downloadbrowseSubmiN|KinG's KeygenMe No.4

Download, 220 kb (password:
Browse contents of

KeygenMe No.4 by n00b README:
1:=) Code a complete keygen...
2:=) Send your solution to me...

This keygenme IS NOT RATED for newbies!


Difficulty: 4 - Needs special knowledge
Platform: Windows
Language: Borland Delphi

Published: 09. Mar, 2007
Downloads: 1095


Votes: 5
Crackme is boring.

Rate this crackme:

Send a message to SubmiN|KinG »

View profile of SubmiN|KinG »


Solution by bundy, published 18. mar, 2007; download (74 kb), password: or browse.

bundy has rated this crackme as nothing special.

Submit your solution »

Discussion and comments

10. Mar 2007
Hmm, a little tricky but easy :p
but i think it must be 2/10 ;)
10. Mar 2007
I agree - it's easy, but I think some newbies could still see it difficult (although - what's hard on serial fishing? ;) -> self-keygen)
10. Mar 2007
i guess n00b doesn't want a self-keygen but a keygen... ;)
16. Mar 2007
I've created a keygen for this one some time ago, but i was lazy to write a solution :p

bundy, good job and i hope it can be accepted anyway if isn't accepted i going to put my hands on notepad :D
17. Mar 2007
good work HMX0101 ;))

Loved your keygen :=)
17. Mar 2007
funny .. where did my comment disappear? ELFZ, it happened already twice this month :(
18. Mar 2007
ot: ELFZ Last seen: 30. Jan, 2007 @.@'
18. Mar 2007
bundy, I removed your comment. Check pm for a private talk :)
18. Mar 2007
bundy, good solution but you said something that's not completely right...

----- Copied from bundy solution -----
0045AEBA lea edx,[local.4]
0045AEBD mov eax,[local.4]
0045AEC0 call 004581E8 ; ?????

Really ?????. The purpose of this call was to convert this base64 string to
base 2 string - but due to a bug?! it always returns:
----- Copied from bundy solution -----

It only return "110100110100110100110100110100110100" when name length is 4,5,6... else it return "110100110100110100110100110100110101", check it out yourself ;)

This part fucked me a moment, but when i tested different names with different length i've realized it :D

And yeah... its a bug.. maybe ConvertBase64to2 function modified? don't know but all is possible ;)
18. Mar 2007
I think that it is NOT dependent on length of name. The parameter to this call is base64 string of name hash (which is fixed length). In the call there is this:

0045822D |>mov edx,0FF
00458232 |>call <initialize6>
00458237 |>mov eax,[local.257] ; "000000"
0045823D |>call LStrLen
00458242 |>mov ebx,eax

The LStrLen call takes as parameter the string "000000" which is fixed also. This string is then converted to base2 string.

PS: I've tried many different length serials, all of them worked. Could you write me an example name when it returns this other string?
18. Mar 2007
Try my keygen, plz:

Anyway, i tested my keygen with a lot of names of different lengths and it worked, don't know why all name you tested are good :/

Some examples:

My keygen:

Your keygen:

19. Mar 2007
You are right - there's something strange happening.

I've tried the examples you wrote (also your keygen - nice banner btw). The first two examples - my keygen works as expected - correctly (:) at least on this machine?!).
The third example "Keygenme" is the tricky one. On the very first press to "Is it correct?" button your serial works ... on later checks my serial works.

Could you please check if your serial for "Keygenme" works on each click to check button? If yes, maybe this is somehow machine dependent.
19. Mar 2007
Yeah, it works on each click.... maybe n00b put something in it that can't be threat easily :/, maybe it deals with ConvertBase64to2 modified :(

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.