a decent percentage of people here would voluntarily run a bitcoin miner from them if it meant getting more plugins.

On YT page, this guy or people mention that R2R protect their keygens so "developer cannot figure out how they did it".
That seems like the commenter has no idea what R2R's keygens even do. The developer already knows how their own installer/plugin creates challenge and response data, what is in their own usual generated authorization files, and key routine. What they really want to see is the patch points that were found in their app, plugin, whatever; and the patch. They do not like keygens because in the event people leak back the credentials they used to authorize, it makes it more difficult to link any un:pw pairs to any common source. VR's Shaperbox 3.5 that deauthorized on everyone is a good example of why keygens can be a better option. A small Team used the identical fake email as VR's Shaperbox; and whatever else, in some other CG plugins which were released.

 

R2R has been around forever.

Consider how many "investigative" types you find on the internet. They're all over the place furrowing through every inch of data! Were the garbage this guy is attempting to sell actually true *and meaningful*, we would have been hearing about these issues, no less keyloggers, many times over for years. Yet somehow, out of nowhere, and just after these other issues with "AP Mastering", we're supposed to believe this self-admitted non-expert has single-handedly discovered these insidious revelations.

I'm not buying it. I look forward to the likely soon-to-come R2R nfo that puts it into place. If R2R chooses not to comment, I'll revisit this video and consider it further, but for now I'm calling it clickbait bull$hit.

 

some of us like crab. especially alaskan king crab.

 

This doesn't mean anything, date modified can be updated in many ways, including ways that do not alter the file at all (like using the command touch). I'm on R2R's side, but this thread is offering arguments much weaker than the video itself.

We now know the release and the tool, anyone can download capo and the Keygen and check it for themselves. Maybe we should start from there and then figure out if the Keygen phones home. The fact that the Keygen shows up as having a keylogger might also not mean that it keylogs all inputs, it might be expecting something specific that triggers this detection.

It's always good to keep an open mind and understand that it only takes one move from any cracking group to fuck you up, that's a risk everyone puts themselves willingly for free stuff. It's important to keep things objective.

 

Yes, it’s clear that he could have hidden the file date if he wanted, but I just meant to show how his experiment doesn’t prove anything from the start. I of cource could also compare the hashes shown in the video and even check the original keygen in Capo, but I’m too lazy to download the original 2GB release. More importantly, all his previous actions and words in the video speak for themselves—they are full of complete stupidity and unprofessionalism. This is obvious even to me, and I’m not an expert in reverse engineering. If R2R were to react to this, it would be like casting pearls before swine. Look how video, full of nonsense and amateurish rubbish, attracted 2,600% more views than his usual content.

 

Last edited: Oct 25, 2025 at 2:06 AM

Why do you waste your time watching this bullshit? Probably, some tools are more secure in the R2R versions rather than the original ones..

 

hello everyone in this thread. It is me, Mr or Mrs R2R. I have unfortunately been tracking your every move. A few weeks ago, I gained full access to the devices you use to surf the internet. Shortly after that, I started recording all your online activities.

While gathering information about you, I couldn't help but notice that you regularly visit adult websites. You enjoy viewing adult sites and touching yourself sinfully. It was very difficult for me to resist recording some of these obscene scenes involving you and compiling them into a video.

With just one click of the mouse, all those indecent videos featuring you will be sent to your friends, colleagues, and relatives. What's more, nothing is stopping me from posting all this spicy content on audiosex.pro for everyone to see. I sincerely hope that you really don't want this to happen as it will completely ruin your reputation. However, don't worry, there is a way to solve this problem.

You need to transfer 69 million USD to my account (the amount in Bitcoin will depend on the exchange rate at the time of transfer). This is a very [ ! ] small amount compared to the potential problems I can cause you. You have no idea what I can do with all this information about you...

Ok, jokes aside. I for the most part copy pasted this from one of many junk mails in my inbox, my email was in multiple crypto related data breaches, so they are never ending. A friend of mine also got one of these, and thought it was real, so he WENT ON ALL OF HIS SOCIAL MEDIA AND POSTED A VIDEO, saying something like "hey guys, ive been demanded ransom or else the hacker will post videos of me in compromising situations, I just want to let you guys know, that i can't afford his ransom, so please do not open any attachments that may come from an unknown address, and please understand that he edited the video to make it look like i was watching something that i wasnt"..... He then said he does have three days, and if anyone could help bail him out, he would pay them back... Poor guy. He got roasted so hard he had to move.

 

looks like its time for a wave of these “unveil the evil of cracked software” posts.

I’m almost completely legit when it comes to FX and VSTs nowadays, running a very minimal setup after having wasted time downloading and installing probably every major FX/VST release in the past.

I never had a single problem with any audio software release downloaded from my custom known places. The thing is, when you get it from places that have proper forums and are specialized in audio, if there were any problems with a compromised release, there would quickly be hundreds of people ringing the alarm. Also, in such places, a pretty big chunk of people are knowledgeable about programming and how these things work and how they shouldn’t work.

The only time (and I’m talking around 20 years of installing all sorts of crap) I ever had a problem at all was with an actual real virus on some fixed productivity package, not audio related and it was from some random source. I don’t even remember the name, but that was it.

This is the third video out with the same pathetic clickbait content in just a couple of days. Like that annoying hysterical drama-queen audio YouTuber who just got his app fixed by R2R after being an annoying b***, talking all sorts of clueless smack about the audio-release scene.

Well, after just a couple of days, guess what, R2R took his silly plugin and fixed it! lol


edit: fixed* apps need code injection, API hooking, obfuscation, non-standard file behavior, and virtual machine detection. Those actions, common in circumvention, mimic behaviors of malware and cause antivirus programs to flag them as infections. What do people think makes all those *fixes work, some magic dust?!

.

 

Last edited: Oct 25, 2025 at 4:10 PM

I only WISH R2R would log my keystrokes.

 

You'd like to think this is what would happen, and I have often seen people say the same thing when they say they do not use a malware scanner. They "just know" there are all these people out there taking apart every plugin, or whatever else they do to audit code, verify releases, etc.

That's not the way that would play out at all, because none of them would even know which files to look at. Unless of course, they did every single release. Hoping someone else will notice something suspicious will not stop anything. Hope is not a plan.

Most malware do not flip your screen upside down, open and close your dvd-rw drive, and start playing chiptunes music at you while they disable cpu fans and start overclocking. Saying you have been doing this stuff for 20 years and never had a problem illustrates my point. You've never had a problem that you were aware of. That's the whole reason behind malware being made stealthy. You can't rely on heuristics to catch every last thing, and if companies like VirusTotal do not have a sample for comparison; they may miss something stealthy and brand new with no shared detections yet, entirely. Thats how real cyber criminal groups can have 50,000+ machines in a botnet swarm. Surely no-one thinks that all of those users never check anything.

 

on a side note, any computerprogram which lets you enter characters in a textfield and save the document to disk, performs "keylogging".

 

Sounds like a declaration! Go ahead

 

What about keyboards? Every keyboard connected to computer logs keystrokes

 

No. they do not. Every keyboard sends keystrokes to the computer, but only systems with keylogging software or hardware actually record them.

 

Instead of all the arguing, why not try to replicate his results..?

 

I just checked my bank statement and a mystery Russian has transferred 100,000 rubles to me. Thanks R2R!

 

I did. got similar results. i wont judge. thats on individuals how they wanna take it.

Spoiler: results

┌───────────────────────┬──────────────────────────────────────────────────────────────────────────┐
│ ATT&CK Tactic │ ATT&CK Technique │
├───────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│ COLLECTION │ Input Capture::Keylogging [T1056.001] │
│ DEFENSE EVASION │ Hide Artifacts::Hidden Window [T1564.003] │
│ │ Obfuscated Files or Information [T1027] │
│ │ Virtualization/Sandbox Evasion::User Activity Based Checks [T1497.002] │
│ DISCOVERY │ Account Discovery [T1087] │
│ │ Application Window Discovery [T1010] │
│ │ File and Directory Discovery [T1083] │
│ │ System Information Discovery [T1082] │
│ │ System Location Discovery [T1614] │
│ │ System Owner/User Discovery [T1033] │
│ EXECUTION │ Command and Scripting Interpreter [T1059] │
│ │ Shared Modules [T1129] │
└───────────────────────┴──────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────┬──────────────────────────────────────────────────────────────────────────┐
│ MBC Objective │ MBC Behavior │
├──────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│ ANTI-BEHAVIORAL ANALYSIS │ Debugger Detection::Process Environment Block NtGlobalFlag [B0001.036] │
│ │ Debugger Detection::Timing/Delay Check GetTickCount [B0001.032] │
│ │ Virtual Machine Detection::Human User Check [B0009.012] │
│ COLLECTION │ Keylogging::Polling [F0002.002] │
│ CRYPTOGRAPHY │ Encrypt Data::RC4 [C0027.009] │
│ │ Encryption Key::RC4 KSA [C0028.002] │
│ │ Generate Pseudo-random Sequence::RC4 PRGA [C0021.004] │
│ DATA │ Encode Data::XOR [C0026.002] │
│ DEFENSE EVASION │ Obfuscated Files or Information::Encoding-Standard Algorithm [E1027.m02] │
│ DISCOVERY │ Analysis Tool Discovery::Process detection [B0013.001] │
│ │ Application Window Discovery [E1010] │
│ │ Code Discovery::Enumerate PE Sections [B0046.001] │
│ │ File and Directory Discovery [E1083] │
│ │ System Information Discovery [E1082] │
│ EXECUTION │ Command and Scripting Interpreter [E1059] │
│ FILE SYSTEM │ Create Directory [C0046] │
│ │ Delete File [C0047] │
│ │ Read File [C0051] │
│ │ Writes File [C0052] │
│ OPERATING SYSTEM │ Environment Variable::Set Variable [C0034.001] │
│ PROCESS │ Create Process [C0017] │
│ │ Terminate Process [C0018] │
└──────────────────────────┴──────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────┬─────────────────────────────────────────────────┐
│ Capability │ Namespace │
├────────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ reference analysis tools strings │ anti-analysis │
│ check for PEB NtGlobalFlag flag │ anti-analysis/anti-debugging/debugger-detection │
│ check for time delay via GetTickCount │ anti-analysis/anti-debugging/debugger-detection │
│ check for unmoving mouse cursor │ anti-analysis/anti-vm/vm-detection │
│ get geographical location (4 matches) │ collection │
│ log keystrokes │ collection/keylog │
│ log keystrokes via polling (2 matches) │ collection/keylog │
│ encode data using XOR │ data-manipulation/encoding/xor │
│ encrypt data using RC4 KSA │ data-manipulation/encryption/rc4 │
│ encrypt data using RC4 PRGA (2 matches) │ data-manipulation/encryption/rc4 │
│ accept command line arguments (3 matches) │ host-interaction/cli │
│ set environment variable (2 matches) │ host-interaction/environment-variable │
│ get common file path (4 matches) │ host-interaction/file-system │
│ set current directory │ host-interaction/file-system │
│ create directory │ host-interaction/file-system/create │
│ delete file │ host-interaction/file-system/delete │
│ enumerate files on Windows │ host-interaction/file-system/files/list │
│ read file on Windows │ host-interaction/file-system/read │
│ clear file content │ host-interaction/file-system/write │
│ write file on Windows (2 matches) │ host-interaction/file-system/write │
│ find graphical window │ host-interaction/gui/window/find │
│ get graphical window text │ host-interaction/gui/window/get-text │
│ hide graphical window (3 matches) │ host-interaction/gui/window/hide │
│ get memory capacity │ host-interaction/hardware/memory │
│ get disk information │ host-interaction/hardware/storage │
│ get hostname │ host-interaction/os/hostname │
│ get system information on Windows (2 matches) │ host-interaction/os/info │
│ create process on Windows (4 matches) │ host-interaction/process/create │
│ terminate process (3 matches) │ host-interaction/process/terminate │
│ get session user name │ host-interaction/session │
│ access PEB ldr_data │ linking/runtime-linking │
│ link function at runtime on Windows (11 matches) │ linking/runtime-linking │
│ link many functions at runtime │ linking/runtime-linking │
│ enumerate PE sections │ load-code/pe │
│ parse PE header (2 matches) │ load-code/pe │
│ resolve function by parsing PE exports (4 matches) │ load-code/pe │
└────────────────────────────────────────────────────┴─────────────────────────────────────────────────┘

 

same "issue" as the one who did the video... you are analyzing it like a malware using a human antivirus-like approach...
ofc you will get these results... individuals would take it as they wanna take it... but that's not proper reverse engineering...

 

all keygen does is
Input:
HWID = "1234-ABCD-5678-EF90-1122-3344"
Version = 12
Process:
→ Generate random serials
→ Sign them using DSA
→ Create license text lines
→ Save them to "Authorize.auz"

Output:
File "Authorize.auz" with signed license info

it asks for your HWID + version, makes random serials, signs them with a DSA key, and saves them to a license file Ableton would accept as genuine.

i have reversed the keygen logic and made a keygen as audiowarez release.

if unziped using 7zip there will be 4 files as 2 dll and 1 exe and 1 s3m file (music) the bassmod.dll is for playing audio and the exe is gui that load the dll. the dll contain all logic for key generation.

DSA ?
Core idea (simple)

• You generate a private key (secret number) and a matching public key.
  
  
• To sign a message you use the private key (and some random data) to produce a signature (two numbers).
  
  
• Anyone with the public key can check the signature and be confident:
  
  
  1. The signature was made by the private key owner.
     
     
  2. The message wasn’t changed.

 

I'm all for closing down this thread!