
        What's needed to keygen gPs Crackme 2
                by SiFLyiNG


        Sorry i haven't got time to write a tut, but i'll just explain the
calculation routine of the crackme.

Protection   : VB5 crackme based on a Name/Vorname/Code protection.
Tools to use : Smartcheck + SoftIce

        Here is the algo of the keygen :

X1 = lenght(Name) * 3 * lenght(vorname) * 5 * 5 * 6 / 6
   = lenght(name) * lenght(vorname) * 75
X2 = lenght(vorname) * 13
X3 = lenght(name) * 12
X4 = 123 (this never vary, X4 is also a constant)
X5 = len(name) * len(vorname)

        then the crackme append all the parts together

and the temporary serial become : X1X2X3X4X5

Then this temporary serial is multiplied with a 'magic' value. This value
depends on the first char of the name. Here is the table of these value (in
hexadecimal) :

a       A       17
b       B       EA
c       C       07
d       D       1D       
e       E       2C
f       F       0C
g       G       3F
h       H       16
i       I       1A
j       J       1F
k       K       0D
l       L       60
m       M       4A
n       N       2F
o       O       49
p       P       20
q       Q       47
r       R       11
s       S       52
t       T       1C
u       U       62
v       V       59
w       W       36
x       X       2D
y       Y       49
z       Z       22

and      2D
         33
         0E

for all the others chars this value will be 0. So if the name begin with '-'
or '=' you won't have to calculate because X1X2X3X4X5 * 0 = 0 and the code
will be 0 !!!

        I hope this is understandable. Let's try with an example :

Name    : 'SiFLyiNG'
Vorname : 'Crackme_Cracked'

X1 = lenght(Name) * 3 * lenght(vorname) * 5 * 5 * 6 / 6
   = lenght(SiFLyiNG) * lenght(Crackme_cracked) * 75
   = 8 *  15 * 75 = 9000

X2 = lenght(vorname) * 13
   = lenght(Crackme_cracked) * 13 = 15 * 13 = 195

X3 = lenght(name) * 12
   = lenght(SiFLyiNG) * 12
   = 8 * 12 = 96

X4 = 123 (this never vary, X4 is also a constant)

X5 = len(name) * len(vorname)
   = len(SiFLyiNG) * len(Crackme_cracked)
   = 8 * 15 = 120


So the temporary serial is :
        X1X2X3X4X5 = 900019596123120

and let's look for the magic value in the table. We see:

s       S       52h = 82

So the code will be :

      900019596123120 * 82 = 7.38016068820958E+16

yes it should be written like that !!! that's because it's a VB proggy...

        But we could try another example, more simple :)

Name    : -=CrackeR=-
VorName : Toto

        and without any calculation, we get :
Code : 0

you understand why, i hope... if not remember the table of the magic values
here the name begins with '-' so the magic value is 0 because '-' doesn't
appear in the table...


        That's all folks. I hope this was enough to understand the serial
calculation. If there is a problem, just mail me, i'll answer.
        You can now make your own keygen. I've included mine with these
explanations with some source in VB. I wanted to try in winasm but i'm not
good enough...
                             
        SiFLyiNG
                siflying@ifrance.com

PS : could someone send me some Win32asm sources or tutorials please ?
NB :this crackme might not be obvious to code in win32asm :
remember the serial we had got :  7.38016068820958E+16. That's because
it's a VB crackme, but this is not really interested to code, i think, in win32asm.



       
