Log in

View Full Version : ARTeam: Reversing Xilisoft, by Nieylana


Shub-nigurrath
March 4th, 2009, 04:23
Hi everyone,

Nyelana have recently been doing some work with Xilisoft Products, below is a link to my newest tutorial, this tutorial does not mention any specific target, nor does it show you how to crack/patch/keygen any of their software but explains how the crypto things works.

When you register a Xilisoft Product you enter a name/serial, the serials validation itself is not dependant on the name, so i started wondering what the name was for, so i looked for it in the registry, and i noticed the serial wasn't stored there, but rather an 'encrypted' form of it, this tutorial will take you on my adventure to find this encryption routine, and fully understand it and be able to replicate it.

Sources have been provided in VB6 by nyelana (complete application for encrypting/decrypting data), source code is also provided in C by Ghandi, this is provided for those who prefer C/C++ to make a reasonable implementation of their encryption routine.

Also included in the package is a Flowchart (from IDA) in .xps format of the main encryption/decryption routine to further help you understand it, (this flowchart is also included at the end of the tutorial, on the last page).

NOTE: If you haven't a reg key, there's plenty around, and even tutorials around on it, search. Also, Xilisoft uses this same routine for storing all the trial information, this isn't discussed in the paper, but once you understand the routine you can easily find these 'keys' with Olly

http://xchg.info/ARTeam/Tutorials/?dir=ARTeam_Tutorials/&file=XiliCrypt_Reversing_Xilisoft_Encryption_Routine_by_Nieylana.rar

JMI
March 4th, 2009, 14:47
Again, as always, thanks Shub for sharing your efforts with our readers!



Regards,

newhak
April 1st, 2009, 05:26
best one mate