writing hundreds of key generators pretty pointless anyhow, so its your choice :-).

* - Instructs how to generate a valid Serial #.

Program Name

ASM

C/C++

Pascal / Other

Date
3D View v2.5d

X

-

-

29/09/98
APP LAUNCHER v5.0

-

-

-

13/10/98
ARJShell v1.3 by flag eRRatum

-

-

X

23/03/99
Auto-IP Publisher v2.32 by ManKind

-

-

X

12/06/00
Beyond Compare v1.7c

X

-

-

14/03/99
CAD Viewer v3.2 A.30 by zoltan

-

X

-

05/01/00
CHKFILES v1.5a

X

-

-

06/07/98
ClipMate v5.08 (build 76) by widYa-cL

-

X

-

03/02/99
Challenger Interactive CME by dr_daze

-

-

-

Jun. 1999
CleanPC & Scribe 95 by Tyrus

-

-

X

11/02/00
Crystal FTP v1.0 by friendship

-

-

X

01/06/99
CTMailer v1.55

X

-

-

20/12/98
Cyberspace HQ AddSoft v2.26

-

-

-

02/02/99
Darts 95 v1.0 / v1.1 by ManKind

-

-

X

05/08/00
diablo2oo2's Crackme 1 (Crackme + Keygen Source only)

-

X

-

21/05/06
DLL Show v3.4 by Kwai_Lo

-

X

-

25/06/98
ecBuilder Pro v4.0

-

-

-

07/12/99
FruityLoops v1.2.12

-

-

-

18/06/98
GodeZip v2.0

-

-

-

09/02/99
GoldWave v4.01

-

-

-

17/06/98
Graphic Equalizer Pro v1.1 by Rezel

X

-

-

23/02/99
Hang2000 1.31 by ManKind

-

X

-

Feb. 2001
Markin32 v1.3

X

-

-

24/09/98
Melody v1.51

X

-

18/08/99
MemoryAnalyst v1.01 & TimeWizard 95 v2.0

-

X

-

12/05/98
MicroChart/32 v7.0x/2 by Quantico

X

-

-

08/07/98
mIRC v5.5 by flag eRRatum

-

-

X

03/03/99
mIRC v5.5 by friendship

-

-

X

06/05/99
Nero Burning Rom v4.0 *

-

-

-

16/04/00
Opera v3.62 *

-

-

-

01/05/00
Quintessential CD v1.1

X

-

-

21/07/98
SmartSound For Multimedia v1.5

-

-

-

18/05/98
Solid Pipe Designer 98

-

-

X

03/05/99
Sound Gadget Pro v1.24 by PcNinJa

X

-

-

15/03/99
SubmitWolf Pro v3.06

X

-

-

05/11/98
The JPEG Wizard v1.2.1

X

-

-

31/08/99
TrayExplorer v1.0 by Mr. Wot

X

-

-

18/07/98
Visual DialogScript v2.5

X

-

-

23/12/98
WebGenie ShoppingCart v2.07

-

-

-

19/04/99
WinImage v4.00.4000 & v5.00.5000 with assistance from Flu[X]

X

-

X

06/05/99 
WinPatch v1.1

X

-

-

12/02/99
WinRAR v2.0x by friendship

-

-

X

07/05/99
WPlay v1.7 Beta 4

-

-

-

23/01/99

Cryptography

Algorithm Links

Blowfish
DES
ECC
MD5
Rijndael & Rijndael page
RSA
SHA
Twofish

In the last year to 18 months there has been an increase in the number of software authors choosing to use proven off-the-shelf encryption algorithms to protect their registration routines, the implementation of these routines often leaves a lot to be desired however and those not interested in the intricate vagaries of DES S-boxes will easily find patching approaches. Understanding these algorithms requires a strong mathematical background, the most common algorithms were designed with hardware logic speed in mind, data throughput rates being everything, don't expect to see anything much more sophisticated than repeated shifts and xor's in mind numbing quantities.

With most algorithms the ability to reverse them is limited somewhat by your computing power, don't expect to factor many 512-bit moduli anytime this year on a meagre Pentium. Enough of my rambling, here are some resources :-

Bruce Schneier's Applied Cryptography - Web HTML version available from here and the definitive guide if you really are interested in cryptography (some focus on protocols too). Bruce Schneier has been on record recently stating that the entire Internet is insecure by nature, of course he is now in the commercial world of security solutions, so make of that what you will. An edited and much smaller HTML version of this book is available if you search carefully for 'acrypto.zip'.

Duelist's Key Generator Source Codes - Superb collection of cryptographic source codes from this great reverser (thanks a lot for letting me publish them Due :-) ), Blowfish, RSA, Twofish, you name it and Duelist's broken it, I recommend particularly the Armadillo & DJ-Power sources (973k, 996,870 bytes).

RSA Notes - "RSA is a public key encryption system based on the arithmetics of (large) integers. in this system a message is represented as a series of large (but finite) integers, and the encrpytion/decryption process will eventually transmit these numbers. Since each of these integers goes through the same process (think of it as a block cipher with larger than usual blocks), let's discuss what happens with one such message block.

The basic insight of RSA is that Euler's theorem can be put to use in a public key system. the theorem states the following :-

(1.1) m^phi(n) = 1 mod n

where 'm' and 'n' are integers, 0 <= m < n, gcd(m,n) = 1 and phi(n) is Euler's function (giving the number of integers relative prime to 'n', i.e. for a prime 'p': phi(p) = p-1).

Fermat's little theorem is the special case of Euler's for n = p where 'p' is a prime :-

(1.2) m^(p-1) = 1 mod p

from Euler's theorem we can derive the following :-

(1.3) m^(phi(n)+1) = m mod n

as we can see, modulo exponentiation will be a no-op when a very specific exponent is used (in other words, the exponent in mod n arithmetics can be reduced mod phi(n)) and this is exactly what a full cycle of RSA encryption and decryption does. namely, both of these operations perform a modulo exponentiation (with encryption exponent 'e' and decryption exponent 'd') as is shown below :-

(1.4) m^e = c mod n

('c' is the ciphertext and is eventually transmitted to the receiver)

(1.5) c^d = m^(e*d) = m mod n

the condition to make this whole scheme to work is that

(1.6) e*d = 1 mod phi(n)

the rest of the RSA scheme is about the choice for 'n' so that 'e' and 'd' can be chosen/computed in an efficient way (by the sender of course) and to allow all possible messages to be encrypted (remember, Euler's theorem required gcd(m,n) = 1). as it turns out, if we choose 'n' to be a product of two primes 'p' and 'q', and 'e' such that gcd(e,phi(n)) = 1 then all the above equations will work as expected. in this case :-

(1.7) phi(n) = phi(p*q) = (p-1)*(q-1).

and either of 'd' or 'e' can be randomly chosen and the other computed from (1.6). in practice, we place certain restrictions on them in order to deter some attacks and make computations fast.

1.2 some observations regarding RSA and mod n arithmetics

The security of RSA is not known (no mathematical proof exists either pro or contra), all we know is that our current knowledge is not sufficient to determine

'm' from (1.4) (modulo n e'th root problem)
'm' from (1.5) without knowing 'd'
'd' from (1.6) without knowing phi(n)
phi(n) from (1.7) without knowing 'p' and 'q'
'p' and 'q' without factorizing 'n'

for a sufficiently large 'n' (recommended minimum is 1024 bits, 2048 and up are desired). in summary, the security of RSA seems to be based on the intracktability of the modulo n root and the integer factorization problems. It is interesting to see from a more practical point of view where RSA (and mod n arithmetics in general) gets its security from. consider :-

(1.8) x^y = z mod n

which is equivalent to

(1.9) x^y = k*n + z

for some integer 'k'. in plain english it means that we LOSE information (the value of 'k') when we perform the mod n reduction. the more this information is (the higher the possible range for 'k' is) the harder it will be to reconstruct 'k' (which is what we will eventually perform if we manage to solve (1.8) for one of its variables).

For the mathematically challenged reader here is a more visual approach : Imagine the function f(x) = x^y in the x-y plane (for some fixed 'y'). The curve looks like a parabola. If we consider integer values for 'x' only, we will get a series of dots along the curve, like a necklace. We notice that the larger 'x' is the further the dots are from each other. Now, imagine what happens if reduce f(x) mod n : our necklace breaks down into smaller parts and these parts will slip down to the 'x' axis along the 'y' one.

The 'length' of these parts decreases as 'x' increases, but for 'small' values one can actually recognize the arcs of the original
curve (the larger 'n' is compared to 'y' the better the effect is). However, as soon as f(x+1) - f(x) becomes larger than 'n' itself we arrive at what best can be described as chaos and that is what makes mod n arithmetics based algorithms intracktable (at least these days)."

The eGOISTE's home page (link dead) - A reverser giving away some very valuable cryptographic information (mainly in the form of these key generator source codes) (352k). Schemes covered include Blowfish, ElGamal, hashing, RSA & Twofish.

As a closing thought, maybe you should check out my own RSA mini-section here.

Duelist's Cryptography Links

If you don't know who Duelist is (or was) then you probably aren't ready for cryptography or the crypto key generating scene that now exists (groups such as CORE/DAMN & TMG for example); not that you should be interested but Duelist paid me handsomely to write these compliments, however you shouldn't neglect his suggested links.

General Information

Algorithms@SSH : http://www.ssh.fi/tech/crypto/algorithms.html
Misc information : http://www.cryptography.com/resources/index.html
Data Encryption Page (DEP) : http://www.geocities.com/SiliconValley/Network/2811/
Exercises / Examples : http://www.mindspring.com/~pate/
USSRBack : http://www.ussrback.com/crypto/tree.html

Libraries

SSLeay : http://www.columbia.edu/~ariel/ssleay/
Crypto++ : http://www.eskimo.com/~weidai/cryptlib.html
OpenSSL : http://www.openssl.org

I personally can also recommend Freelip.

Fleur's Crypto CrackMe Solutions

Download here (158k) or alternative fetch his complete archive from the RET homepage.

x3chun has also kindly contributed his crypto key generator sources, you can download them here (679k).

Miscellaneous

Integer Factorization Project (IFP) : http://www.upl.cs.wisc.edu/~hamblin/ifp.html
Factoring Theory : http://www.frenchfries.net/paul/factoring/theory/index.html
Info on primes : http://www.utm.edu/research/primes/

Any further suggested reading you are welcome to suggest to me via e-mail for inclusion here.

Other Crypto Sites

Crypto sites archive - Christal, roy, tE & tscubes sites (all feature crypto specific key generators, information and source codes).
Jardinez Chez jB - jB's archive of crypto related crackmes with solutions.


You are inside CrackZ's Key Generator section.
Quickly choose your next destination here.

Dongles FAQ Green Ball Miscellaneous Papers +ORC
Return to Main Index Time Trials Tutorial Archive Visual Basic


© 1998-2007 CrackZ. 30th July 2007.