I have seen them plenty of times, with many different types of software, but the one thing I have always wondered, is how software keygens know what key to generate. I know the basic principle of it: the keygen looks somewhere in the software installation files and creates a key that matches some encrypted file which allows the program to work. But I wanted to know how they do that, and how to prevent it. This is really a multiple part question.
Actually there are more than hundreds of site which give there user 100% free keygen,serial,patch or full software But many them only and only give virus and lots site are useless, have small database and site have very confusing user interface,But Some Sites are very friendly user interface & daily updated with good database. Last 20 referers: serialz.cracks.me.uk www.google.ro translate.google.com www.google.co.za www.serials.sw.cracks.m.c.
- How does the key-system work?
- How do programmers usually create software that works based on a key. I am an intermediate programmer, but I never learned much of the security/anti-piracy aspect of it. How do they create and/or recognize the keys to allow the software to start working?
Where does it usually look to find this 'encrypted file'?
- Is it in a physical file on the computer, or an of-site database that it calls?
What do the companies do to encrypt that file?
- I would emagine that the key must be stored in more than just plaintext, what do they do to keep it encrypted?
- What method is the keygen using to create the key?
- I have played around a llitle with some password-cracker software such as 'cain & able' and I have noticed, that with some of the password-cracking methods, such as brute-force and dictionary, it gives me ETAs in years, however keygens seem to create keys instantly. Are they using different methods entirely?
- What measures can companies take to prevent the use of keygens in pirated software?
- I am starting to write my own software to be distributed, I was wondering what existing, relitivly easy methods can I use to prevent
4 Answers
Well it depends there are many implementations. One of them was discussed in stackoverflow:
Assuming you don't want to do a special build for each user, then:
- Generate yourself a secret key for the product
- Take the user's name
- Concatentate the users name and the secret key and hash with (for example) SHA1
- Unpack the SHA1 hash as an alphanumeric string. This is the individual user's 'Product Key'
- Within the program, do the same hash, and compare with the product key. If equal, OK.
Note: every key scheme can be cracked. That's why a lot of tools use online validation.
There usually is no encrypted file when using the previous method. There might be other methods to generate keys with another algorithm, but they never store all keys in the program.
Well if you are referring to storing the key the user typed in your system, then sometimes it's saved plaintext in a config file. Sometimes they use symetric (like AES) encryption with a hardcoded key to encrypt this file.
Because there are people that can figure out the scheme the program uses and just implement it in their own keygen.
Online activation, but the harder you make it for the customer to use the software the less likely you they will buy it. In the end there isn't a single piece of software that is piracy-proof. If there was, companies like Adobe and Microsoft would be hiring you instantly.
Serials And Keygens Downloads
Serial numbers for computer software have a specific pattern, which allows the installer or application to detect whether or not it is a legit key. A very simple example would be that every serial number has exactly three occurances of the number 5 in it - so 1932-1253-2319-5512 would be a working serial number. In a real-life scenario the relationships between the numbers would of course be more complicated.
The shipped software contains an algorithm that checks whether or not a serial is valid. The software creator has a piece of software that allows him to create serial numbers for the product.
To create a keygen, a cracker group (people specialized in breaking copy protection schemes) analyze the program executable to find the part that checks the serial. They then reconstruct the algorithm to create the serials based on the checking code. The finished keygen is an app applying the algorithm to create a serial number.
Sometimes keygens do not really contain the algorithm, but rather a list of valid serial numbers, of which one is selected at random.
The keygen for Windows xp in the later service packs was more complicated, because Microsoft checked not only whether a key was valid, but also whether it had been sold with a copy and was not already in use on another computer. The keygen sent mass requests to the Microsoft server to check whether or not it was a working key.
How does the key-system work?
In most common form if (some-complex-or-not conditions-here) then (OK). Complexity of checked condition limited only by your fantasy
Where does it usually look to find this 'encrypted file'?
There are not any common patterns, where and how store and read this information. It can be file and not a file at all (registry key, for example, in case of Windows)
What do the companies do to encrypt that file?
Usual practive - never store as plain-text, use irreversible methods of transforming before storing, but - with key activation even plain-text key-storage may be bullet-proof: stolen key, once activated, will not work from second registration (abusable and hackable method, but may work to some degree)
What method is the keygen using to create the key?
Reverse-engineered method of checking validity helps in reverse-engineering algorithm of creating key-data
What measures can companies take to prevent the use of keygens in pirated software?
Non-technically - reasonable price for products. In this case keygens will (may) appear anyway, but it will be more 'just for fun' game for crack-teams, than requested (and used with direct impact) by the mass-consumer product.
Technically - preventing from running under debugger, combined with encrypted code in file (with in-memory decryption, possible - multi-layer for some sensitive parts), chains of memory manipulations, online verification of keys in external storage (see previous methods, which are applicable separately to checker also)...
Well first of all I'd suggest you to stop seeing those keygen files, as they are hacked piece of softwares (mostly/sometimes) accompanied with some other non-harmful looking image/nfo/lnk files which in full capacity of the hackers/crackers intentions could be crafted especially to infect your machine itself.
You might have heard of img/lnk/other files infecting boxes just when Explorer tries to access it. Then there are keygens being binary themselves which are supposed to execute and perform any stuff on your box, right.
Now, for your Queries...
You gotta understand, there is no global specific file/memory-location/etc thing to go for.
Serial Cracks And Keys
Designing a keygen for software has two main basic ways:
- Debugging the original Software's Licensing Action using some advanced process debugger () to look for memory locations interacted by the application to store/match the key. Then try to work your way around it. Need to pick up good Assembly Language skills to be awesome at these.
- Reverse Engineering the application itself to find out the method involved and then act accordingly.
protected by Lucas KauffmanJan 24 '14 at 16:39
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?