Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-27-2019, 00:44
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
PCGuardKeygen - PCGuard key tool

PCGuardKeygen - PC Guard key tool
PC Guard V6/v5 DEMO keygen is able to:
1. Generate button:
Generate "Activation Code" for PC Guard,
serials are generated from "Program ID" and "Site Code" (HID)
2. Decode button
Decode "Program ID" from "Activation Code" and "Site Code" (HID)
3. Verify button
Verify "Activation Code" and "Site Code" is required,
Not too strong check since just check 1 CRC32 byte.
4. Brute Site button
Decode "Program ID" from "Activation Code" while "Site Code"
is brute forced; SiteCollection.binary is generated containing
"Site Code"+" "+"Program ID"+0D0A (last is newline termination)
This will not test if "Program ID" is valid, a new tools has
to be created for that task.

"Program ID" has 24 hexadecimal numbers length (3 dwords)
"Site Code" has 8 hexadecimal numbers length (1 dword)
"Activation Code" is like: 7000074C-9598DD6C-78CBB23F-EF0156B4

https://www.calculateme.com/time/minutes/to-days/
Expected time for 4. Brute Site button would be approximately 4 hours.
Attached Files
File Type: zip PCGuardKeygen_src_VC6.zip (45.9 KB, 93 views)
File Type: zip PCGuardKeygenExe.zip (6.6 KB, 97 views)
Reply With Quote
The Following 5 Users Gave Reputation+1 to CodeCracker For This Useful Post:
conan981 (10-28-2019), DCA (11-06-2019), Mahmoudnia (10-27-2019), niculaita (10-27-2019), wilson bibe (10-27-2019)
The Following 38 Users Say Thank You to CodeCracker For This Useful Post:
alekine322 (09-21-2022), Apuromafo (10-27-2019), Avi_RE (11-14-2019), besoeso (10-28-2019), bolo2002 (10-27-2019), cachito (10-29-2019), canopus (10-29-2019), Codeman (06-19-2023), Coder (11-27-2022), conan981 (10-28-2019), CrackDJ (09-06-2023), DCA (11-06-2019), Doit (05-06-2020), Dxer (10-11-2023), flightwatch (10-29-2019), Hess (10-16-2023), iNomex (08-20-2021), Kurapica (10-27-2019), Mahmoudnia (10-27-2019), msaly (12-17-2019), niculaita (10-27-2019), nikkapedd (10-28-2019), NoneForce (10-28-2019), serseri_1453 (02-21-2020), sh3dow (04-28-2022), SinaDiR (10-13-2023), squareD (11-14-2019), Ura (05-01-2022), Vosiyons (05-05-2023), wilson bibe (10-27-2019), zeuscane (10-27-2019)
  #2  
Old 11-14-2019, 02:19
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
Some info on how you could modify this to also work for Full version:
seems that under full version the only different thing is a dword which come after site_code:

uint32_t ToBeHashed[2];
ToBeHashed[0] = site_code; // we need site code for decoding
ToBeHashed[1] = 0xA264D581; // this should be changed

You should grab it from target program:
Here is the first PC Guard check serial length:
009CA211 83F9 23 CMP ECX,23
009CA214 9C PUSHFD
009CA215 EB 01 JMP SHORT 009CA218

and this will move in eax the dword which should be fixed:
009CA74F 8B85 10B74100 MOV EAX,DWORD PTR SS:[EBP+41B710]
009CA755 60 PUSHAD
009CA756 E8 03000000 CALL 009CA75E
009CA75B 83EB 0E SUB EBX,0E
009CA75E EB 01 JMP SHORT 009CA761
How you should trace PC Guard: if you are after the actual check you should set a breakpoint before where current call get called; - restart Olly (not bother on trying to fallow jumps), you will also see some loop: just set breakpoint on exit door.
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
Mahmoudnia (11-14-2019)
The Following 3 Users Say Thank You to CodeCracker For This Useful Post:
dj-siba (04-06-2020), kallegaul (11-14-2019), Mahmoudnia (11-14-2019)
  #3  
Old 05-02-2020, 12:45
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
An important note:
PCGuard key tool can't do nothing if you don't have a valid key "Activation Code" or "Program ID" and also the program has any PE section encrypted.
Reply With Quote
  #4  
Old 06-30-2021, 14:40
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
Information:
https://foro.elhacker.net/ingenieria...t499288.0.html
https://www.sofpro.com/docs/pc-guard...site-mid-codes

Like I said without valid Site code and Activation code this tool is useless.
For the full version still needs a dword fix:
fix the second dword
ToBeHashed[1] = 0xA264D581; // this should be changed

Notice that size of ToBeHashed is 8, this value should be moved to ecx register.
And here is the spot where ToBeHashed[0] = site code, ToBeHashed[1] is used:
007D3EE3 8A9429 38EF4800 MOV DL,BYTE PTR DS:[ECX+EBP+0x48EF38]
007D3EEA 02043B ADD AL,BYTE PTR DS:[EBX+EDI] ; EBX point to ToBeHashed
007D3EED 02C2 ADD AL,DL
007D3EEF 8AB428 38EF4800 MOV DH,BYTE PTR DS:[EAX+EBP+0x48EF38]
007D3EF6 88B429 38EF4800 MOV BYTE PTR DS:[ECX+EBP+0x48EF38],DH
007D3EFD 889428 38EF4800 MOV BYTE PTR DS:[EAX+EBP+0x48EF38],DL
007D3F04 FEC1 INC CL
007D3F06 ^ 75 D6 JNZ SHORT 007D3EDE
007D3F08 61 POPAD
007D3F09 C3 RETN

007E16DE 9ABC3F6C l?¼š
007E16E2 E3B776D5 Õv·ã

ToBeHashed[1] = 0xE3B776D5;

Enter old Site Code/Activation Code, click Decode, (this will get Program ID - important)
enter your Site Code and finally click the Generate button.
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
mdj (07-01-2021)
The Following 4 Users Say Thank You to CodeCracker For This Useful Post:
mdj (07-01-2021), niculaita (06-30-2021), pnta (07-01-2021), Vosiyons (09-20-2022)
  #5  
Old 04-28-2022, 02:01
backdoor_b backdoor_b is offline
Friend
 
Join Date: Sep 2005
Location: Mexico
Posts: 45
Rept. Given: 53
Rept. Rcvd 22 Times in 13 Posts
Thanks Given: 45
Thanks Rcvd at 1 Time in 1 Post
backdoor_b Reputation: 22
Is there any new version?
Reply With Quote
  #6  
Old 09-18-2022, 12:55
Daz Hat Daz Hat is offline
Friend
 
Join Date: Aug 2022
Location: Australia
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 3 Times in 3 Posts
Daz Hat Reputation: 0
There is a good manual unpack on exetools here
https://forum.exetools.com/showthread.php?p=126058#post126058
Reply With Quote
The Following User Says Thank You to Daz Hat For This Useful Post:
backdoor_b (11-26-2022)
  #7  
Old 09-19-2022, 02:17
Pacobiz Pacobiz is offline
Friend
 
Join Date: Dec 2020
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 3 Posts
Pacobiz Reputation: 0
still works?
Reply With Quote
  #8  
Old 10-03-2023, 23:52
th3tuga th3tuga is offline
Friend
 
Join Date: Oct 2023
Posts: 30
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 16 Times in 10 Posts
th3tuga Reputation: 0
Quote:
Originally Posted by Pacobiz View Post
still works?
Unfortunately does not work on the latest version. Still works to brute force on old versions though.
Reply With Quote
  #9  
Old 05-24-2023, 14:44
Vosiyons Vosiyons is offline
Friend
 
Join Date: Jan 2022
Posts: 28
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 113
Thanks Rcvd at 52 Times in 14 Posts
Vosiyons Reputation: 0
Dear @CodeCracker How did you get Program ID from Pc Guard v6 program
Reply With Quote
  #10  
Old 08-31-2023, 16:58
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 969
Rept. Given: 15
Rept. Rcvd 125 Times in 83 Posts
Thanks Given: 23
Thanks Rcvd at 709 Times in 294 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
any1 can share last version pcguard demo/full Version: 6.00.0927?

old one not work
but we can get v6.00.0630 DEMO or v6.00.0050 DEMO for test

Last edited by FoxB; 09-02-2023 at 14:18.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 00:27.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )