Font Finder v4.0.0.1

Jalankan Font Finder (FF), lalu klik di File*Register FF, masukkan sembarang username, gua pake Freeware, lalu sembarang serial, gua pake 123454323.

Pasang BPX di hmemcpy, lalu trace sampai masuk ke badan program, terus teken F10(trace) sampai kamu ketemu dengan rutin berikut :

:00483BB3 8B45FC MOV EAX,[EBP-04] -->> user name
:00483BB6 E8B903F8FF CALL 00403F74 -->> hitung panjangnya !
:00483BBB 83F819 CMP EAX,19 -->> kurang/sama dengan 19h ?
:00483BBE 7E2A JLE 00483BEA -->> lanjutkan !
:00483BC0 B8A03D4800 MOV EAX,00483DA0
:00483BC5 E8CA49FDFF CALL 00458594
:00483BCA 33D2 XOR EDX,EDX
:00483BCC 8B83C4020000 MOV EAX,[EBX+000002C4]
:00483BD2 E86503FBFF CALL 00433F3C
:00483BD7 8B83C4020000 MOV EAX,[EBX+000002C4]
:00483BDD 8B10 MOV EDX,[EAX]
:00483BDF FF92B4000000 CALL [EDX+000000B4]
:00483BE5 E976010000 JMP 00483D60
:00483BEA A1009B4D00 MOV EAX,[004D9B00]
:00483BEF FF00 INC DWORD PTR [EAX]
:00483BF1 8D55FC LEA EDX,[EBP-04]
:00483BF4 8B83C8020000 MOV EAX,[EBX+000002C8]
:00483BFA E80D03FBFF CALL 00433F0C
:00483BFF 8B45FC MOV EAX,[EBP-04]
:00483C02 50 PUSH EAX
:00483C03 8D55F0 LEA EDX,[EBP-10]
:00483C06 8B83C4020000 MOV EAX,[EBX+000002C4]
:00483C0C E8FB02FBFF CALL 00433F0C
:00483C11 8B55F0 MOV EDX,[EBP-10]
:00483C14 8BC3 MOV EAX,EBX
:00483C16 E8A5FEFFFF CALL 00483AC0 -->> rutin serial !
:00483C1B 8D55F4 LEA EDX,[EBP-0C]
:00483C1E E88952F8FF CALL 00408EAC
:00483C23 8B4DF4 MOV ECX,[EBP-0C]
:00483C26 8D45F8 LEA EAX,[EBP-08]
:00483C29 BADC3D4800 MOV EDX,00483DDC -->> const =
:00483C2E E88D03F8FF CALL 00403FC0
:00483C33 8B55F8 MOV EDX,[EBP-08] -->> real serial !
:00483C36 58 POP EAX -->> our serial :)
:00483C37 E84804F8FF CALL 00404084 -->> bandingkan !
:00483C3C 0F850D010000 JNZ 00483D4F
:00483C42 68C7710000 PUSH 000071C7 -->> pesan "thank you bla bla bla" gua rasa, check di deadlist jelasnya.
:00483C47 6857EF0000 PUSH 0000EF57 

Oke, masuk ke rutin serialnya (F8) :

:00483AC0 55 PUSH EBP
:00483AC1 8BEC MOV EBP,ESP
:00483AC3 6A00 PUSH 00
:00483AC5 53 PUSH EBX
:00483AC6 56 PUSH ESI
:00483AC7 8BDA MOV EBX,EDX
:00483AC9 33C0 XOR EAX,EAX
:00483ACB 55 PUSH EBP
:00483ACC 68433B4800 PUSH 00483B43
:00483AD1 64FF30 PUSH DWORD PTR FS:[EAX]
:00483AD4 648920 MOV FS:[EAX],ESP
:00483AD7 68C7710000 PUSH 000071C7
:00483ADC 6857EF0000 PUSH 0000EF57
:00483AE1 8D45FC LEA EAX,[EBP-04]
:00483AE4 50 PUSH EAX
:00483AE5 A1B4974D00 MOV EAX,[004D97B4]
:00483AEA 8B00 MOV EAX,[EAX]
:00483AEC B9A10A0000 MOV ECX,00000AA1
:00483AF1 8BD3 MOV EDX,EBX -->> UserName
:00483AF3 E884040500 CALL 004D3F7C -->> encrypsi UserName

:004D3F7C 55 PUSH EBP
:004D3F7D 8BEC MOV EBP,ESP
:004D3F7F 83C4F4 ADD ESP,-0C
:004D3F82 53 PUSH EBX
:004D3F83 56 PUSH ESI
:004D3F84 57 PUSH EDI
:004D3F85 33DB XOR EBX,EBX
:004D3F87 895DF4 MOV [EBP-0C],EBX
:004D3F8A 8BF1 MOV ESI,ECX
:004D3F8C 8955FC MOV [EBP-04],EDX
:004D3F8F 8B7D08 MOV EDI,[EBP+08]
:004D3F92 33C0 XOR EAX,EAX
:004D3F94 55 PUSH EBP
:004D3F95 680C404D00 PUSH 004D400C
:004D3F9A 64FF30 PUSH DWORD PTR FS:[EAX]
:004D3F9D 648920 MOV FS:[EAX],ESP
:004D3FA0 8BC7 MOV EAX,EDI
:004D3FA2 E851FDF2FF CALL 00403CF8
:004D3FA7 8B45FC MOV EAX,[EBP-04]
:004D3FAA E8C5FFF2FF CALL 00403F74 -->> Hitung panjang username !
:004D3FAF 84C0 TEST AL,AL -->> 0 ?
:004D3FB1 7643 JBE 004D3FF6
:004D3FB3 8845FB MOV [EBP-05],AL
:004D3FB6 B301 MOV BL,01 -->> counter
:004D3FB8 8D45F4 LEA EAX,[EBP-0C]
:004D3FBB 33D2 XOR EDX,EDX
:004D3FBD 8AD3 MOV DL,BL
:004D3FBF 8B4DFC MOV ECX,[EBP-04] -->> UserName
:004D3FC2 8A5411FF MOV DL,[EDX+ECX-01]
:004D3FC6 8BCE MOV ECX,ESI -->> Esi = constanta = 0AA1h = 2721d
:004D3FC8 C1E908 SHR ECX,08 -->> Shr dengan 8 !
:004D3FCB 32D1 XOR DL,CL -->> Xor UserName dengan CL
:004D3FCD E8CAFEF2FF CALL 00403E9C
:004D3FD2 8B55F4 MOV EDX,[EBP-0C]
:004D3FD5 8BC7 MOV EAX,EDI
:004D3FD7 E8A0FFF2FF CALL 00403F7C
:004D3FDC 33C0 XOR EAX,EAX
:004D3FDE 8AC3 MOV AL,BL
:004D3FE0 8B17 MOV EDX,[EDI]
:004D3FE2 0FB64402FF MOVZX EAX,BYTE PTR [EAX+EDX-01] -->> encrypted char dari Username
:004D3FE7 03F0 ADD ESI,EAX
:004D3FE9 0FAF7510 IMUL ESI,[EBP+10] -->> EBP + 10 = const = 71C7h = 29127d
:004D3FED 03750C ADD ESI,[EBP+0C] -->> EBP+C = const = EF57h = 61271d
:004D3FF0 43 INC EBX
:004D3FF1 FE4DFB DEC BYTE PTR [EBP-05]
:004D3FF4 75C2 JNZ 004D40B8
:004D3FF6 33C0 XOR EAX,EAX
:004D3FF8 5A POP EDX
:004D3FF9 59 POP ECX
:004D3FFA 59 POP ECX
:004D3FFB 648910 MOV FS:[EAX],EDX
:004D3FFE 6813404D00 PUSH 004D4013
:004D4003 8D45F4 LEA EAX,[EBP-0C]
:004D4006 E8EDFCF2FF CALL 00403CF8
:004D400B C3 RET

:00483AF8 BB16700000 MOV EBX,00007016 -->> EBX = const ! = 28694d
:00483AFD 8B45FC MOV EAX,[EBP-04]
:00483B00 E86F04F8FF CALL 00403F74
:00483B05 8BD0 MOV EDX,EAX
:00483B07 85D2 TEST EDX,EDX
:00483B09 7E22 JLE 00483B2D
:00483B0B B801000000 MOV EAX,00000001 -->> Counter + encrypted part !
:00483B10 8B4DFC MOV ECX,[EBP-04] -->> encrypted username

:00483B13 0FB64C01FF MOVZX ECX,BYTE PTR [EAX+ECX-01]
:00483B18 8BF0 MOV ESI,EAX
:00483B1A 03F6 ADD ESI,ESI
:00483B1C 03CE ADD ECX,ESI
:00483B1E 0FAFC8 IMUL ECX,EAX
:00483B21 03D9 ADD EBX,ECX
:00483B23 81C366470A00 ADD EBX,000A4766 -->> 673638d
:00483B29 40 INC EAX
:00483B2A 4A DEC EDX
:00483B2B 75E3 JNZ 00483C10

:00483B2D 33C0 XOR EAX,EAX
:00483B2F 5A POP EDX
:00483B30 59 POP ECX
:00483B31 59 POP ECX
:00483B32 648910 MOV FS:[EAX],EDX
:00483B35 684A3B4800 PUSH 00483B4A
:00483B3A 8D45FC LEA EAX,[EBP-04]
:00483B3D E8B601F8FF CALL 00403CF8
:00483B42 C3 RET

Source diatas rasanya sudah cukup jelas untuk membuat keygen-nya, gua mengkodekan key generatornya dalam C++ :