Valhalla Legends Archive

I've been working on reversing all the CDKey decode/hashing functions my self (don't want to use any more public stuff/private stuff, rather figure it out my self since I'm basically teaching my self like I did with C++ and VB) and I've ran into a problem with Starcraft CDKey decode.  Basically, it returns to an invalid CDKey... Here's the code with C++ code along with disassembly line-for-line next to it.  For now i'm doing it line-for-line without any optimizations, and my variables are pretty much what I see in IDA.


int __stdcall DecodeStarcraftCDKey(char *cdkey)
{
   DWORD eax = 0, ecx = 0, edx = 0, edi = 0;
   char *esi = new char[14];

   eax = 3;                  // mov     eax, 3
   esi = cdkey;               // mov     esi, ecx
   ecx ^= edx;                  // xor     ecx, ecx

   //.text:19019B31 FirstLoop:
   for (ecx; ecx <= 0xC; ecx++) {
      edx = esi[ecx];            // movsx   edx, byte ptr [ecx+esi]
      edx -= 0x30;            // sub     edx, 30h
      edi = eax+eax;            // lea     edi, [eax+eax]
      edx ^= edi;               // xor     edx, edi
      eax += edx;               // add     eax, edx
                           // inc     ecx
                           // cmp     ecx, 0Ch
                           // jl      short FirstLoop
   }

   edx ^= edx;                  // xor     edx, edx
   ecx = 0xA;                  // mov     ecx, 0Ah
   // Here (div) is where I believe is the incorrect part..
   eax = eax / ecx;            // div     ecx
   edx = eax % ecx;
   eax = esi[0x0C];            // movsx   eax, byte ptr [esi+0Ch]
   edx = (BYTE)edx;            // movsx   edx, dl
   edx += 0x30;               // add     edx, 30h

   printf("eax: %i, edx: %i\n", eax, edx);   // Never equals the same, my key is valid too

   if (eax == edx)               // cmp     eax, edx
      goto JumpOne;            // jz      short JumpOne
   else
      return 0;

JumpOne:
   printf("Success!\n");

   /* TODO ... */
   return 1;
}


Quoteecx ^= edx;                  // xor    ecx, ecx

Also, you don't need to be dynamically allocating 12 chars.
<edit> eww@modifying your code :P

Try that, and see if it works.

Quotefor (ecx; ecx <= 0xC; ecx++) {
...
                          // jl      short FirstLoop

it's jl, not jle.

updated, but still doesn't work:


   DWORD eax = 0, ecx = 0, edx = 0, edi = 0;
   char *esi;

   eax = 3;                  // mov     eax, 3
   esi = cdkey;               // mov     esi, ecx
   ecx ^= ecx;                  // xor     ecx, ecx

   //.text:19019B31 FirstLoop:
   for (ecx; ecx < 0xC; ecx++) {
      edx = esi[ecx];            // movsx   edx, byte ptr [ecx+esi]
      edx -= 0x30;            // sub     edx, 30h
      edi = eax+eax;            // lea     edi, [eax+eax]
      edx ^= edi;               // xor     edx, edi
      eax += edx;               // add     eax, edx
                           // inc     ecx
                           // cmp     ecx, 0Ch
                           // jl      short FirstLoop
   }

   edx ^= edx;                  // xor     edx, edx
   ecx = 0xA;                  // mov     ecx, 0Ah
   // hmm @ div
   eax = eax / ecx;            // div     ecx
   edx = eax % ecx;
   eax = esi[0x0C];            // movsx   eax, byte ptr [esi+0Ch]
   edx = (BYTE)edx;            // movsx   edx, dl
   edx += 0x30;               // add     edx, 30h

   printf("eax: %i, edx: %i\n", eax, edx);   // Never equals the same, my key is valid too

   if (eax == edx)               // cmp     eax, edx
      goto JumpOne;            // jz      short JumpOne


Quoteeax = eax / ecx;            // div    ecx
  edx = eax % ecx;

eax is changing in the first line, but you're using it again in the second.  You might want to reverse those 2 lines.

Yes, that was the problem, all fixed now!