Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

cracking

Name: Anonymous 2007-03-30 7:55 ID:26IyGqY2

old licenseinfo was [ 00 00 38 04 00 00 00 00 ]
                            ^
         the upper two bits of this control the user-limit

               00 = 25 users (as above)
               01 = 100 users
               10 = 250 users
               11 = unlimited

this new licenseinfo qword indicates an unlimited user allowance:

licenseinfo = [ 00 00 F8 04 00 00 00 00 ]

hostid = "F449C514" (as reported by version.exe)
key = hostid padded by zeroes to 64 bytes

raptorsecret = "Copyright (c) 1999 Axent Technologies.", 0

W = HMAC(raptorsecret, key)
  = MD5(key XOR opad, MD5(key XOR ipad, raptorsecret))
  = MD5(key XOR opad, MD5(

    [ 01 0E 72 0F  02 77 73 04  36 36 36 36  36 36 36 36
      36 36 36 36  36 36 36 36  36 36 36 36  36 36 36 36
      36 36 36 36  36 36 36 36  36 36 36 36  36 36 36 36
      36 36 36 36  36 36 36 36  36 36 36 36  36 36 36 36
       43 6F 70 79  72 69 67 68  74 20 28 63  29 20 31 39
      39 39 20 41  78 65 6E 74  20 54 65 63  68 6E 6F 6C
      6F 67 69 65  73 00 ]

    )
  = MD5(key XOR opad, [ 92 4F 73 C8 05 36 91 C5 F3 1B 37 2F EE 5D 78 AB ])
  = MD5(

    [ 1A 68 68 65  1F 69 6D 68  5C 5C 5C 5C  5C 5C 5C 5C
      5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C
      5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C
      5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C  5C 5C 5C 5C
      92 4F 73 C8  05 36 91 C5  F3 1B 37 2F  EE 5D 78 AB ]

    )
  = [ 6E 2A 36 65 F7 98 08 9B ] (remaining 8 bytes discarded)

F'G' = W XOR licenseinfo
     = [ 00 00 F8 04 00 00 00 00 ] XOR [ 6E 2A 36 65 F7 98 08 9B ]
     = [ 6E 2A CE 61 F7 98 08 9B ]

H = HMAC(F'G', key)
  = MD5(key XOR opad, MD5(key XOR ipad, F'G'))
  = MD5(key XOR opad, [ 9A DF 92 1F D5 50 90 FF A4 DB DD B2 F9 E9 85 FD ])
  = [ 5B 17 4D 6A ] (other 12 bytes discarded)

F = F' XOR H = [ 6E 2A CE 61 ] XOR [ 5B 17 4D 6A ] = [ 35 3D 83 0B ]
G = G' XOR H = [ F7 98 08 9B ] XOR [ 5B 17 4D 6A ] = [ AC 8F 45 F1 ]

L = FGH = [ 35 3D 83 0B AC 8F 45 F1 5B 17 4D 6A ]

convert to base 32 license key:

L = binary string 00110101001111011000001100001011
                  10101100100011110100010111110001
                  01011011000101110100110101101010

split L into 4 groups of 4 fives, overlapped by 1:

00110 10100 11110 11000 00110 <- last bit of this line and first bit of next
                                 line are the same value
00001 01110 10110 01000 11110 <-  .. same for this line

01000 10111 11000 10101 10110 <-  .. and this line too

00010 11101 00110 10110 10100 <- last bit of this line is not used and may
                                 also be set to 1 without negative effect.
                                 axent-generated keys possibly leave this as
                                 zero, as with our original 25 user key

using digits QWERTYUPASDFGHJKLZXCVBNM65324978 convert to base 32 string:

license key = "UV76U-WJNA7-AM6BN-E9UNV"

(or UV76U-WJNA7-AM6BN-E9UNB with last bit set)

Name: Anonymous 2007-03-31 0:42 ID:b0iPOPCD

very nice keygen over there,
even though i personally find keygens not to be very useful compared to cracks(why would i want to spend a day or two analyzing some useless algo that might not even be bruteforceable(if implemented correctly) in a reasonable amount of time), and in some cases keygens are not feasible at all(ex. when using DRM's from protectors like ASPR1,2/Armadillo, unless you replace the RSA keys, but then an unwrapped version would run better anyway without that lame layer and other people could reverse the code as well, instead beeing limited by the protections layer), one can simply unwrap those and patch it up =)
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -