FrankRizzo
April 25th, 2007, 18:26
Hey guys, I'm working on a target, and have ripped enough of their code from the install routine to make a keygen, but it was so simple and unsatisfying that I have endeavored to learn what it actually DOES. I've rewritten most of the ASM in C, and it still works, (Always a good sign!), But I'm wondering if any of you guys can tell me what these functions are. (For instance if they are part of a larger encryption routine, if they are mini-TEA, a bastardized SHA-1, or a horrible hack of DES). Mods relax, I've removed the identifying things, and I'm posting only functions, not the glue that holds them together, and makes them work.
OK, here's the first one:
Does that ring anyone's bell?
OK, here's the 2nd one:
The ASM output for that function was quite impressive. I learned about how to divide by multiplying by magic numbers. Quite interesting!
Now, the next function, I have yet to fully convert from ASM, any help in that avenue is also welcome. (Along with any identification type things).
OK, and lastly, a relatively simple function, but I figured someone might know it:
I believe this to be some kind of hashing function, but I'm not really sure. The value passed in is 0x1B when it's used.
So, there you have it, do these look familiar to anyone?
OK, here's the first one:
Code:
unsigned long MultPkgNSerial(void)
{
short len, count;
unsigned long serialProduct, packageProduct;
serialProduct = toupper((unsigned char)serial[0]);
len = strlen(serial);
for (count = 1; count < len; count++)
{
serialProduct *= toupper(serial[count]);
}
packageProduct = toupper((unsigned char)package[0]);
len = strlen(package);
for (count = 1; count < len; count++)
{
packageProduct *= toupper(package[count]);
}
return ( (serialProduct * packageProduct * PRODUCT_VERSION) ^ (0xFB4978E - PRODUCT_VERSION) ) + 0xFFFFFFFF;
}
Does that ring anyone's bell?
OK, here's the 2nd one:
Code:
void ProcessChecksum(char *checksum, unsigned long previous)
{
unsigned long dividend, quotient;
dividend = WeirdFactorial( atoi(checksum), previous );
quotient = dividend / 9;
results[5] = dividend - (quotient * 9);
dividend = quotient;
quotient = dividend / 3;
results[4] = dividend - (quotient * 3);
dividend = quotient;
quotient = dividend / 20;
results[3] = dividend - (quotient * 20);
dividend = quotient;
quotient = dividend / 10000;
results[2] = dividend - (quotient * 10000);
dividend = quotient;
quotient = dividend / 27;
results[1] = dividend - (quotient * 27);
results[0] = quotient;
}
The ASM output for that function was quite impressive. I learned about how to divide by multiplying by magic numbers. Quite interesting!
Now, the next function, I have yet to fully convert from ASM, any help in that avenue is also welcome. (Along with any identification type things).
Code:
unsigned long WeirdFactorial(unsigned long arg0, unsigned long arg4)
{
unsigned long EAX, EBX, ECX, EDX, ESI, EDI;
// Init our values
EAX = EBX = ECX = EDX = ESI = EDI = 0;
ECX = 1;
EAX = arg4;
ECX -= EAX;
if (EAX & 0x02)
{
return (EDX);
}
EDX = ECX;
EAX = 1;
do
{
EAX += EDX;
EDX *= ECX;
}
while (EDX != 0);
EDX = arg0;
EDX *= EAX;
return (EDX);
}
OK, and lastly, a relatively simple function, but I figured someone might know it:
Code:
unsigned long ModSumPlus1(char * string, unsigned long value)
{
short len, count;
unsigned long sum = 0;
len = strlen(string);
for (count = 0; count < len; count++)
{
sum += toupper(string[count]);
}
sum %= --value;
sum += 1;
return (sum);
}
I believe this to be some kind of hashing function, but I'm not really sure. The value passed in is 0x1B when it's used.
So, there you have it, do these look familiar to anyone?
