Re: How do people write keygens?

On Mon, 20 Mar 2006 10:32:08 +0000, Pete wrote:

I'm just puzzled how people go about writing keygens. It would seem on
the face of it a next to impossible task, without inside information on
the algorithm, but people seem to do it all the time.

One very expensive program I can think of, is written by a company that
will I expect have a large number of maths PhDs on its staff. One might
expect them to be able to write an uncrackable algorithm. On the face of
it, the algorithm looks like it should be difficult, as it requires a
password that is machine specific. So the procedure is like this.

1) Run program - it generates an "ID" 2) Pass ID to software
manufacturer. They provide a password. 3) Enter password into software
and it works.

If the name of the computer is changed and you need another password.
The password can have an expiry date and can be limited to a specific
number of processes on a UNIX system (I'm not sure about Windows).

Yet I know a keygen has been written for that. You enter the "ID" and it
generates a password which works for anything.

I'm just puzzled how without inside knowledge of the algorithm, this is
possible.

Before the DMCA and such came along, there were numerous sites that taught
reverse engineering. It isn't that hard to trace through a program and
figure out what the protection method is. And some protections were so
simple that tracing the code was not even needed.

As an example of a really simple one, let's look at the old style keys
that Microsoft used starting with Win95. The format was 5 digits-3
digits-7 digits-5 digits. You could go to your local software store, look
at a dozen or so valid keys (they used to be printed on the outside of the
box for some reason) and figure out the algorithm without having to even
look at the code. The first 5 digits were the product code (Win 95,
Office, VB, etc), the next 3 were either "OEM" or 3 digits, the following
group of 7 digits is the actual key, and the last 5 digits appear to be
random. If you have a few of those old CD keys lying around, add the seven
numbers together and divide the sum by seven. You will see the pattern in
a few tries. Hint: fractions="Go away evil pirate", which is why
"12345-123-1234567-12345" would be accepted as a valid key.
1+2+3+4+5+6+7=28 28/7= "Greetings steady customer. Thank you and come
again". With that knowledge, it is no trouble at all to write a keygen
that will crank out valid keys as fast as you can click the mouse button.

Notice that this key format was 20 digits long. The new style alphanumeric
keys that began with Win98 are 20 digit also. The new key is still the
same original scheme but encrypted. Since the registry contains both the
new style encrypted key and the decrypted key in the old style format, it
would not be that difficult to figure out the encryption method and make a
keygen for the new key format. As you see, inside knowledge is not
required to make a keygen.
.