How to choose a digital code for a program. License key of a program or game. Physical hacking of the program
When selecting a password, no one guarantees the success of this enterprise). However, there are some rules that can significantly increase your chances of a favorable outcome of this matter.
Where to begin
- Often, not only a password is required, but also a login. If you are trying to find a login, for example, to break into your colleague’s computer, use his name. If it doesn’t work, look at what this person calls himself on social networks (Twitter, Facebook, Vkontakte, etc.) - often it works 100%.
- See if there are restrictions on the length of the password you enter or the characters used. Often, the password must be at least six characters long and contain at least one number. If you don’t know, there are such restrictions, try to create your own account, for example on the site for which you select a password - during registration you will be told about the requirements for passwords.
- Request a hint question. Often password entry pages have this feature. As a rule, questions such as “Mother’s maiden name?”, “What is the name of your pet?”, “What city were you born in?” are used as prompt questions. etc. This will significantly narrow possible options words, especially if you know at least something about the person!
Use tricks
- Just guess the password. Most often people use the same standard passwords. Their list has long been known and is constantly updated). Below you will find the 25 most common passwords (according to Splash Data):
password
123456
12345678
abc123
qwerty
monkey
letmein
dragon
111111
baseball
I love you
trustno1
1234567
sunshine
master
123123
welcome
shadow
Ashley
football
jesus
michael
ninja
mustang
password1Here are some statistics:
4.7% of users use password;
8.5% of users choose one of two options: password or 123456;
9.8% of users choose one of three options: password, 123456 or 12345678;
14% of users choose one of the 10 most popular passwords;
40% of users choose one of the 100 most popular passwords;
79% of users choose one of the 500 most popular passwords;
91% of users choose one of the 1,000 most popular passwords. - Apply known selection rules. It has been experimentally established that if a password contains numbers, then it will be the number 1 or 2, and it will be at the end of it. Also, if the password has a capital letter, then it will be at the very beginning of the word, followed by a vowel.
- A person's gender may provide a clue. It is known that women prefer to use personal names (the name of their husband or lover) as passwords, and men prefer to use their hobbies and interests (the name of their favorite sports team, car brand, etc.).
Use information relevant to the person
- Proper names: names of spouses, family members, pets, athletes, children's nicknames, etc.
- Hobbies and interests: names of favorite programs, movie characters, professions, culinary dishes, etc.
- Important numbers and dates: birthday, address, phone number, etc.
Disclaimer: everything written below is written solely for educational and research purposes, as well as for understanding the mechanisms of protection against hacking. The author under no circumstances recommends using this information for hacking programs.
In this article I want to talk about three and a half main ways to hack .NET programs. The goal I pursue is to help developers better understand the security mechanisms of their programs, i.e. identify the most obvious threats and take appropriate action (or not).
I won't go into detail or use complex hacking tools. Everything will be described “for dummies”, i.e. all tools will be simple, easily accessible and free. And the main one will be Reflector, a decompiler of programs for .NET
As a guinea pig, I chose Expresso - an analyzer regular expressions. This program It’s free, the license doesn’t seem to say anything about hacking, but without registration it will only work for 60 days. In other words, the harm from hacking this program is minimal, and its internal structure is very well suited for training. I hope that the author of this program will not be offended by me.
First, a brief educational program on the structure of the .NET program, for those who are not familiar with development for this Framework: all code written in any .NET language (C#, Visual Basic, F#, Delphi.NET) is compiled into a special Intermediate Language, usually called IL or MSIL. This is something like an assembler, only very smart and with very powerful instructions. And this, in principle, is the same equal language as C#, only the syntax is worse (and there are more possibilities). In addition, the .NET program actively uses metadata, i.e. all information about classes, methods, properties, attributes and everything else is saved in the executable file.
Those. in fact, decompiling a program is not a very correct concept in this case. It is already all in open form, and tools in the form of Reflector are engaged in bringing MSIL constructs to the corresponding constructs of C# or another language, increasing the readability of the code.
Let's move on to the actual hacking.
0. Trial reset
Actually, this is not even a hack, but a semi-legal way to extend the life of an inactivated program. It consists in the fact that there is a place where the date of the first launch is stored and changed/destroyed. After this, you can still use the program until the next deadline.Let's look at our test subject with a reflector:
After walking through the code a little, we find an interesting line in the MainForm constructor 
Open the registry editor, go to HKEY_CURRENT_USER\Software\Ultrapico\Expresso and see the following keys: 
We delete them and get another 60 days of work.
This option, of course, is simple and obvious, but even if it were more complicated, it would take a little more time in the reflector to find out all the places where information is written and clear them.
Advice to developers who will try to write data to a hidden place: write more carefully, otherwise everything can turn into problems for ordinary users who for some reason do not have this place, or do not have enough rights to it.
1. Writing keygen
The most terrible option for the developer, and the most pleasant for the end evil user. The program considers itself licensed, no scary gestures need to be made.We open the reflector and look for the code for classes containing License or Registration, we see: 
When you enter a name and code, a hash is calculated by name and compared with the code.
This hash uses DES and all sorts of prefixes
Bytes are converted into a string using this method.
Now everything is clear, open the IDE and copy all the necessary pieces of code (or implement it yourself). All that remains is to find out what the values of Prefix, Suffix and MyDES implementation parameters are. I won’t give them, these are technical details.
As a result, we generate a key for any name and see: 
Bingo!
Protection against keygens is simple and obvious: use some form of asymmetric encryption. Those. make it so that it would be impossible to generate a code without knowing the private key, and this key is located only in one place - with the author of the program.
2. Using a wrapper
Checking the correctness of the license is quite a troublesome and slow task. Therefore, program developers usually check the license once, and then use the resulting flag - valid/invalid (as an option, how valid is it, if several types of licenses are allowed, differing in capabilities). Here you can play on this using the following algorithm:- Indicate to the program that the license has already been verified
- Indicate to the program that the license is correct
There is nothing interesting with the launch, but the check shows that if the program is already registered, then it considers that everything is fine and does not do any further work to determine the correctness of the license.
Let's use this:
Let's create a new project, add Reference to Expresso.exe and run it through ourselves: 
Let's see what happened: 
Well, who would doubt it.
In this case, everything turned out to be simple, but if the author of the program had replaced public properties with private ones, then he would only have had to use Reflection for access and everything would have come down to the original problem.
I think it’s clear how you can try to protect yourself from this - check the license periodically, look at the environment from which the program is running, make it impossible to set the required variable.
But all these protections will lead to the attacker using
3. Physical hacking of the program
Everything is getting serious here. The entire program is decompiled into MSIL and then assembled back from it (remember, I wrote that MSIL is the same language as C#?). To decompile, we need a utility from the SDK called ildasm, and for compilation the compiler is from the .NET Framework ilasm.Launch ildasm, open Expresso.exe and save the dump to an .il file. We find the already discussed IsRegistered method and add a little of our code (without labels): 
Then we take ilasm and put everything back together (not forgetting to connect the resources).
What this code does: installs desired name for registration (optional), and returns the status that everything is fine.
To make it clearer, this is how it looks in the reflector, in C# 
Those. It is quite obvious that now everything will be fine: 
A little about the code in MSIL: it is a stack machine that does not have registers, all operations have the form: push the required number of parameters onto the stack, execute a function that takes the required number of parameters and puts the result. Well, and vice versa: set the value of the variable to what is on the stack. To better understand how all this works, I recommend a simple technique: write a small program in a familiar language, compile it, see what happens in MSILe and understand the language constructs.
At the same time, some things in MSIL can be done very beautifully, for example, swapping two variables - 4 nice lines (less in C#, but ugly).
What the attacker sacrifices: the signature of the program, now it is no longer the author’s, but his. In some cases, this is a problem if the program uses many libraries. Then the evil hacker will have to disassemble them all and reassemble them again, but if he copes with this, then he will have “his own” signed version of the program his key.
There is actually little protection from all this disgrace: carry out obfuscation or move part of the logic/security checks into the native code.
Conclusion
I think I told you how easily everything can be broken on .NET if the creator has not made an effort to protect his program. And you decide whether it’s worth making protection and spending time and resources on it. Or maybe just make a web-based system, or a free limited version. It's up to the developers to decide.Various generators (passwords, nicknames, random numbers and codes) are very popular, as they are widely used by public administrators, organization owners and ordinary users for various purposes.
Promo code generator– a specific service that can be used by owners of organizations and commercial enterprises to conduct promotions and sweepstakes.
For example, using a promotional code, discounts can be provided, gift certificates can be valid in stores, and on other services they can be used to provide access to a wider range of services.
Choice
For those users who use promotional codes quite often, it is important to find a functional and convenient generator that meets all requirements.
Such services are implemented both as applications for social networks(which is especially convenient when carrying out promotions among public subscribers, for example), both online and in the form of programs installed on a computer (which in most cases is completely inconvenient).
They differ in settings and list of features.
A correctly chosen generator can significantly simplify the process of organizing promotions and special offers, as well as sweepstakes.
Main characteristics
All popular (and not so popular) generators differ from each other in a number of parameters.
Among them are such indicators as the number of characters in the code, the presence of a prefix and postfix (which simplifies the classification and division of codes into groups), used in, etc.
In addition, different services offer different numbers of codes for simultaneous (by pressing one button) generation.
Basic specifications the services discussed below are shown in the table.
| Name | License | Prefix, postfix | Selecting the symbols to use | Selecting the number of characters | Fast generation of multiple codes |
|---|---|---|---|---|---|
| GetEasyCode.ru | Free trial, paid advanced | Yes | Yes | Yes | Yes |
| Randomize | Free | No | Yes | Yes | Yes |
| TakeTheCode | Free | Prefix only | Yes | Yes | Yes |
| Academy | Free | No | No | No | No |
| Generator ukrbio.com | Free | No | Limited | Yes | Yes |
| Studio F1 | Free | No | Limited | Yes | Yes |
| Inglobal | Free | Prefix only | Limited | Yes | Yes |
Based on these characteristics, it is easier to make the right choice.
GetEasyCode.ru
This is a fast loading one page website with a generator that is fast and stable.
Almost always available.
The main distinguishing feature of the service– maximum functionality and high speed.
The menu is simple and intuitive, the design is pleasant and does not distract from the work.
- Allows you to create a prefix and postfix;
- You can generate several codes at once (from 1 to 100);
- The user can choose which symbols to use in the code.
- Inconvenient switching of the number of codes;
- Paid provision of from 100 to 999 codes - cost 299 rubles (at the time of writing);
- Paid provision of 1000 codes or more - cost 999 rubles (also at the time of writing);
- You must constantly press the “I am not a robot” button.
Here's what users who have already used this generator say: “Convenient, multifunctional service”, “Quite high prices for generation”, “It’s convenient to use this generator - I only use it.”
Randomize
This site is designed to randomly generate various passwords, promotional codes, numbers, etc.
It is multifunctional and convenient for those who conduct various pranks or use many passwords.
This generator is positioned as a premium service for online stores.
It's not the easiest to use, but it's a truly feature-rich and free service.
The main feature of the service is the so-called “individual” code generation mode.
In this mode, you can write existing code, indicating that only certain characters need to be changed.
- Possibility to register a prefix;
- Ability to manually enter the symbols used;
- Availability of an “individual” generation settings mode;
- You can generate up to 10 million codes and download them in one format or another;
- Indicating the probability of selection for codes of different types.
- Inability to register a postfix;
- Limited small number of characters (from 4 to 16);
- At least 1000 codes are generated.
Users respond to the service in the following way: “It’s convenient that you can generate a lot of codes at once,” and the menu is not very convenient.”
Academy
This generator is available for use at the link https://academy.ru/personal/promo-gen/.
This is a multifunctional site, among its many functions there is, among other things, a promotional code generator.
A rather complex design and many pages lead to the fact that the service takes a long time to load.
It is important to understand that this site is not a specialized generator. It can help for one-time generation.
But it is impossible to use it on a mass scale.
- Fast generation without unnecessary settings;
- Convenient code copying by pressing one button;
- Ready database of unused promotional codes.
- A very small number of functions - you cannot select the number or number of simultaneously generated codes, etc.;
- You cannot specify a prefix or postfix; the code design is also selected by the system by default;
- There are quite a lot of different links and design complications on the page, which makes the work not too simple.
Users speak about the generator like this: “It may be okay to receive one promotional code, but it’s not clear how to use it more widely,” “Very inconvenient and few functions.”
Generator ukrbio.com
This is a one-page generator with a simple menu and an intuitive interface.
It has a simple and pleasant design, thanks to which the page loads quickly.
The service works stably and provides a sufficient set of functions.
This service allows you to generate combinations only from numbers, only from letters, mixed, including or.
You can also adjust the case of letters and display all codes in one format or another.
- Simple menu and minimalistic website page design;
- Free creation of a very large number of codes (from 1 to 9999 pieces);
- There are quite wide possibilities in customizing the format and appearance of future codes.
- Ability to select the password length and its composition (lowercase and uppercase letters, numbers, signs);
- Ability to generate several password codes at once;
- This site has many auxiliary, often necessary functions at your fingertips.
- Inability to set prefix and postfix;
- It is not possible to limit or select the characters used;
- All codes are written in one word without spaces and have approximately the same appearance, they cannot be downloaded - only copied as plain text, which is inconvenient if there are a large number of them.
<Рис. 8 Studio F1>
This multifunctional generation service is available at https://studiof1.ru/blog/developing/passgen/.
The website is a multifunctional resource with services for website promotion, etc.
The resource has a fairly simple design and is convenient to use in cases where the user, in addition to promotions, holds sweepstakes and other events to attract an audience.
Strictly speaking, this service is called a password generator; it is capable of creating quite complex and varied combinations that can be used as promotional codes.
After all, this service allows you to use almost all the same settings that the promo code generator offers.
Let’s imagine a situation where you had to “destroy Windows” (remove the operating system windows system) and install a new one. If you cope with this, then a problem may arise such as installing programs and games that are already familiar to you. It’s good if they are freely available and free, but what to do when you paid for a program (or game), and when you reinstall it, it requires you to license key(and this is quite normal)? It’s good if you saved it somewhere and wrote it down, but what if you lost or didn’t leave the key? In this case, there are two solutions.
1) Write in support of this program and explain the situation. If the developers are normal and you prove to them that you really bought their product, then they will help you.
2) Use one free program, about which there will be text below.
So the program is called Belarc Advisor - Free Personal PC Audit
The installation process is normal.
First, we agree with the information message that they also have a version for Android
Then we agree to the license agreement
Next, click the Install button (the program does not ask where to install) and agree to analyze the system to search for keys:
We are waiting for completion
And ultimately, a window (this type of report) will open with various information (operating system, all components, users, networks, etc.). Here we look for the Software Licenses item at the bottom and see everything that the program found:
I don't have much, because... I mostly use free solutions, but the meaning is clear.
Thus, using this program you can find out license keys not only for operating system and programs, as well as find out detailed statistics about your computer (down to the latest connected flash drives). Therefore, I think this program will be useful to you and it is worth knowing about it.
