chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity

solved new crackme

Browse Source
This commit is contained in:
Chenx221 2024-09-28 17:07:12 +08:00
parent 32ce48838b
commit 9d3567757d
Signed by: chenx221
GPG Key ID: D7A9EC07024C3021
13 changed files with 924 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
babylon-kgme/Babylon Keygenme.exe Normal file
View File

Binary file not shown.

23
babylon-kgme/keygen/keygen1.deps.json Normal file
View File

@ -0,0 +1,23 @@
{
"runtimeTarget": {
"name": ".NETCoreApp,Version=v8.0",
"signature": ""
},
"compilationOptions": {},
"targets": {
".NETCoreApp,Version=v8.0": {
"keygen1/1.0.0": {
"runtime": {
"keygen1.dll": {}
}
}
}
},
"libraries": {
"keygen1/1.0.0": {
"type": "project",
"serviceable": false,
"sha512": ""
}
}
}

BIN
babylon-kgme/keygen/keygen1.dll Normal file
View File

Binary file not shown.

BIN
babylon-kgme/keygen/keygen1.exe Normal file
View File

Binary file not shown.

19
babylon-kgme/keygen/keygen1.runtimeconfig.json Normal file
View File

@ -0,0 +1,19 @@
{
"runtimeOptions": {
"tfm": "net8.0",
"frameworks": [
{
"name": "Microsoft.NETCore.App",
"version": "8.0.0"
},
{
"name": "Microsoft.WindowsDesktop.App",
"version": "8.0.0"
}
],
"configProperties": {
"System.Reflection.Metadata.MetadataUpdater.IsSupported": false,
"System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": true
}
}
}

22
babylon-kgme/readme.txt Normal file
View File

@ -0,0 +1,22 @@
_________________________________________
[x] [x] Babylon Keygenme [x] [x]
README.TXT
_________________________________________
Hello !
Un petit keygenme ultra simple, mais qui j'espère en occupera quand même certain(e)s un petit bout de temps !
Le but n'est évidemment pas de proposer un couple nom/serial valide (le crackme est torché en 2 min sinon !), mais de comprendre l'algo et de coder un keygen :]
Type : Keygenme
Level : Newbie
Langage : C (console)
Packed : Non
J'espère que quelques solutions/tutos/keygens verront le jour ! Merci de me les envoyer par MP ou par mail !
Bonne chance :]
haiklr - 28 mars 2006
[klr63@hotmail.com - http://haiklr.new.fr]

239
babylon-kgme/solve.md Normal file
View File

@ -0,0 +1,239 @@
serial计算方法
1. 首先看到程序的printf、scanf部分
```assembly
00401428 | 83C4 10 | add esp,10 |
0040142B | 83C4 F4 | add esp,FFFFFFF4 |
0040142E | 68 70124000 | push babylon keygenme.401270 | 401270:"[x][x] Babylon KeygenMe [x][x] coded by haiklr\n\n"
00401433 | E8 48040000 | call <JMP.&_printf> |
00401438 | 83C4 10 | add esp,10 |
0040143B | 83C4 F4 | add esp,FFFFFFF4 |
0040143E | 68 A1124000 | push babylon keygenme.4012A1 | 4012A1:"[x] Name : "
00401443 | E8 38040000 | call <JMP.&_printf> |
00401448 | 83C4 10 | add esp,10 |
0040144B | 83C4 F8 | add esp,FFFFFFF8 |
0040144E | 8D85 E0FEFFFF | lea eax,dword ptr ss:[ebp-120] |
00401454 | 50 | push eax |
00401455 | 68 AD124000 | push babylon keygenme.4012AD | 4012AD:"%s"
0040145A | E8 19040000 | call <JMP.&_scanf> |
```
这里让用户输入Name值
2. 接下来是对Name长度的检查可以看到Name要求4~14位长度
```assembly
0040145F | 83C4 10 | add esp,10 |
00401462 | 83C4 F4 | add esp,FFFFFFF4 |
00401465 | 8D85 E0FEFFFF | lea eax,dword ptr ss:[ebp-120] | ebp-120: Name
0040146B | 50 | push eax |
0040146C | E8 FF030000 | call <JMP.&_strlen> |
00401471 | 83C4 10 | add esp,10 |
00401474 | 8945 E8 | mov dword ptr ss:[ebp-18],eax | ebp-18: Name.Length
00401477 | 837D E8 03 | cmp dword ptr ss:[ebp-18],3 |
0040147B | 7E 08 | jle babylon keygenme.401485 | length > 3
0040147D | 837D E8 0E | cmp dword ptr ss:[ebp-18],E |
00401481 | 7F 02 | jg babylon keygenme.401485 | length <=14
00401483 | EB 2B | jmp babylon keygenme.4014B0 |
00401485 | 83C4 F4 | add esp,FFFFFFF4 | fail
...
004014A7 | E9 B4020000 | jmp <babylon keygenme.Bye> |
004014AC | 8D7426 00 | lea esi,dword ptr ds:[esi] | esi:"悙悙悙悙悙悙悙悙悙悙悙悙悙悙怺x][x] Babylon KeygenMe [x][x] coded by haiklr\n\n"
004014B0 | 83C4 F4 | add esp,FFFFFFF4 |
```
3. 接收用户输入的Serial
```assembly
004014B3 | 68 D2124000 | push babylon keygenme.4012D2 | 4012D2:"[x] Serial : "
004014B8 | E8 C3030000 | call <JMP.&_printf> |
004014BD | 83C4 10 | add esp,10 |
004014C0 | 83C4 F8 | add esp,FFFFFFF8 |
004014C3 | 8D85 A0FAFFFF | lea eax,dword ptr ss:[ebp-560] | ebp-560: Serial
004014C9 | 50 | push eax |
004014CA | 68 AD124000 | push babylon keygenme.4012AD | 4012AD:"%s"
004014CF | E8 A4030000 | call <JMP.&_scanf> |
```
4. 接下来开始计算正确的Serial首先在每位name字符间加入空格
```assembly
004014D7 | C745 FC 00000000 | mov dword ptr ss:[ebp-4],0 |
004014DE | 89F6 | mov esi,esi |
004014E0 | 8B45 E8 | mov eax,dword ptr ss:[ebp-18] | name每个字符之间插入0x20空格(包括末尾)
004014E3 | 89C2 | mov edx,eax | edx: Name length
004014E5 | 8D0412 | lea eax,dword ptr ds:[edx+edx] |
004014E8 | 3945 FC | cmp dword ptr ss:[ebp-4],eax | 循环条件ebp-4<2*edx
004014EB | 7C 03 | jl babylon keygenme.4014F0 |
004014ED | EB 31 | jmp babylon keygenme.401520 |
004014EF | 90 | nop |
004014F0 | 8D85 A0FDFFFF | lea eax,dword ptr ss:[ebp-260] |
004014F6 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
004014F9 | 8D8D E0FEFFFF | lea ecx,dword ptr ss:[ebp-120] | ecx:_printf+67
004014FF | 8B5D F8 | mov ebx,dword ptr ss:[ebp-8] |
00401502 | 8A0C0B | mov cl,byte ptr ds:[ebx+ecx] |
00401505 | 880C02 | mov byte ptr ds:[edx+eax],cl |
00401508 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] |
0040150B | 40 | inc eax |
0040150C | 8D95 A0FDFFFF | lea edx,dword ptr ss:[ebp-260] | edx:_KiFastSystemCallRet@0
00401512 | C60410 20 | mov byte ptr ds:[eax+edx],20 | 20:' '
00401516 | FF45 F8 | inc dword ptr ss:[ebp-8] |
00401519 | 8345 FC 02 | add dword ptr ss:[ebp-4],2 |
0040151D | EB C1 | jmp babylon keygenme.4014E0 |
0040151F | 90 | nop |
00401520 | 90 | nop |
```
5. 这里出场了第二组数据,现在只是每位+1
```assembly
00401521 | C745 FC 00000000 | mov dword ptr ss:[ebp-4],0 |
00401528 | 83C4 F4 | add esp,FFFFFFF4 | 将某串字符串(-[#]]=}&&&+(=$*,,)&.*/+++[][;/..§0)每个字符+1
0040152B | 8D85 A0FEFFFF | lea eax,dword ptr ss:[ebp-160] |
00401531 | 50 | push eax |
00401532 | E8 39030000 | call <JMP.&_strlen> |
00401537 | 83C4 10 | add esp,10 |
0040153A | 89C0 | mov eax,eax |
0040153C | 3945 FC | cmp dword ptr ss:[ebp-4],eax |
0040153F | 72 02 | jb babylon keygenme.401543 |
00401541 | EB 2D | jmp babylon keygenme.401570 |
00401543 | 8D85 A0FEFFFF | lea eax,dword ptr ss:[ebp-160] |
00401549 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
0040154C | 8D8D A0FEFFFF | lea ecx,dword ptr ss:[ebp-160] | ecx:_printf+67
00401552 | 8B5D FC | mov ebx,dword ptr ss:[ebp-4] |
00401555 | 899D 9CFAFFFF | mov dword ptr ss:[ebp-564],ebx |
0040155B | 8BB5 9CFAFFFF | mov esi,dword ptr ss:[ebp-564] |
00401561 | 8A1C0E | mov bl,byte ptr ds:[esi+ecx] |
00401564 | FEC3 | inc bl |
00401566 | 881C02 | mov byte ptr ds:[edx+eax],bl |
00401569 | FF45 FC | inc dword ptr ss:[ebp-4] |
0040156C | EB BA | jmp babylon keygenme.401528 |
0040156E | 89F6 | mov esi,esi |
00401570 | 90 | nop |
```
6. 第二组数据 Xor 加空格的Name
```assembly
00401571 | C745 FC 00000000 | mov dword ptr ss:[ebp-4],0 |
00401578 | 83C4 F4 | add esp,FFFFFFF4 | 加了空格的Name Xor 加了1的奇怪字符串 放字符串原位
0040157B | 8D85 A0FDFFFF | lea eax,dword ptr ss:[ebp-260] |
00401581 | 50 | push eax |
00401582 | E8 E9020000 | call <JMP.&_strlen> |
00401587 | 83C4 10 | add esp,10 |
0040158A | 89C0 | mov eax,eax |
0040158C | 3945 FC | cmp dword ptr ss:[ebp-4],eax |
0040158F | 72 02 | jb babylon keygenme.401593 |
00401591 | EB 41 | jmp babylon keygenme.4015D4 |
00401593 | 8D85 A0FEFFFF | lea eax,dword ptr ss:[ebp-160] |
00401599 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
0040159C | 8D8D A0FDFFFF | lea ecx,dword ptr ss:[ebp-260] | ecx:_printf+67
004015A2 | 8B7D FC | mov edi,dword ptr ss:[ebp-4] |
004015A5 | 89BD 9CFAFFFF | mov dword ptr ss:[ebp-564],edi |
004015AB | 8DB5 A0FEFFFF | lea esi,dword ptr ss:[ebp-160] |
004015B1 | 8B5D FC | mov ebx,dword ptr ss:[ebp-4] |
004015B4 | 899D 8CFAFFFF | mov dword ptr ss:[ebp-574],ebx |
004015BA | 8BBD 9CFAFFFF | mov edi,dword ptr ss:[ebp-564] |
004015C0 | 8A1C0F | mov bl,byte ptr ds:[edi+ecx] |
004015C3 | 8BBD 8CFAFFFF | mov edi,dword ptr ss:[ebp-574] |
004015C9 | 321C37 | xor bl,byte ptr ds:[edi+esi] |
004015CC | 881C02 | mov byte ptr ds:[edx+eax],bl |
004015CF | FF45 FC | inc dword ptr ss:[ebp-4] |
004015D2 | EB A4 | jmp babylon keygenme.401578 |
004015D4 | 90 | nop |
```
7. 反转上一步的结果
```assembly
004015D8 | 8D85 A0FEFFFF | lea eax,dword ptr ss:[ebp-160] |
004015DE | 50 | push eax |
004015DF | E8 8C020000 | call <JMP.&_strlen> |
004015E4 | 83C4 10 | add esp,10 |
004015E7 | 89C0 | mov eax,eax |
004015E9 | 8D50 FF | lea edx,dword ptr ds:[eax-1] | edx:_KiFastSystemCallRet@0
004015EC | 8955 FC | mov dword ptr ss:[ebp-4],edx | edx:_KiFastSystemCallRet@0
004015EF | 90 | nop |
004015F0 | 837D FC 00 | cmp dword ptr ss:[ebp-4],0 | 反转
004015F4 | 7D 02 | jge babylon keygenme.4015F8 |
004015F6 | EB 20 | jmp babylon keygenme.401618 |
004015F8 | 8D85 A0FCFFFF | lea eax,dword ptr ss:[ebp-360] |
004015FE | 8B55 F4 | mov edx,dword ptr ss:[ebp-C] | edx:_KiFastSystemCallRet@0
00401601 | 8D8D A0FEFFFF | lea ecx,dword ptr ss:[ebp-160] | ecx:_printf+67
00401607 | 8B5D FC | mov ebx,dword ptr ss:[ebp-4] |
0040160A | 8A0C0B | mov cl,byte ptr ds:[ebx+ecx] |
0040160D | 880C02 | mov byte ptr ds:[edx+eax],cl |
00401610 | FF45 F4 | inc dword ptr ss:[ebp-C] |
00401613 | FF4D FC | dec dword ptr ss:[ebp-4] |
00401616 | EB D8 | jmp babylon keygenme.4015F0 |
00401618 | 90 | nop |
```
8. 反转和没反转的插空放 (如:反转前"abcd" 反转后"dcba" 结果"dacb")
```assembly
00401619 | C745 FC 00000000 | mov dword ptr ss:[ebp-4],0 |
00401620 | 83C4 F4 | add esp,FFFFFFF4 | 将前面未反转的内容插空放进反转内容中
00401623 | 8D85 A0FCFFFF | lea eax,dword ptr ss:[ebp-360] |
00401629 | 50 | push eax |
0040162A | E8 41020000 | call <JMP.&_strlen> |
0040162F | 83C4 10 | add esp,10 |
00401632 | 89C0 | mov eax,eax |
00401634 | 3945 FC | cmp dword ptr ss:[ebp-4],eax |
00401637 | 72 07 | jb babylon keygenme.401640 |
00401639 | EB 45 | jmp babylon keygenme.401680 |
0040163B | 90 | nop |
0040163C | 8D7426 00 | lea esi,dword ptr ds:[esi] | esi:"悙悙悙悙悙悙悙悙悙悙悙悙悙悙怺x][x] Babylon KeygenMe [x][x] coded by haiklr\n\n"
00401640 | 8D85 A0FBFFFF | lea eax,dword ptr ss:[ebp-460] |
00401646 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
00401649 | 8D8D A0FCFFFF | lea ecx,dword ptr ss:[ebp-360] | ecx:_printf+67
0040164F | 8B5D F0 | mov ebx,dword ptr ss:[ebp-10] |
00401652 | 8A0C0B | mov cl,byte ptr ds:[ebx+ecx] |
00401655 | 880C02 | mov byte ptr ds:[edx+eax],cl |
00401658 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] |
0040165B | 40 | inc eax |
0040165C | 8D95 A0FBFFFF | lea edx,dword ptr ss:[ebp-460] | edx:_KiFastSystemCallRet@0
00401662 | 8D8D A0FEFFFF | lea ecx,dword ptr ss:[ebp-160] | ecx:_printf+67
00401668 | 8B5D EC | mov ebx,dword ptr ss:[ebp-14] |
0040166B | 8A0C0B | mov cl,byte ptr ds:[ebx+ecx] |
0040166E | 880C10 | mov byte ptr ds:[eax+edx],cl |
00401671 | FF45 F0 | inc dword ptr ss:[ebp-10] |
00401674 | FF45 EC | inc dword ptr ss:[ebp-14] |
00401677 | 8345 FC 02 | add dword ptr ss:[ebp-4],2 |
0040167B | EB A3 | jmp babylon keygenme.401620 |
0040167D | 8D76 00 | lea esi,dword ptr ds:[esi] | esi:"悙悙悙悙悙悙悙悙悙悙悙悙悙悙怺x][x] Babylon KeygenMe [x][x] coded by haiklr\n\n"
00401680 | 90 | nop |
```
9. 将不可打印字符转成0x36
```assembly
00401681 | C745 FC 00000000 | mov dword ptr ss:[ebp-4],0 |
00401688 | 83C4 F4 | add esp,FFFFFFF4 | 把所有不可打印字符替换成0x36
0040168B | 8D85 A0FBFFFF | lea eax,dword ptr ss:[ebp-460] |
00401691 | 50 | push eax |
00401692 | E8 D9010000 | call <JMP.&_strlen> |
00401697 | 83C4 10 | add esp,10 |
0040169A | 89C0 | mov eax,eax |
0040169C | 3945 FC | cmp dword ptr ss:[ebp-4],eax |
0040169F | 72 02 | jb babylon keygenme.4016A3 |
004016A1 | EB 32 | jmp babylon keygenme.4016D5 |
004016A3 | 8D85 A0FBFFFF | lea eax,dword ptr ss:[ebp-460] |
004016A9 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
004016AC | 803C02 1F | cmp byte ptr ds:[edx+eax],1F | <=0x1F则替换成0x36
004016B0 | 7E 11 | jle babylon keygenme.4016C3 |
004016B2 | 8D85 A0FBFFFF | lea eax,dword ptr ss:[ebp-460] |
004016B8 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
004016BB | 803C02 7A | cmp byte ptr ds:[edx+eax],7A | 7A:'z'
004016BF | 7F 02 | jg babylon keygenme.4016C3 | >0x7A则替换成0x36
004016C1 | EB 0D | jmp babylon keygenme.4016D0 |
004016C3 | 8D85 A0FBFFFF | lea eax,dword ptr ss:[ebp-460] |
004016C9 | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | edx:_KiFastSystemCallRet@0
004016CC | C60402 36 | mov byte ptr ds:[edx+eax],36 | 36:'6'
004016D0 | FF45 FC | inc dword ptr ss:[ebp-4] |
004016D3 | EB B3 | jmp babylon keygenme.401688 |
004016D5 | 90 | nop |
```
判断就不放了

79
babylon-kgme/source/keygen1.sln Normal file
View File

@ -0,0 +1,79 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.11.35303.130
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen1", "keygen1\keygen1.csproj", "{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen2", "keygen2\keygen2.csproj", "{2446CB50-1882-4219-9DB0-E7F5517E6E20}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen3", "keygen3\keygen3.csproj", "{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GiveMeSerial", "GiveMeSerial\GiveMeSerial.vcxproj", "{E3604156-7DF2-4B5F-AECA-64786B92F38C}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x64.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x64.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.ActiveCfg = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.Build.0 = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.Build.0 = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x64.ActiveCfg = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x64.Build.0 = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.ActiveCfg = Release|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.Build.0 = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x64.ActiveCfg = Debug|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x64.Build.0 = Debug|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.ActiveCfg = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.Build.0 = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.Build.0 = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x64.ActiveCfg = Release|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x64.Build.0 = Release|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.ActiveCfg = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.Build.0 = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x64.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x64.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.ActiveCfg = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.Build.0 = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.Build.0 = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x64.ActiveCfg = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x64.Build.0 = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.ActiveCfg = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.Build.0 = Release|x86
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|Any CPU.ActiveCfg = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|Any CPU.Build.0 = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x64.ActiveCfg = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x64.Build.0 = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x86.ActiveCfg = Debug|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x86.Build.0 = Debug|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|Any CPU.ActiveCfg = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|Any CPU.Build.0 = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x64.ActiveCfg = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x64.Build.0 = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x86.ActiveCfg = Release|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {01ED3EE8-E89A-4A27-AF68-EF2490CB6BD7}
EndGlobalSection
EndGlobal

220
babylon-kgme/source/keygen1/Form1.Designer.cs generated Normal file
View File

@ -0,0 +1,220 @@
namespace keygen1
{
partial class Form1
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
button1 = new Button();
label1 = new Label();
textBox1 = new TextBox();
label2 = new Label();
textBox2 = new TextBox();
label3 = new Label();
checkBox1 = new CheckBox();
button2 = new Button();
button3 = new Button();
label4 = new Label();
textBox3 = new TextBox();
button4 = new Button();
label5 = new Label();
textBox4 = new TextBox();
SuspendLayout();
//
// button1
//
button1.Location = new Point(393, 2);
button1.Name = "button1";
button1.Size = new Size(93, 172);
button1.TabIndex = 0;
button1.Text = "Generate";
button1.UseVisualStyleBackColor = true;
button1.Click += Button1_Click;
//
// label1
//
label1.AutoSize = true;
label1.Location = new Point(30, 18);
label1.Name = "label1";
label1.Size = new Size(39, 15);
label1.TabIndex = 1;
label1.Text = "Name";
//
// textBox1
//
textBox1.Location = new Point(75, 14);
textBox1.Name = "textBox1";
textBox1.Size = new Size(262, 23);
textBox1.TabIndex = 2;
//
// label2
//
label2.AutoSize = true;
label2.Location = new Point(34, 51);
label2.Name = "label2";
label2.Size = new Size(35, 15);
label2.TabIndex = 3;
label2.Text = "Serial";
//
// textBox2
//
textBox2.Location = new Point(75, 47);
textBox2.Name = "textBox2";
textBox2.Size = new Size(262, 23);
textBox2.TabIndex = 4;
//
// label3
//
label3.AutoSize = true;
label3.Location = new Point(312, 155);
label3.Name = "label3";
label3.Size = new Size(75, 15);
label3.TabIndex = 5;
label3.Text = "By Chenx221";
//
// checkBox1
//
checkBox1.AutoSize = true;
checkBox1.Enabled = false;
checkBox1.Location = new Point(75, 155);
checkBox1.Name = "checkBox1";
checkBox1.Size = new Size(89, 19);
checkBox1.TabIndex = 6;
checkBox1.Text = "Auto Mode ";
checkBox1.UseVisualStyleBackColor = true;
//
// button2
//
button2.Location = new Point(343, 13);
button2.Name = "button2";
button2.Size = new Size(44, 24);
button2.TabIndex = 7;
button2.Text = "Copy";
button2.UseVisualStyleBackColor = true;
button2.Click += Button2_Click;
//
// button3
//
button3.Location = new Point(343, 47);
button3.Name = "button3";
button3.Size = new Size(44, 23);
button3.TabIndex = 8;
button3.Text = "Copy";
button3.UseVisualStyleBackColor = true;
button3.Click += Button3_Click;
//
// label4
//
label4.AutoSize = true;
label4.Location = new Point(10, 82);
label4.Name = "label4";
label4.Size = new Size(59, 15);
label4.TabIndex = 9;
label4.Text = "Company";
label4.Visible = false;
//
// textBox3
//
textBox3.Location = new Point(75, 79);
textBox3.Name = "textBox3";
textBox3.Size = new Size(262, 23);
textBox3.TabIndex = 10;
textBox3.Visible = false;
//
// button4
//
button4.Location = new Point(343, 79);
button4.Name = "button4";
button4.Size = new Size(44, 23);
button4.TabIndex = 11;
button4.Text = "Copy";
button4.UseVisualStyleBackColor = true;
button4.Visible = false;
button4.Click += Button4_Click;
//
// label5
//
label5.AutoSize = true;
label5.Location = new Point(31, 116);
label5.Name = "label5";
label5.Size = new Size(35, 15);
label5.TabIndex = 12;
label5.Text = "Serial";
label5.Visible = false;
//
// textBox4
//
textBox4.Location = new Point(75, 113);
textBox4.Name = "textBox4";
textBox4.Size = new Size(262, 23);
textBox4.TabIndex = 13;
textBox4.Visible = false;
//
// Form1
//
AutoScaleDimensions = new SizeF(7F, 15F);
AutoScaleMode = AutoScaleMode.Font;
ClientSize = new Size(491, 183);
Controls.Add(textBox4);
Controls.Add(label5);
Controls.Add(button4);
Controls.Add(textBox3);
Controls.Add(label4);
Controls.Add(button3);
Controls.Add(button2);
Controls.Add(checkBox1);
Controls.Add(label3);
Controls.Add(textBox2);
Controls.Add(label2);
Controls.Add(textBox1);
Controls.Add(label1);
Controls.Add(button1);
FormBorderStyle = FormBorderStyle.FixedSingle;
MaximizeBox = false;
Name = "Form1";
Text = "KeyGen For babylon-kgme";
ResumeLayout(false);
PerformLayout();
}
#endregion
private Button button1;
private Label label1;
private TextBox textBox1;
private Label label2;
private TextBox textBox2;
private Label label3;
private CheckBox checkBox1;
private Button button2;
private Button button3;
private Label label4;
private TextBox textBox3;
private Button button4;
private Label label5;
private TextBox textBox4;
}
}

154
babylon-kgme/source/keygen1/Form1.cs Normal file
View File

@ -0,0 +1,154 @@
using System.Runtime.InteropServices;
using System.Text;
using static System.Windows.Forms.VisualStyles.VisualStyleElement.TaskbarClock;
namespace keygen1
{
public partial class Form1 : Form
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr FindWindow(string? lpClassName, string lpWindowName);
[DllImport("user32.dll", SetLastError = true)]
static extern IntPtr GetDlgItem(IntPtr hDlg, int nIDDlgItem);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, StringBuilder? lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
const uint WM_SETTEXT = 0x000C;
const uint BM_CLICK = 0x00F5;
public Form1()
{
InitializeComponent();
}
private void Button1_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(textBox1.Text))
{
MessageBox.Show("Name不能为空");
return;
}
//if (string.IsNullOrEmpty(textBox2.Text))
//{
// MessageBox.Show("First Name不能为空");
// return;
//}
//if (string.IsNullOrEmpty(textBox3.Text))
//{
// MessageBox.Show("Company不能为空");
// return;
//}
//Generate(textBox1.Text, textBox2.Text, textBox3.Text);
Generate(textBox1.Text);
}
private void Generate(string username)
{
if (username.Length <= 3 || username.Length > 14)
{
MessageBox.Show("Name长度要求4~14位");
return;
}
string? key = GenerateKey(username);
if (key == null)
{
MessageBox.Show("生成Key失败");
return;
}
//if (!int.TryParse(username, out int serial1))
//{
// MessageBox.Show("Serial1不是有效数字");
// return;
//}
//string key = GenerateKey(serial1);
//textBox4.Text = string.Join("-", key);
textBox2.Text = key;
//if (checkBox1.Checked) AutoMode(username,key);
//禁用由于controlId不固定
}
private static string? GenerateKey(string name)
{
string part = "-[#]]=}&&&+(=$*,,)&.*/+++[][;/..§0";
string name_p1 = string.Join(" ", name.Select(c => c.ToString())) + " ";
string part_p1 = new(part.Select(c => (char)(c + 1)).ToArray());
char[] p2 = part_p1.ToCharArray();
for (int i = 0; i < name_p1.Length; i++)
{
p2[i] ^= name_p1[i];
}
char[] p2_rev = (char[])p2.Clone();
Array.Reverse(p2_rev);
char[] p3 = new char[0x22];
for (int i = 0; i < 0x11; i++)
{
p3[2 * i] = (char)((p2_rev[i] <= 0x1F || p2_rev[i] > 0x7A) ? 0x36 : p2_rev[i]);
p3[2 * i + 1] = (char)((p2[i] <= 0x1F || p2[i] > 0x7A) ? 0x36 : p2[i]);
}
return new string(p3);
}
private static void AutoMode(string username, string key)
{
string windowTitle = "ArturDents CrackMe #2";
IntPtr hWnd = FindWindow(null, windowTitle);
if (hWnd == IntPtr.Zero)
{
MessageBox.Show("窗口未找到");
return;
}
int usernameControlId = 0xBB8;
int serialControlId = 0xBB9;
int submitButtonId = 0xBBA;
IntPtr usernameHwnd = GetDlgItem(hWnd, usernameControlId);
IntPtr serialHwnd = GetDlgItem(hWnd, serialControlId);
IntPtr submitButtonHwnd = GetDlgItem(hWnd, submitButtonId);
if (usernameHwnd == IntPtr.Zero || serialHwnd == IntPtr.Zero || submitButtonHwnd == IntPtr.Zero)
{
MessageBox.Show("控件未找到");
return;
}
StringBuilder usernameToSet = new(username);
StringBuilder serialToSet = new(key);
SendMessage(usernameHwnd, WM_SETTEXT, IntPtr.Zero, usernameToSet);
SendMessage(serialHwnd, WM_SETTEXT, IntPtr.Zero, serialToSet);
SendMessage(submitButtonHwnd, BM_CLICK, IntPtr.Zero, IntPtr.Zero);
}
private void Button2_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox1.Text))
{
Clipboard.SetText(textBox1.Text);
}
}
private void Button3_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox2.Text))
{
Clipboard.SetText(textBox2.Text);
}
}
private void Button4_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox3.Text))
{
Clipboard.SetText(textBox3.Text);
}
}
}
}

120
babylon-kgme/source/keygen1/Form1.resx Normal file
View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

17
babylon-kgme/source/keygen1/Program.cs Normal file
View File

@ -0,0 +1,17 @@
namespace keygen1
{
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
// To customize application configuration such as set high DPI settings or default font,
// see https://aka.ms/applicationconfiguration.
ApplicationConfiguration.Initialize();
Application.Run(new Form1());
}
}
}

31
babylon-kgme/source/keygen1/keygen1.csproj Normal file
View File

@ -0,0 +1,31 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net8.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<UseWindowsForms>true</UseWindowsForms>
<ImplicitUsings>enable</ImplicitUsings>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<Platforms>AnyCPU;x86</Platforms>
<Authors>chenx221</Authors>
<Company>chenx221</Company>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'">
<DebugType>portable</DebugType>
</PropertyGroup>
</Project>