WEBVTT

00:00.980 --> 00:02.870
Hello and welcome back.

00:03.080 --> 00:07.400
So now we are going to learn how to create a keygen.

00:07.820 --> 00:10.130
So what is a keygen?

00:10.730 --> 00:16.550
A keygen is a program that can generate the serial key for any username.

00:17.660 --> 00:23.900
So for example we take back the same program we did last time, the same crackme zero nine this.

00:24.590 --> 00:34.520
And if you run it, if you enter a certain name, then it will generate a serial key for that

00:34.520 --> 00:35.570
particular name.

00:36.410 --> 00:40.670
If you change the name then the serial key will also be different, will be changed.

00:41.090 --> 00:48.080
So a keygen will allow you to generate the serial key for any name you enter.

00:48.080 --> 00:49.940
So that is called a keygen.

00:50.900 --> 00:53.060
Now there are two ways to create a keygen.

00:53.420 --> 01:00.260
You can create a keygen by writing another program, separate program that can generate the key for

01:00.260 --> 01:00.740
you.

01:01.490 --> 01:09.050
But the easier way to do it is to use the same program itself, the crackme itself, to show you the serial

01:09.050 --> 01:09.440
key.

01:10.850 --> 01:15.590
So, for example, if I enter any wrong serial key, I click check.

01:15.590 --> 01:20.180
Now it will say sorry, don't give up, which is the bad message.

01:20.630 --> 01:28.310
Now there is a technique whereby you can modify the program to show you the actual serial key here,

01:28.310 --> 01:29.990
instead of this bad message.

01:30.020 --> 01:32.480
So this is called self keygen.

01:33.320 --> 01:35.090
So we are going to do that now.

01:35.120 --> 01:37.910
So let's now stop this program.

01:38.300 --> 01:39.950
Alt+F4 to exit.

01:41.700 --> 01:49.680
And we are going to open it with x32dbg and I'm going to run it now.

01:51.920 --> 01:57.170
And enter any other user.

01:57.920 --> 02:00.080
And then simply enter any serial key.

02:00.110 --> 02:01.640
It doesn't have to be the right one.

02:01.640 --> 02:02.540
Click check.

02:03.200 --> 02:07.370
It will now hit my breakpoint, which I set earlier in the previous lessons.

02:08.570 --> 02:16.670
So now I will graph it and I will analyze where the string compare is being done.

02:16.970 --> 02:18.890
You will find it is over here.

02:20.270 --> 02:25.730
So I put a breakpoint here and here and I'm going to run to the first breakpoint now.

02:27.080 --> 02:29.510
So now I'm going to step over.

02:29.960 --> 02:33.350
And then I will step over until it comes to the string

02:33.350 --> 02:34.160
compare here.

02:36.050 --> 02:42.530
This is where it compares the serial that you enter with the actual right serial.

02:43.730 --> 02:47.570
As you can see from the stack here, these are the parameters to this function.

02:48.290 --> 02:54.230
So at the moment we know that we entered the wrong serial which is 3233, two and so on.

02:55.190 --> 02:58.550
But the right serial is actually at this address.

02:59.600 --> 03:05.570
So we need to copy this address because we need to use this address to fetch the correct serial later

03:05.570 --> 03:12.440
on to show this message in the message box, which is actually the actual serial key.

03:13.130 --> 03:19.640
Now if you scroll down here further, you will see that there is a message box here which will be called

03:19.640 --> 03:21.500
to show the bad message.

03:21.920 --> 03:26.420
Now the bad message by default will show the string sorry, don't give up.

03:27.020 --> 03:31.250
So instead of showing this string, we wanted to show the actual key.

03:32.420 --> 03:37.760
In order to do that, all we need to do is move this address to the stack.

03:37.790 --> 03:44.150
So presently it is moving this address containing this string to the stack.

03:45.910 --> 03:53.770
What we need to do is modify this line to move this address 64F64 to the stack.

03:54.970 --> 03:57.340
So that's how we can create a self keygen.

03:57.550 --> 04:03.340
So once we move this address to the stack it will now move this string

04:05.850 --> 04:06.480
to the stack.

04:06.780 --> 04:12.780
So when this message box is about to be called, it will show this string,

04:13.530 --> 04:14.520
the serial key.

04:15.420 --> 04:18.900
So this is how we can hack it in order to show the serial key.

04:19.230 --> 04:20.490
So let's get started.

04:20.490 --> 04:21.810
Let's continue from where we are.

04:22.050 --> 04:23.790
So we are now here.

04:24.270 --> 04:27.150
We have entered the wrong serial, but the right serial is this.

04:27.150 --> 04:28.800
So we're going to copy out this address.

04:28.800 --> 04:34.230
So right-click, copy line and then open up a notepad.

04:37.430 --> 04:39.770
And paste your line there.

04:40.190 --> 04:43.520
So this is the actual serial that we should have entered.

04:44.720 --> 04:47.180
Now what we need is this address.

04:48.220 --> 04:49.750
Where this string is stored.

04:50.140 --> 04:52.990
Now if you want to see this address, you can click on it.

04:53.410 --> 04:54.700
Now we are here.

04:54.700 --> 04:56.320
Let's click on this line here.

04:57.310 --> 05:00.010
And then over here you can see the address.

05:00.340 --> 05:01.690
Sorry, not that one.

05:01.690 --> 05:02.560
This one.

05:03.340 --> 05:06.430
- plus four, - plus four.

05:06.520 --> 05:08.560
So this is the one - plus four.

05:09.130 --> 05:14.800
So if we click on this you can see the address there 64FC4.

05:14.800 --> 05:19.090
And we can go there. Right-click, follow in dump - plus four.

05:19.840 --> 05:24.010
And you can see that the actual serial key, the real one.

05:24.370 --> 05:31.180
And it is stored at this address 64EF64 which is here on the stack.

05:31.180 --> 05:32.980
So now we have already saved that.

05:32.980 --> 05:34.690
Here we have a copy of the address.

05:34.690 --> 05:39.220
We can continue, continue stepping over.

05:40.180 --> 05:41.140
We are here.

05:42.100 --> 05:45.160
So that is going to go to the left.

05:46.300 --> 05:49.030
So let it go.

05:49.030 --> 05:50.860
Let it continue to go to the left.

05:53.600 --> 05:59.300
Until it comes to this box here.

06:00.840 --> 06:07.170
So now it's going to go into this box over here.

06:07.170 --> 06:08.220
Now it's in the box.

06:08.700 --> 06:17.280
So we want to modify this one, this message, this address to our address here, this one.

06:17.280 --> 06:19.890
So we copy this address, get it ready.

06:20.910 --> 06:27.210
And then we go to this line, right-click, follow in disassembler.

06:28.200 --> 06:29.850
And now we have this line.

06:32.050 --> 06:40.660
So we assemble it by pressing the spacebar, and then we modify this last address and right-click and

06:40.660 --> 06:50.890
paste our address, which contains the string 711099775, which is the real serial number.

06:51.970 --> 06:52.840
Click okay.

06:54.310 --> 07:01.090
And then now you see instead of showing sorry, the bad message is now showing the real serial key.

07:01.090 --> 07:06.700
So now we can continue to step over and we're going to call the message box.

07:07.600 --> 07:14.110
And message box now shows you the actual serial key instead of the bad message.

07:14.770 --> 07:15.100
All right.

07:15.100 --> 07:26.380
So now we can patch it. File, patch, patch this and then give it a new name with the dash two for patch

07:26.380 --> 07:27.160
number two.

07:28.270 --> 07:35.560
And then dash self keygen SK so that we know what it is.

07:36.340 --> 07:37.810
Now we can go and test it out.

07:38.590 --> 07:40.420
So just double-click on this.

07:41.110 --> 07:44.500
You can enter any username, doesn't matter what.

07:44.500 --> 07:49.480
So we can even put Apple and then put any serial key.

07:49.630 --> 07:52.960
Click on check and it will tell you what is the actual serial key.

07:54.010 --> 07:57.160
So this actual serial key is 51109.

07:57.160 --> 07:58.450
So let's copy it down.

08:00.220 --> 08:13.390
5110951109775307530.

08:13.690 --> 08:18.730
And this is for the user Apple. Okay, let's test it out now.

08:18.730 --> 08:19.150
Now.

08:19.330 --> 08:28.030
This time we are going to put the serial key which we self keygenned and put it here and see what happens.

08:29.180 --> 08:29.900
Click on check.

08:30.140 --> 08:30.980
Great job.

08:31.010 --> 08:31.580
Correct.

08:31.580 --> 08:32.270
So it works.

08:32.600 --> 08:36.470
All right, so let's try to generate another serial for a different user.

08:36.710 --> 08:38.750
So let's say we have oranges.

08:40.650 --> 08:41.760
Let's click check.

08:42.450 --> 08:47.070
So it shows you that the serial key for oranges is this 711.

08:47.070 --> 08:49.260
So let's write it down in our notepad.

08:49.680 --> 08:52.260
7110.

08:54.260 --> 08:55.190
111.

08:56.180 --> 09:00.350
751 and the username is oranges.

09:01.160 --> 09:04.100
So let us copy this serial key.

09:07.890 --> 09:11.370
And now we paste it in here and click check.

09:11.820 --> 09:12.210
Correct.

09:12.240 --> 09:12.960
Great job hacker.

09:13.470 --> 09:16.050
So our self keygen works.

09:16.050 --> 09:25.110
So this is how we can create an easy way to create a keygen by modifying or hacking the actual program

09:25.110 --> 09:28.260
itself to reveal the serial number to you.

09:28.800 --> 09:33.420
The alternative way of creating a keygen is to write a separate program.

09:33.420 --> 09:40.080
That will be more difficult to do, because it will require knowing some programming language in depth.

09:40.770 --> 09:48.990
So it is easier to do it this way just by hacking some addresses for the actual program itself.

09:49.050 --> 09:51.390
The actual keygen is the actual crackme itself.

09:51.780 --> 09:53.700
So that's all for this video.

09:53.730 --> 09:55.740
Thank you for watching.