EvilZone

Awesome resource but yes its a shame it hasnt been maintained!

FYI if anyone is intrested, this is a great tutorial for learning win32 ASM!
http://win32assembly.programminghorizon.com/tutorials.html


I am interested in a series on .NET cracking/reversing.
Sorry I didn't notice your intro :p got confused by post count. And yes, I think it should be in the tutorials section,write other parts in that section.

All good! I will start writing up some more .NET tutorials for you!
I might make on unpacking and patching with reflector / ollydbg if you like

Hey guys,

Just thought id write up a quick tutorial on who to keygen a simple .NET app.

For this tutorial you will need:
- Visual Studio (I will use this to code the keygen, although you can use any language you are conforable with, you will just need to convert some code)
- A basic programming knowledge
- An interest to learn
- A .net reflector (Reflector 8.5 or similar (ILSpy is a good free alternative) In this tutorial I will be using Red Gates .NET reflector but the steps are the same for ILSpy)

Download : http://upload.evilzone.org?page=download&file=ubrJa7z9dUuddFdtyWacaFEVcHkxbwXOASd4AAbC3EhdFXSM8k


Ok, So lets analaze the target we will be keygenning today.
The program is a very very simple .NET keygen me written for the purposes of this tutorial (attached to this post is the source and binary).

Firstly lets fire up the app to see what our badboy message/s are.


So we can see that we get a MessageBoxA pop up telling us that we have entered the 'Wrong Serial' as well as the status on the status bar being changed to 'Wrong!'

Ok, know have alittle bit of information about our target, lets scan it with PEID or protectionID to find out more information about the binary.


ProtectionID:
Scanning -> C:\Users\andmuchmore.PWNAGE\Documents\Visual Studio 2013\Projects\amm_KeyGenMe\amm_KeyGenMe\amm_KeyGenMe.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 30208 (07600h) Byte(s)
Compilation TimeStamp : 0x554BFF72 -> Fri 08th May 2015 00:12:34 (GMT)
[File Heuristics] -> Flag #1 : 00000100000001001101000000110000 (0x0404D030)
[Entrypoint Section Entropy] : 5.65 (section #0) ".text   " | Size : 0x3A44 (14916) byte(s)
[DllCharacteristics] -> Flag : (0x8560) -> HEVA | ASLR | DEP | NOSEH | TSA
[SectionCount] 4 (0x4) | ImageSize 0xE000 (57344) byte(s)
[VersionInfo] Product Name : amm_KeyGenMe
[VersionInfo] Product Version : 1.0.0.0
[VersionInfo] File Description : amm_KeyGenMe
[VersionInfo] File Version : 1.0.0.0
[VersionInfo] Original FileName : amm_KeyGenMe.exe
[VersionInfo] Internal Name : amm_KeyGenMe.exe
[VersionInfo] Legal Copyrights : Copyright ©  2015
[Debug Info] (record 1 of 1) (file offset 0x4000)
Characteristics : 0x0 | TimeDateStamp : 0x554BFF72 | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x11C (284)
AddressOfRawData : 0x601C | PointerToRawData : 0x401C
CvSig : 0x53445352 | SigGuid 4189EB96-D246-423D-82107CACD12207E0
Age : 0x1 | Pdb : c:\users\andmuchmore.PWNAGE\documents\visual studio 2013\Projects\amm_KeyGenMe\amm_KeyGenMe\obj\Release\amm_KeyGenMe.pdb
[CompilerDetect] -> .NET
[.] .Net Info -> v 2.5 | MSIL 32 bit preferred (/platform:anycpu32bitpreferred) | Flags : 0x00020003 -> COMIMAGE_FLAGS_ILONLY | COMIMAGE_FLAGS_32BITREQUIRED | COMIMAGE_FLAGS_32BITPREFERRED |
[.] Entrypoint (Token) : 0x06000001
[.] MetaData RVA : 0x00002E88 | Size : 0x00002B5C (11100)
[.] MetaData->Version 1.1 -> v4.0.30319
[.] Flags : 0x0 | Streams : 0x5 (5)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.110 Second(s) [00000006Eh (110) tick(s)] [497 of 569 scan(s) done]

So we know that the app is coded in .NET and what flags where set by the compiler when building this application.
Know we know that the program isnt packed or obfuscated we can run it through a .NET reflector and get a reflection of the source .NET source (More info: http://en.wikipedia.org/wiki/Reflection_(computer_programming))
Fire up your reflector of choice and open up our binary.


Once you have the binary imported, We to start looking through the code for something that might be useful to us.
If we expand amm_KeyGen we can Form1 (which is the default form name for a project for people unfamiliar with .NET), If we expand Form1 we can start to see a list labels, fields and methods.


We can see some intresting things here.... Button1_Click for example, lets double click on that method and have a look inside.

Private Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)
    If (Me.TextBox1.Text <> "") Then
        Dim text As String = Me.TextBox2.Text
        If (Form1.GetHash(Me.TextBox1.Text, Me.TextBox1.Text) = [text]) Then
            Interaction.MsgBox("Correct Serial!", MsgBoxStyle.ApplicationModal, Nothing)
            Me.ToolStripStatusLabel1.Text = "Correct!"
        Else
            Interaction.MsgBox("Wrong Serial!", MsgBoxStyle.ApplicationModal, Nothing)
            Me.ToolStripStatusLabel1.Text = "Wrong!"
        End If
    Else
        Interaction.MsgBox("Please input a username!", MsgBoxStyle.ApplicationModal, Nothing)
    End If
End Sub

So we can see from this code that this method first checks to see if textbox1.text isn't null, if textbox1.text contains a value, then the value from textbox2.text is saved to the variable 'text'. The string from textbox1.text is then passed into a function called GetHash() which the returned value is compared to our variable 'text', if its a match show our good boy message else show our bad boy message.

So in laymen terms, the text from textbox1 is passed into a function called GetHash() which then returns our serial to compare to the input of textbox2.

Now we know to generate our serial we need both a valid username (must not equal null) to be passed through GetHash() which should output our serial number.

If we click on GetHash() in reflector we can see that the function requires two inputs (theInput and key (key actually isnt used in this function as i tried to simplify the function as much as possible)
Public Shared Function GetHash(ByVal theInput As String, ByVal key As String) As String
    Using md As MD5 = MD5.Create
        Dim buffer As Byte() = md.ComputeHash(Encoding.UTF8.GetBytes(theInput))
        Dim builder As New StringBuilder
        Dim num2 As Integer = (buffer.Length - 1)
        Dim i As Integer = 0
        Do While (i <= num2)
            builder.Append(buffer(i).ToString("X5"))
            i += 1
        Loop
        Return builder.ToString
    End Using
End Function

So basically we know where our serial is generate and how. So lets make a keygen for it!

Fire up Visual Studio or the IDE of your choice and lets start building us a keygen!

Tip: The function GetHash() shouldn't be to hard to convert into most languages but some algorithms and function are huge and complicated,  I have found instead of trying to convert these functions over line by line, sometimes its easier to copy the code into a .NET dll and reference that from your application

Ok how you lay the keygen out or what features/functions is totally up to you, I will just walk through how to generate the serial, how you display it or output it is totally up to you!!

Basic requirements of this keygen are:
- 1 x Textbox (username as Input)
- 1 x Button (to submit the Input to GetHash)
- 1 x Display field (your choice, textbox, msgbox ect ect)

Mine looks like:


Ok now we have our form laid out lets add some code behind it.

Im going to create a function called generateSerialNo() and copy the contents of the GetHash() function.

EG:
Function generateSerialNo(input As String)
    Using md As MD5 = MD5.Create
        Dim buffer As Byte() = md.ComputeHash(Encoding.UTF8.GetBytes(input))
        Dim builder As New StringBuilder
        Dim num2 As Integer = (buffer.Length - 1)
        Dim i As Integer = 0
        Do While (i <= num2)
            builder.Append(buffer(i).ToString("X5"))
            i += 1
        Loop
        Return builder.ToString
    End Using
End Function

Note: you have to add your imports  manually for this example you will need to import system.security.cryptography and system.text

So now we have our serial function all we need to do is pass a variable to it and output a serial.

In my keygen I am getting the value of textbox1 and passing that into generateSerialNo() and then displaying the results of generateSerialNo() into textbox2

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    Dim username As String = TextBox1.Text
    Dim serial As String = generateSerialNo(username)
    TextBox2.Text = serial
End Sub

And that should just about do it. Now its time to test it!



So our keygen appears to be generate a string

Username: andmuchmore
Serial: 000B5000C5000A90003100094000C8000CC000DD00062000070007F0002A00098000BF000F100088

Lets test that on our KeyGen Me now.



Success!!

And that is an extremely basic guide to creating your first keygen for a .NET application.

If anyone liked this tutorial or would like a tutorial made on a perticula topic, Hit me up and I'll see what I can do!

andmuchmore

Download : http://upload.evilzone.org?page=download&file=ubrJa7z9dUuddFdtyWacaFEVcHkxbwXOASd4AAbC3EhdFXSM8k



PS Wasnt sure where this should be posted here or under tutorials, I will leave that up to the mods to deside