Ziggy's KeyGenMe #0 Reverse Engineering Tutorial
0Learn how to reverse engineer a key generation algorithm in Ziggy's KeyGenMe #0. A KeyGenMe is a program that is intentionally made for learning reverse engineering legally. We are not doing anything illegal in this video. KeyGenMes and CrackMes are common learning tools for ethical hackers. Even antivirus companies create CrackMes for ethical reasons, see this Malwarebytes article:
https://blog.malwarebytes.com/malwarebytes-news/2017/11/how-to-solve-the-malwarebytes-crackme-a-step-by-step-tutorial/
In this tutorial we will reverse engineer a key generation algorithm and crack Ziggy's KeyGenMe #0. The core steps for reverse engineering this KeyGenMe are file reconnaissance, finding the ValidateKey function with static analysis, analyzing the ValidateKey function with dynamic analysis, replicating the ValidateKey routines in Python, and creating the KeyGen. At the end of this video, you will have written a simple 16 line keygen in python. This hacking guide requires Python3 as well as basic debugging skills. While we use PEiD and depends.exe, the main lesson in this simple KeyGen tutorial is reverse engineering key generation to make your own keygen in Python.
Support us on Patreon: http://bit.ly/38mnveC
Discussion & Download : https://bit.ly/3axsLOr
We use PEiD (PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files) to detect packers and compilers. We see this is compiled with MASM at the machine level and will not have compiler generated code. We use depends.exe to find the functions this Keygenme imports and, not finding much, move into static analysis with Ida.
IDA Pro is a disassembler used to translate machine code into a human readable format called assembly language. The latest full version of IDA Pro is commercial, while an earlier and less capable version is available for download free of charge. Software such as Ghidra may also be used for static analysis. Other disassemblers, such as Ollydbg or x64dbg, are better suited for dynamic analysis which is performed in parallel to analyze live behavior with breakpoints.
With the KeyGenMe open in IDA, we reverse engineer the decision tree and find the ValidateKey function. We step through the running application (dynamic analysis) with x64dbg to better understand execution flow. We reverse engineer assembly and step through and debug assembly functions to better understand the program. We replicate the assembly functions in a python script to produce a working KeyGen.
This KeyGenMe is a very simple one that utilizes a simple XOR algorithm, which is very common. You will learn how to reverse engineer it using Ida Pro and then using this information we will show you a simple python script that can generate serials based on the username.
Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC
Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu