Hey guys,
Just thought id write up a quick tutorial on who to keygen a simple .NET app.
For this tutorial you will need:
- Visual Studio (I will use this to code the keygen, although you can use any language you are conforable with, you will just need to convert some code)
- A basic programming knowledge
- An interest to learn
- A .net reflector (Reflector 8.5 or similar (ILSpy is a good free alternative) In this tutorial I will be using Red Gates .NET reflector but the steps are the same for ILSpy)
Download :
http://upload.evilzone.org?page=download&file=ubrJa7z9dUuddFdtyWacaFEVcHkxbwXOASd4AAbC3EhdFXSM8k
Ok, So lets analaze the target we will be keygenning today.
The program is a very very simple .NET keygen me written for the purposes of this tutorial (attached to this post is the source and binary).
Firstly lets fire up the app to see what our badboy message/s are.
So we can see that we get a MessageBoxA pop up telling us that we have entered the 'Wrong Serial' as well as the status on the status bar being changed to 'Wrong!'
Ok, know have alittle bit of information about our target, lets scan it with PEID or protectionID to find out more information about the binary.
ProtectionID:
Scanning -> C:\Users\andmuchmore.PWNAGE\Documents\Visual Studio 2013\Projects\amm_KeyGenMe\amm_KeyGenMe\amm_KeyGenMe.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 30208 (07600h) Byte(s)
Compilation TimeStamp : 0x554BFF72 -> Fri 08th May 2015 00:12:34 (GMT)
[File Heuristics] -> Flag #1 : 00000100000001001101000000110000 (0x0404D030)
[Entrypoint Section Entropy] : 5.65 (section #0) ".text " | Size : 0x3A44 (14916) byte(s)
[DllCharacteristics] -> Flag : (0x8560) -> HEVA | ASLR | DEP | NOSEH | TSA
[SectionCount] 4 (0x4) | ImageSize 0xE000 (57344) byte(s)
[VersionInfo] Product Name : amm_KeyGenMe
[VersionInfo] Product Version : 1.0.0.0
[VersionInfo] File Description : amm_KeyGenMe
[VersionInfo] File Version : 1.0.0.0
[VersionInfo] Original FileName : amm_KeyGenMe.exe
[VersionInfo] Internal Name : amm_KeyGenMe.exe
[VersionInfo] Legal Copyrights : Copyright © 2015
[Debug Info] (record 1 of 1) (file offset 0x4000)
Characteristics : 0x0 | TimeDateStamp : 0x554BFF72 | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x11C (284)
AddressOfRawData : 0x601C | PointerToRawData : 0x401C
CvSig : 0x53445352 | SigGuid 4189EB96-D246-423D-82107CACD12207E0
Age : 0x1 | Pdb : c:\users\andmuchmore.PWNAGE\documents\visual studio 2013\Projects\amm_KeyGenMe\amm_KeyGenMe\obj\Release\amm_KeyGenMe.pdb
[CompilerDetect] -> .NET
[.] .Net Info -> v 2.5 | MSIL 32 bit preferred (/platform:anycpu32bitpreferred) | Flags : 0x00020003 -> COMIMAGE_FLAGS_ILONLY | COMIMAGE_FLAGS_32BITREQUIRED | COMIMAGE_FLAGS_32BITPREFERRED |
[.] Entrypoint (Token) : 0x06000001
[.] MetaData RVA : 0x00002E88 | Size : 0x00002B5C (11100)
[.] MetaData->Version 1.1 -> v4.0.30319
[.] Flags : 0x0 | Streams : 0x5 (5)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.110 Second(s) [00000006Eh (110) tick(s)] [497 of 569 scan(s) done]
So we know that the app is coded in .NET and what flags where set by the compiler when building this application.
Know we know that the program isnt packed or obfuscated we can run it through a .NET reflector and get a reflection of the source .NET source (More info:
http://en.wikipedia.org/wiki/Reflection_(computer_programming))
Fire up your reflector of choice and open up our binary.
Once you have the binary imported, We to start looking through the code for something that might be useful to us.
If we expand amm_KeyGen we can Form1 (which is the default form name for a project for people unfamiliar with .NET), If we expand Form1 we can start to see a list labels, fields and methods.
We can see some intresting things here.... Button1_Click for example, lets double click on that method and have a look inside.
Private Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)
If (Me.TextBox1.Text <> "") Then
Dim text As String = Me.TextBox2.Text
If (Form1.GetHash(Me.TextBox1.Text, Me.TextBox1.Text) = [text]) Then
Interaction.MsgBox("Correct Serial!", MsgBoxStyle.ApplicationModal, Nothing)
Me.ToolStripStatusLabel1.Text = "Correct!"
Else
Interaction.MsgBox("Wrong Serial!", MsgBoxStyle.ApplicationModal, Nothing)
Me.ToolStripStatusLabel1.Text = "Wrong!"
End If
Else
Interaction.MsgBox("Please input a username!", MsgBoxStyle.ApplicationModal, Nothing)
End If
End Sub
So we can see from this code that this method first checks to see if textbox1.text isn't null, if textbox1.text contains a value, then the value from textbox2.text is saved to the variable 'text'. The string from textbox1.text is then passed into a function called GetHash() which the returned value is compared to our variable 'text', if its a match show our good boy message else show our bad boy message.
So in laymen terms, the text from textbox1 is passed into a function called GetHash() which then returns our serial to compare to the input of textbox2.
Now we know to generate our serial we need both a valid username (must not equal null) to be passed through GetHash() which should output our serial number.
If we click on GetHash() in reflector we can see that the function requires two inputs (theInput and key (key actually isnt used in this function as i tried to simplify the function as much as possible)
Public Shared Function GetHash(ByVal theInput As String, ByVal key As String) As String
Using md As MD5 = MD5.Create
Dim buffer As Byte() = md.ComputeHash(Encoding.UTF8.GetBytes(theInput))
Dim builder As New StringBuilder
Dim num2 As Integer = (buffer.Length - 1)
Dim i As Integer = 0
Do While (i <= num2)
builder.Append(buffer(i).ToString("X5"))
i += 1
Loop
Return builder.ToString
End Using
End Function
So basically we know where our serial is generate and how. So lets make a keygen for it!
Fire up Visual Studio or the IDE of your choice and lets start building us a keygen!
Tip: The function GetHash() shouldn't be to hard to convert into most languages but some algorithms and function are huge and complicated, I have found instead of trying to convert these functions over line by line, sometimes its easier to copy the code into a .NET dll and reference that from your application
Ok how you lay the keygen out or what features/functions is totally up to you, I will just walk through how to generate the serial, how you display it or output it is totally up to you!!
Basic requirements of this keygen are:
- 1 x Textbox (username as Input)
- 1 x Button (to submit the Input to GetHash)
- 1 x Display field (your choice, textbox, msgbox ect ect)
Mine looks like:
Ok now we have our form laid out lets add some code behind it.
Im going to create a function called generateSerialNo() and copy the contents of the GetHash() function.
EG:
Function generateSerialNo(input As String)
Using md As MD5 = MD5.Create
Dim buffer As Byte() = md.ComputeHash(Encoding.UTF8.GetBytes(input))
Dim builder As New StringBuilder
Dim num2 As Integer = (buffer.Length - 1)
Dim i As Integer = 0
Do While (i <= num2)
builder.Append(buffer(i).ToString("X5"))
i += 1
Loop
Return builder.ToString
End Using
End Function
Note: you have to add your imports manually for this example you will need to import system.security.cryptography and system.text
So now we have our serial function all we need to do is pass a variable to it and output a serial.
In my keygen I am getting the value of textbox1 and passing that into generateSerialNo() and then displaying the results of generateSerialNo() into textbox2
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim username As String = TextBox1.Text
Dim serial As String = generateSerialNo(username)
TextBox2.Text = serial
End Sub
And that should just about do it. Now its time to test it!
So our keygen appears to be generate a string
Username: andmuchmore
Serial: 000B5000C5000A90003100094000C8000CC000DD00062000070007F0002A00098000BF000F100088
Lets test that on our KeyGen Me now.
Success!!
And that is an extremely basic guide to creating your first keygen for a .NET application.
If anyone liked this tutorial or would like a tutorial made on a perticula topic, Hit me up and I'll see what I can do!
andmuchmore
Download :
http://upload.evilzone.org?page=download&file=ubrJa7z9dUuddFdtyWacaFEVcHkxbwXOASd4AAbC3EhdFXSM8k
PS Wasnt sure where this should be posted here or under tutorials, I will leave that up to the mods to deside
