tE!
November 3rd, 2001, 09:45
Hi there.
As you might have noticed one of the prime factors of N
is 3 and as you know the size of P and Q should normally not differ too much. All I wanted to say with posting that example
is that it depends also a lot on carefully chosen parameters for
the RSA system (goatass already said it might be useful to
search for weak points in the implementation). The N I posted will be factored in no noticable amount of time by every lame
factoring program which starts with trial division by small primes.
---
Recca/DAMN could break the RSA-1024 system in older versions
of Asprotect, because he discovered a weakness in Asprotect's
primenumber generator. Alexey used a .dll (which has been
stored inside the asprotect.exe as compressed resource) to
generate both primenumbers P and Q. To manage this he used
some shitty pseudo random number generator (PRNG) routine to generate
512 bits of 'random' data for each number, P and Q. Then he tested if those numbers are prime. If not -> increase number
and test again. <- Loop. The prng he used was similar to the C rand() function. But it comes even worse. As SEED value for this
crap generator he used a 32(!) Bit value which was some mixture
of ThreadID XOR some Timestamp if I remember right
Well, everyone can see now how it was possible to break this
lame crap. There was no need to factor the public modulus N.
All efforts could be reduced to a complexity of max. 2^32
bruteforce attempts using the ripped prime number generator
from Alexey and perform one trial modulus operation for each
seed value, thus each generated primenumber. Basically:
1) seed=-1;
2) seed++;
2) Prime=GeneratePrimeUsingAlexeysShit(seed);
3) remainder=N%Prime
4) If (remainder==0) -> P=Prime, Q=N
5) Else goto 2
Infact the complexity wasn't even 2^32 (means you would
not start with seed=0) because of the timestamp he used in the
seed. TMG released keygens for asprotected programs, too and
we measured on my Athlon 800 that it was possible to factor
*every* asprotect key in max. 12h. We could find parameters
P&Q for some programs in less than 20 minutes even. Not bad
for such super-secure program like asprotect
Sidenote: As many other routines in Asprotect (compression, polyengine...) the .dll Alexey used hasn't been coded by himself, as usual...Well, at least he's good in 'borrowing' other peoples
code.
Another leeto who fucked up his RSA-512 'protection' in his
ugly Asprotect clone was/is Bruno Branciforti in his
License Control v1.01 application. I'm not gonna post here
what he did wrong, because we released a keygen for this
program and good old Bruno already tried to bother us on
IRC for info how we made that (the moron came into our
chan using a fake nick and introduced himself as cracker - lol).
Oke, hope someone finds this posting useful.
Regards,
tE![TMG]