WEBVTT 1 00:01.760 --> 00:02.360 Welcome back. 2 00:02.540 --> 00:08.120 In the previous lesson, we already managed to fish out the serial. 3 00:08.150 --> 00:09.920 Now we are going to create a keygen itself. 4 00:09.920 --> 00:10.490 Keygen. 5 00:11.180 --> 00:17.570 So over here we know that this is the place where it's comparing. 6 00:17.570 --> 00:24.230 It's comparing the first character, first character of your input which is -, which is your first character. 7 00:24.230 --> 00:30.530 Here one, - is the first character, a first byte of your input, which is one, and comparing it with 8 00:30.530 --> 00:31.790 the first byte of -. 9 00:31.790 --> 00:35.480 How you know it's a first byte because it says here byte, byte pointer. 10 00:35.600 --> 00:41.300 So it's comparing that with comparing your one with -, the first byte negative one. 11 00:41.300 --> 00:43.850 And we correctly guess that this whole thing is a serial. 12 00:43.970 --> 00:49.580 So we don't have to do loop tracing anymore because we copy this and paste it inside, 13 00:49.580 --> 00:51.110 and it worked. Okay. 14 00:51.110 --> 00:56.120 So now how do you make a self keygen? To make a self keygen, 15 00:56.120 --> 00:58.790 we need to have a message box that we can use. 16 00:58.790 --> 01:02.810 So the only message box that we have is this one over here. 17 01:03.050 --> 01:06.080 But this message box will only show a congrats message. 18 01:06.860 --> 01:08.450 It will only show congrats message. 19 01:08.450 --> 01:14.060 And the congrats message will only be shown if you have entered the correct serial in the first place. 20 01:14.270 --> 01:20.930 So somehow we have to force this congrats message to show even though we entered the wrong serial. 21 01:21.740 --> 01:23.060 Okay, so that's the first step. 22 01:23.060 --> 01:29.510 So to do that we will have to first study where it goes to the trace. 23 01:29.510 --> 01:31.340 We will trace it now. 24 01:31.340 --> 01:38.660 So after you entered that it comes over here and over here you will see it's going to do something to 25 01:38.660 --> 01:39.020 -. 26 01:39.020 --> 01:44.090 So let's step over. - now becomes zero and then step over again. 27 01:44.690 --> 01:47.060 Now this one makes - become one. 28 01:47.990 --> 01:49.070 First it was zero. 29 01:49.070 --> 01:50.840 Now this one makes it become one. 30 01:51.080 --> 01:54.980 And then next it goes over here and it tests for -. 31 01:55.520 --> 01:59.240 And we find that - is not zero. 32 01:59.540 --> 02:06.890 So because - not zero, jump is taken. That means it's going to jump over the congrats message box. 33 02:06.890 --> 02:11.780 So in order to make it not jump we have to make sure - is one. 34 02:12.350 --> 02:18.740 Now in order to make - one we have to nop this because it is this line which turns - to become one. 35 02:19.280 --> 02:20.780 So let's try that again. 36 02:21.050 --> 02:24.770 Let's run it now. Let's click check. 37 02:24.950 --> 02:27.290 And we are now here. 38 02:27.440 --> 02:29.720 Let's continue to trace. 39 02:34.740 --> 02:37.050 And then let it go to here. 40 02:37.200 --> 02:37.710 Okay. 41 02:37.710 --> 02:46.140 Now at this point, - is. We're going to step over this and we see that - is zero. 42 02:46.140 --> 02:47.850 So we want it to be zero. 43 02:47.850 --> 02:49.050 We don't want it to become one. 44 02:49.050 --> 02:54.660 So we have to nop this because it is this which turns it to one as we have seen previously. 45 02:54.660 --> 02:59.610 So I put a comment there to remind ourselves that we need to nop this. 46 02:59.610 --> 03:03.360 So let's do that now. Let's right-click on this, follow in assembler. 47 03:03.480 --> 03:08.550 And over here we just binary fill with NOPs. Click okay. 48 03:10.310 --> 03:15.980 So now we head back to our code, 49 03:16.010 --> 03:17.000 our graph view. 50 03:17.870 --> 03:19.370 And now this one should be nop. 51 03:19.400 --> 03:20.750 So let's refresh and see. 52 03:21.680 --> 03:22.310 Refresh. 53 03:22.310 --> 03:25.010 And we see that it is now NOPs. 54 03:25.190 --> 03:26.750 Let's continue to step over. 55 03:27.500 --> 03:30.200 Now you notice that - remains zero. 56 03:30.200 --> 03:31.460 It doesn't change to one. 57 03:31.910 --> 03:33.470 So let's continue. 58 03:33.590 --> 03:34.430 Step over. 59 03:34.430 --> 03:37.520 And now when we test -, - is zero. 60 03:37.520 --> 03:39.050 So this jump will not happen. 61 03:39.050 --> 03:40.340 Jump is not taken. 62 03:40.340 --> 03:42.410 That means now it will go straight. 63 03:42.890 --> 03:46.700 It will go straight and it will show the good message. 64 03:46.700 --> 03:48.260 Let's step over and see that happening. 65 03:48.890 --> 03:50.900 And the good message is now showing. 66 03:50.900 --> 03:51.470 Step over. 67 03:52.460 --> 03:53.240 There you go. 68 03:53.360 --> 03:54.080 All right. 69 03:54.080 --> 04:01.220 Now we have nopped this to show a message box which we can now use to show our serial in here. 70 04:01.730 --> 04:02.330 Right. 71 04:02.330 --> 04:04.670 So we are going to do two things. 72 04:04.670 --> 04:07.190 First we are going to show the serial here. 73 04:07.190 --> 04:12.710 Second, we are going to change the caption to serial, serial. 74 04:12.740 --> 04:14.390 That's the two things we are going to do. 75 04:14.390 --> 04:17.150 The first thing is how are we going to change this 76 04:17.150 --> 04:19.430 to show the serial? Click okay. 77 04:19.670 --> 04:22.670 Now let's look for the address where the serial is being stored. 78 04:24.220 --> 04:29.680 Now the serial is being stored at the places where it is comparing, which is here. 79 04:30.250 --> 04:32.530 Remember, let me step over and show you again. 80 04:32.530 --> 04:36.940 Click check and then let's run. 81 04:38.680 --> 04:40.840 And then let's not hit our breakpoint. 82 04:41.350 --> 04:45.610 Let us now step over until it comes to this line. 83 04:49.690 --> 04:51.340 Now click on this and you will see 84 04:51.340 --> 04:58.210 this is where it's comparing the first character of the actual serial with the number, the first character 85 04:58.210 --> 05:01.960 of our input, which is one, and this is the address. 86 05:01.960 --> 05:04.060 Let's look for the address of -. 87 05:04.450 --> 05:07.330 This is the address where the actual serial is being stored. 88 05:07.930 --> 05:11.950 This the address 417730. 89 05:12.040 --> 05:18.910 So we need to copy this address out because we are going to use it as a parameter to our message box. 90 05:18.910 --> 05:22.810 So we copy this line and then put it in here. 91 05:25.300 --> 05:27.310 And this is the address that we want. 92 05:27.340 --> 05:32.860 This address contains the entire string that contains the serial actual serial. 93 05:33.220 --> 05:35.470 So now we are going to put this address. 94 05:35.470 --> 05:41.290 We copy this first, copy out this address and head over down to our message box over here. 95 05:42.370 --> 05:45.820 Here we are going to change this address to the one we just copied. 96 05:47.200 --> 05:47.560 Okay. 97 05:47.560 --> 05:49.480 So let's step over until we reach there. 98 05:55.370 --> 05:55.820 All right. 99 05:55.820 --> 05:57.140 So now we are here. 100 05:57.140 --> 06:00.440 And this is the second parameter of MessageBox. 101 06:00.440 --> 06:07.940 If you recall from our previous lesson, the second parameter of the MessageBox is the string that 102 06:07.940 --> 06:10.160 is going to be shown. Okay. 103 06:10.160 --> 06:14.270 So we can now assemble this. Right-click, follow in assembler. 104 06:14.810 --> 06:16.670 And we are now here. 105 06:17.990 --> 06:21.650 We are here now and we are going to change this address. 106 06:21.650 --> 06:25.820 So press spacebar and paste the address that you have copied. 107 06:26.360 --> 06:33.170 So this address has copied contains the string of the actual serial key: 417730. 108 06:33.710 --> 06:34.520 Click okay. 109 06:34.520 --> 06:38.090 Make sure you check on this keep size. Okay. 110 06:38.450 --> 06:40.580 And now we go back to our, 111 06:42.980 --> 06:44.300 go back to our graph 112 06:44.300 --> 06:44.870 view. 113 06:47.780 --> 06:48.830 And refresh. 114 06:50.680 --> 06:52.570 And let's see. Okay. 115 06:52.570 --> 06:54.820 So now it's changed to the actual serial key. 116 06:55.000 --> 06:55.750 Sorry. 117 06:55.750 --> 06:56.290 Not there. 118 06:56.290 --> 06:56.620 Here. 119 06:56.650 --> 07:01.540 See that it's still showing the congratulatory message? 120 07:01.570 --> 07:02.950 Now it's showing the serial key. 121 07:03.040 --> 07:04.540 So let's step over it and see 122 07:04.570 --> 07:05.170 it happening. 123 07:05.710 --> 07:06.250 Step over. 124 07:06.250 --> 07:08.560 The call is going to call the message box now. 125 07:09.610 --> 07:11.380 And let's see what happens. 126 07:11.380 --> 07:11.950 Step over. 127 07:12.580 --> 07:15.400 And message box should see 128 07:15.400 --> 07:15.880 "You did it." 129 07:16.210 --> 07:17.650 This is the actual serial. 130 07:18.070 --> 07:18.610 Okay. 131 07:18.610 --> 07:22.720 So now to test that this is actually serial, to compare to our previous copy. 132 07:23.080 --> 07:25.330 Negative one 6328. 133 07:25.330 --> 07:30.040 Negative one 6328569475694. 134 07:30.190 --> 07:30.730 Correct. 135 07:30.970 --> 07:31.900 It is the right one. 136 07:32.110 --> 07:32.740 All right. 137 07:32.740 --> 07:37.150 Now the next task is to change this caption to serial. 138 07:38.020 --> 07:41.560 So this caption is the third parameter: 1, 2, 3. 139 07:41.620 --> 07:43.270 Third parameter of the message box. 140 07:43.390 --> 07:44.500 Instead of "You did it," 141 07:44.500 --> 07:46.360 we are going to change this to serial. 142 07:46.360 --> 07:47.500 So let's do that now. 143 07:47.950 --> 07:49.120 So click on this one. 144 07:49.120 --> 07:53.470 Here we get the address 404200, which is here. 145 07:53.890 --> 07:57.520 Right-click this, follow in dump, 404200. 146 07:57.940 --> 08:01.630 And you see this is the string that we want to amend. 147 08:02.170 --> 08:07.810 So we select all this string up to this, leaving the last dot here which is the null terminator. 148 08:07.810 --> 08:09.370 We don't need to change that. 149 08:09.640 --> 08:12.820 And then right-click and then binary edit. 150 08:13.480 --> 08:17.560 And then here make sure you click on keep size. 151 08:18.040 --> 08:23.860 Here you just change this to serial. This place it with a space bar. 152 08:24.280 --> 08:31.930 We've got serial and we need one space bar, 2, 3, 4, 5 more spaces: 1, 2, 3, 4, 5 spaces. 153 08:31.930 --> 08:34.630 Click okay and refresh. 154 08:35.620 --> 08:37.660 And we should get it correct this time. 155 08:37.660 --> 08:38.020 See that? 156 08:38.020 --> 08:39.730 Serial plus five spaces? 157 08:39.730 --> 08:40.360 Yes. 158 08:40.360 --> 08:42.460 And the null terminator at the back. 159 08:42.820 --> 08:43.270 All right. 160 08:43.270 --> 08:45.970 So now we can check it again. 161 08:46.150 --> 08:46.720 Test it out. 162 08:46.720 --> 08:51.040 Click check, click run, run again. 163 08:51.040 --> 08:51.970 Now it's here. 164 08:51.970 --> 08:53.080 Let's step over that. 165 08:53.470 --> 08:55.360 And we see serial. 166 08:56.260 --> 08:56.620 All right. 167 08:56.620 --> 08:57.820 So now we can patch it. 168 08:58.300 --> 09:00.010 Click patch file. 169 09:00.940 --> 09:06.190 Close this, click patch file and give it a name: keygen 170 09:06.850 --> 09:12.400 and then dash one dash SKG for self keygen. 171 09:12.490 --> 09:15.040 Click save, click okay. 172 09:15.610 --> 09:15.910 All right. 173 09:15.910 --> 09:18.670 So now we can test our self keygen. 174 09:18.670 --> 09:21.100 We can close this program. 175 09:23.730 --> 09:26.820 And you go to this one and test our self keygen. 176 09:28.170 --> 09:28.740 Okay. 177 09:28.740 --> 09:31.350 So this is a keygen. 178 09:31.890 --> 09:34.290 So now we're going to enter cracker. 179 09:37.480 --> 09:41.620 And then we are going to put any wrong serial. 180 09:41.650 --> 09:48.310 Click check and it gives us our keygen, our serial for this user. 181 09:49.120 --> 09:52.300 And we copy it out here for this user. 182 09:53.560 --> 09:54.550 This is the serial. 183 09:55.090 --> 09:56.380 So how are we going to test 184 09:56.380 --> 09:57.220 that is correct? 185 09:57.250 --> 09:58.840 We open the original file. 186 10:00.070 --> 10:01.330 Open the original file. 187 10:01.990 --> 10:03.220 We key in cracker. 188 10:04.060 --> 10:06.490 And then we copy this keygen, 189 10:07.210 --> 10:09.040 this generated serial. 190 10:09.730 --> 10:13.330 Paste it in here and click check and see. 191 10:13.330 --> 10:14.080 It works. 192 10:14.110 --> 10:14.710 All right. 193 10:14.710 --> 10:15.820 Let's try another one. 194 10:15.850 --> 10:18.910 Supposing we are going to change it to another user. 195 10:18.910 --> 10:23.650 So we use our keygen to generate any other user. 196 10:23.800 --> 10:27.040 Other user. This type "other." 197 10:27.040 --> 10:28.750 And then any serial, click check. 198 10:29.110 --> 10:32.350 And this is the serial for this user called "other." 199 10:32.770 --> 10:34.450 So let's copy that down. 200 10:35.050 --> 10:36.160 It is 201 10:36.160 --> 10:49.420 15871587554025554025. 202 10:49.720 --> 10:52.360 And this is for the user called "other." 203 10:55.780 --> 10:56.860 So let's test it out. 204 10:57.520 --> 11:06.910 We open our original keygen, our original crackme here. Key in the username called "other," and we copy 205 11:06.910 --> 11:10.330 this and paste it in here. 206 11:12.350 --> 11:13.070 Click check. 207 11:13.070 --> 11:13.700 Yes. 208 11:13.700 --> 11:14.540 It works. 209 11:14.540 --> 11:15.140 All right. 210 11:15.140 --> 11:17.750 So this is how we can use 211 11:18.140 --> 11:19.790 a self keygen. 212 11:20.450 --> 11:26.570 How to create a self keygen even though it doesn't have a message box to show the bad message, you 213 11:26.570 --> 11:34.580 can still create a self keygen by using the message box that shows the congratulatory good message. 214 11:34.580 --> 11:36.410 So that's all for this video. 215 11:36.410 --> 11:38.420 Thank you for watching.