Hacker challenge: Can you make a keygen?

Mar 31, 2009

I like to reverse-engineer things, and I like number theory. These hobbies happen to intersect in the art of reverse-engineering software license keys.

I won't lie: I've cracked programs. I've created key generators for programs. But I also never distribute them. I do it for the challenge, not for the program.

But from a warez d00d perspective, it is infinitely preferable if you can create a key generator instead of cracking, because then you can typically get further software updates, and things are just easier for everyone.

It is sometimes shockingly easy to create a key generator. Often a program that checks a license key is structured like this:

licensestr = get_license_key_modal_dialog()
validlicensestr = make_valid_license(licensestr);
if(licensestr == validlicensestr) { ... }

So now all I have to do is extract your make_valid_license code, feed it random garbage, and I have a key generator for your program. One time I just replaced the call to strcmp() with puts() in a program and turned it into its own key generator.

Other key generators cycle through a hash of some sort (the hash is sometimes srand() / rand()) and ensure some check digits, or whatever. Any way you slice it, it's security through obscurity: you're giving the end user the code, and if end user can read and understand that code, they can break it.

It doesn't have to be this way. I have created a self-contained license key decoder, and I'm distributing the source code to it. In my next post, I will reveal all the details and how to create keys for it. For now, I want to see whether anyone can break it without having the "official" key generator. If so, there's a flaw in my reasoning. It uses a well-known, public-domain algorithm; that's all I'm going to say for now.

The code is here:

keydecode.cpp - key decoder
bn.h - quick and dirty bignums

I would like to open up a discussion on reddit. Undoubtedly many people there will recognize the algorithm and maybe poke holes in what I'm doing.

Update: "maybe poke holes in what I'm doing". Ha. More like drive a cement mixer through it in minutes. I was pleasantly surprised to find that this reached #1 on the programming subreddit. LoneStar309 found a gaping hole which I patched, and tharkban also found a bug in the final if statement, also fixed. It's fair game to make keys that way for the challenge I proposed, I suppose, but I wanted to see whether the idea would work, not necessarily my poor implementation of it. Turns out: no, it won't, and unsurprisingly it's been done before. Part 2 coming later.

Update 2: Hacker challenge part 2 has been posted.