Keygenerator and Patching Framework

The principle behind this project is probably best explained by explaining the problem that it aims at solving.

There exists, today, a variety of key-generator and patching programs which puport to either generate useable license keys for software which require them, or patch that software so that it either accepts any license key or doesn't require a key at all, anymore. Debating the ethics or legality of using or creating generators for specific software applications is outside of the scope of this project.

The problem with these key-generators and patchers is that each one could be a trojan-horse, carrying with it a payload of malware which infects the user's machine while generating their key or making the software patch. Now, for a pure key-generator, it can be run inside of a virtual machine like VMWare or Xen or VirtualBox, where the key-generator is welcome to infect the "sandboxed" guest operating-system, and the user can just copy the text of the generated key and paste it into the software they're trying to unlock.

However, as time goes on, more software is adopting cryptographically-signed license keys, making it prohibitively difficult to generate valid keys even when the entire verification process is known. In cases like this, one of the only viable solutions is to patch the actual software application to alter the public encryption key to one which the key-generator can generate keys for. In these cases, the keygen/patching software needs to have write-access to the software binaries and, hence, the sandbox principle of using a virtual machine won't work, and the user must put their entire PC at risk.

The notion of only using key-generators from "reliable sources" is not an option because the sources of these applications must lurk in the shadows due to questions regarding the legality of these programs. Hence, none of the keygen authors dare maintain any public presence which could be used to assure users that their keygens contained no malware.

A possible solution (which is the solution proposed here), is to have one application which acts as a proxy for the key generators and patchers. The thinking being that users would download a copy of the framework once from a trusted source, and then, any keygenerators they download would do their work through the framework application.

The primary aim of the framework application would be assuring as much disclosure to the user as possible, including the following features:

• Open-source, so that any user can inspect the source code of the keygenerator/patching framework for malware or trojan-horse code
• A public website where users could download a known-clean copy of the framework application
• The framework application itself would notify (and require permission from) the user regarding each individual file that it wanted to patch.

Now, here's the catch. In order to make this work, the code which generates the keys and/or decides what to patch cannot be plain binary executables. They will need to be in some interpreted language which can be scrutinized by the framework application (in much the same way that the Java virtual machine checks the bytecode of .class files). So, the individual key-generators which the user downloads would be "scripts" in a way. The language these scripts will be written in will support all of the mathematical and string operations which a typical key generator might require (ie, random number generation, bitwise logical and shift operations, CRC and other hash functions, cryptographic functions, substring, charAt, etc.). It will also provide for these scripts to be able to search for strings (character or hex) and, with strict limitations, be able to write data to files on the computer.