Why arn't there any tutorials for this stuff? Now days it seems like CORE, DAMN, and TMG are the only guys that know how to crack this stuff. Why don't they put out tutorials?? They chose not to share their knowledge?

Does anyone have any links on this kind of stuff? For new programs? I would love to learn about crypto keygenning... but I cannot find a place to start!!

Thanks guys.
x30n-

think tE runs a crypto site with source etc.. also topic in #tmg's channel topic was 'Need ECC info/sources ? -> http://www.manning.com/Rosing/'

hrm.. thats about all i know off the top of my head theres more im sure...

http://egoiste.cjb.net/ forgot the link heh..

Ok, you have to realize a few things :

1) These people are no crypto geniouses :
they did not invent new methods to break
the algorithms, they either use the methods
that are public, or sometimes they find
attacks against specific implementations of
these algorithms. Some of these latter attacks
are smart and elegant, but they don't question
the strengh of the algorithms themselves.

2) If you're interested in the algorithms, the
cryptanalysis methods are public and
described in the crypto litterature, and most
of them can be found for free on the internet.
Understanding some of these cryptanalysis
methods require very advanced math
background, but anybody can use the
implementations of these methods. For
instance, when many crackers explain they
'broke RSA', it actually means that they just
ran a QS program they understand nothing
about for a few dozen hours.

3) If you are looking for implementations
attacks, there are plenty of different ones ;
therefore, I would suggest you to first
understand how the existing ones are done
by studying the keygens and also going on
IRC to discuss with these guys (or others,
new keygen tricks are known quite fast on
IRC). As I said, there are plenty of different
ones, and talent and imagination will be
required to find new ones.

4) Why they don't make tutorials ? As a
non-technical and heavily subjective question,
I think only these people can answer properly
to it.

Spath.

idaw.exe c:\keygen.exe
and get the private private key X Or P and Q
they are always in clair !
but diassamble first the target to get the
modulus N for rsa or p g y
/screendump c:\keyz
for example thematic chroma
x=6A60524225B9
get the egoiste source code
miracl lib and play avec ces pirates.

For some good info on ECC (Elliptic Curve Crypto) check out the tutorial and other info at http://www.certicom.com/research.html

Also, do check out the link to the Manning book above. It's a great resource for ECC info.

I can maybe find a spot an post a short paper I did for my number theory class on ECC as well if enough ppl want it.

HTH

Kythen

Public key keygen is going to work one of two ways, both of which have their weaknesses.

One way is to have encrypted code. You have to type in the key to decrypt it, which is impossible if you don't know the key. There might be a way to brute force it if they chose *really* small parameters, but usually they don't. However, once the code is decrypted, it can, of course, be dumped to disk, at which point you can make a version w/out encryption.

Another way is to use it as a hash function: decrypt the key using RSA and see if it matches a built-in string. This one is easy: generate your own keypair and replace the key in the app. Encrypt the string it's comparing against under your other key.

All crypto can do for you in an app is prevent someone from brute-forcing a valid key. It's not a magic wand or a silver bullet. If you want functionality that no one can reverse-engineer, it has to run on a processor over which the cracker has no control.