Keygen
From Wikipedia, the free encyclopedia
 |
This article is in need of attention from an expert on the subject. WikiProject Law or the Law Portal may be able to help recruit one. (November 2008) |
 |
This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (March 2007) |
A keygen (an abbreviated form of "key generator") is a small program that will generate valid CD keys or serial/registration numbers for a piece of software. These are made available by software cracking groups for free download on various websites dedicated to software piracy. In some countries, the use of keygens to activate software without purchasing a genuine code is illegal.
Contents |
[edit] How registration key generators work
The author of a keygen typically uses a disassembler to look at the raw assembly code of the program for which he or she is writing the keygen, checking either the software itself or the installer. Once he or she has access to the program's code, he or she may locate the subroutine(s) responsible for verifying that the key entered is valid. Using this knowledge, he or she may reverse engineer the algorithm used to generate valid keys, which is then incorporated into the keygen.
With weaker serial protection schemes a complex reverse is not required as the key-checking code itself in the original application can be effectively copied and incorporated into a keygen. Weaker schemes sometimes internally generate a correct key inside the original application for comparison purposes (to check if the entered key is correct).
Some keygens use a brute force approach or brute force hybrid approach to creating valid keys. In these instances, rather than produce an exact reverse of the key check algorithm, the attacker uses a search technique, testing many possible combinations per second against the key validation check until a given combination produces a valid key. This technique was used by cracking group Razor1911 in their keygen released for the game Warcraft 3. It was also famously used in a Windows XP product key generator.
Sometimes keygens have code incorporated into the keygen to change the written code of a program in order for the code that is given via the keygen to work, but this is not typically done for a keygen, as it is considered 'impure' when a crack must be used inconjunction with a keygen; true keygens are considered as such when they generate valid keys and do not require an additional 'crack' i.e. modification to the original application code for generated keys to be accepted.
[edit] Problems with keygens
Legal issues aside, there are two major issues in using keygens: Product activation and online key verification.
Keys generated with a key generator may not work with software that is used online, including downloading software updates. This is because the user must confirm his or her serial number every time the software connects to the server, and the key may be invalid for various reasons.
One reason is that the cracker may have misinterpreted the original algorithm, creating a key that was "good enough" to let the software be installed, but not letting all possible future generated keys be valid.
Another reason may be that the software developers only accept keys that they know were distributed with the media during production, or had been issued with an online registration, causing a cryptographically correct key to still be denied.
The third (and dominant) reason is that a secondary unpublished algorithm that is used by the vendor, e.g., to extend the previous example, the characters 0, 7, 9, C, and K are never allowed. The software that confirms the key on the user's machine does not know these numbers and characters are not allowed, and will accept the keygen output, but the online confirmation fails. Windows Genuine Advantage is a notable example of that.
Keys for massively multiplayer online games are different; usually each key is uniquely generated by the producer and included with the product, usually in a tamper-proof medium such as a scratch card or tamper-proof envelope. These keys will usually become uniquely linked to a certain game account upon usage and are rendered "useless" by this process. Therefore, MMOs are not usually subject to piracy.
Keygens, like all programs, may also contain viruses. When the program is opened, instead of (or in addition to) providing a valid key, the program may install harmful software on the computer. Anti-virus software often falsely classify keygens as trojans and remove them. This is mainly due to heuristic algorithms of anti-virus software that detects certain blocks of code and mark them as suspicious.[citation needed]
[edit] Actions taken by software developers
Software developers have tried to prevent piracy by using 'Product Activation', which requires the user to connect to the internet or call a number in order to make a program usable. Newer keygens also contain a method to bypass the product activation. Some software manufacturers like Adobe include telephone activation which requires you to give a special code when you call. A method used by some keygens allows one to type the number given by the product to generate the (telephone) activation code which is then typed into the software. Some software developers, such as Norton, have worked around this by not including this feature or making it harder to locate in the program's code. This makes it harder for cracking groups to write an activation code.
Keygens are widely available but the legality of their use differs internationally.
