Figure 11.8 KeygenMe-3’s success message box.Keygenning
You may or may have not noticed it, but KeygenMe-3’s success message was
“Great, You are ranked as Level-3 at Keygening now,” it wasn’t “Great, you are
ranked as level 3 at patching now.” Crackmes have rules too, and typically cre-
ators of crackmes define how they should be dealt with. Some are meant to be
patched, and others are meant to be keygenned. Keygennning is the process of
creating programs that mimic the key-generation algorithm within a protec-
tion technology and essentially provide an unlimited number of valid keys, for
everyone to use.
You might wonder why such a program is necessary in the first place.
Shouldn’t pirates be able to just share a single program key among all of them?
The answer is typically no. The thing is that in order to create better protec-
tions developers of protection technologies typically avoid using algorithms
that depend purely on user input—instead they generate keys based on a com-
bination of user input and computer-specific information. The typical
approach is to request the user’s full name and to combine that with the pri-
mary hard drive partition’s volume serial number.^1 The volume serial number
is a 32-bit random number assigned to a partition while it is being formatted.
Using the partition serial number means that a product key will only be valid
on the computer on which it was installed—users can’t share product keys.
To overcome this problem software pirates use keygen programs that typi-
cally contain exact replicas of the serial number generation algorithms in the
protected programs. The keygen takes some kind of an input such as the volume
serial number and a username, and produces a product key that the user must
type into the protected program in order to activate it. Another variation uses a364 Chapter 11
(^1) NT-based Windows systems, such as Windows Server 2003 and Windows XP, can also report the
physical serial number of the hard drive using the IOCTL_DISK_GET_DRIVE_LAYOUT I/O
request. This might be a better approach since it provides the disk’s physical signature and unlike
the volume serial number it is unaffected by a reformatting of the hard drive.