peterg70
December 5th, 2001, 08:08
Anyone who has the SDK can you PM me your Sitecode for the SKW.exe please i need to test something out.
You must send via PM
You must send via PM
View Full Version : Crypkey
JMI
December 5th, 2001, 14:50
peterg70:
Is there some reason why you are unwilling to search for your own copy? In a previous thread, started by you, you were provided with more than enough information on where you could find the SDK and how to obtain the password for Installshield. Are you unwilling or simply unable to do a little work on your own? I know the files are available on the "Korean" site that a google search would reveal, because I downloaded them from there myself. It is even on the ftp site of one of the links listed on this forum.
You have complained in other threads about no one helping you, but you do not show any indication that you have done anything to first attempt to help yourself. We learn nothing if we do nothing and simply expect others to give us what we want. If you show that you have made an effort and not had success, someone here, including me, will probably help you to the extent we can.
This is not intended to be a rant or necessarily personal, but is directed at the process by which we learn about this craft. Try first, and then ask, and as others have said, say what you know so far.
Good luck!
Is there some reason why you are unwilling to search for your own copy? In a previous thread, started by you, you were provided with more than enough information on where you could find the SDK and how to obtain the password for Installshield. Are you unwilling or simply unable to do a little work on your own? I know the files are available on the "Korean" site that a google search would reveal, because I downloaded them from there myself. It is even on the ftp site of one of the links listed on this forum.
You have complained in other threads about no one helping you, but you do not show any indication that you have done anything to first attempt to help yourself. We learn nothing if we do nothing and simply expect others to give us what we want. If you show that you have made an effort and not had success, someone here, including me, will probably help you to the extent we can.
This is not intended to be a rant or necessarily personal, but is directed at the process by which we learn about this craft. Try first, and then ask, and as others have said, say what you know so far.
Good luck!
peterg70
December 5th, 2001, 18:17
JMI
I thank you for the response.
I have downloaded the SDk pack both 5.5 and 5.7 and unpacked the skw.exe for the 5.7
If you read the above above you will see i asked for the sitecode not the authorisation code for the skw.exe. The site code is useless to anyone to unpack or register the skw.exe. The reason i need the number generated by the skw.exe licensing is to examine what the options are inside the skw.exe. To do this i need to get a number from someone elses HD since each time i generate a number on my machine i have the same encoding numbers.
Therefore if i can get someone elses SKW.exe i can then examine what encoding numbers are in the sitecode to better understand it.
Like i said in previous post i didn't ask someone to crack/keygen the product rather to point me in the correct direction.
Anyway thanks for the response
I thank you for the response.
I have downloaded the SDk pack both 5.5 and 5.7 and unpacked the skw.exe for the 5.7
If you read the above above you will see i asked for the sitecode not the authorisation code for the skw.exe. The site code is useless to anyone to unpack or register the skw.exe. The reason i need the number generated by the skw.exe licensing is to examine what the options are inside the skw.exe. To do this i need to get a number from someone elses HD since each time i generate a number on my machine i have the same encoding numbers.
Therefore if i can get someone elses SKW.exe i can then examine what encoding numbers are in the sitecode to better understand it.
Like i said in previous post i didn't ask someone to crack/keygen the product rather to point me in the correct direction.
Anyway thanks for the response
JMI
December 5th, 2001, 20:14
peterg70:
Your follow-up post is much more informative about what you are doing and where, apparently you need help. Again, my purpose is not to be a critic, but to show where there is some inconsistency in your post that confuses the response.
First, you stated:
"If you read the above (thread) you will see i asked for the sitecode not the authorisation code for the skw.exe. The site code is useless to anyone to unpack or register the skw.exe."
Let me say that I am a complete novice at working with CrypKey, but the manual, at page 7 states that:
"Send us your site code via email, fax, or phone, along with the other information outlined in Section 1.4.1: Registering with Kenonic to Get Your Developer Keys."
So it does not appear accurate to state that the "site code" is useless for registering.
I assume that you are looking for the Developer Keys, generated after one sends the company the Site Code and they run it through their program to make Developer Keys. I would assume that the skw.exe has a routine to check some form of hash of the site code and the site key to determine whether it is "legitimate." Have you located that?
Did you notice that your skw generated a skw.key file, the first time you ran it? Did you notice, from the manual, the different language at the top of the "license dialogue box" when it is licensed and unlicensed? (See page 8). Maybe examining how that dialogue is changed will lead you to the code which checks the site key. Just a thought. Somewhere there is probably a "good boy-bad boy" jump that finds what you entered in the box as a valid site key to "license" the program.
Your post becomes confusing in the later portion where you ask:
"Therefore if i can get someone elses SKW.exe i can then examine what encoding numbers are in the sitecode to better understand it. "
Are you confusing the ske.exe with the site code you first requested? Is it the site code only that you want?
You also might want to check out a post I made on the General section of about November 11 or 14, about the Microsoft Activation Process that includes a reference to an article explaining how MS calculates site codes and it has links to tools to examine your own machine's M$ "site code", which might give you some understanding of the workings of the CrypKey's determination of that number.
Share a little more about what you think a different site code will permit you to discover and I probably will share my own code.
Have you considered simply altering the code generated for your machine to see whether it checks it after it is first determined. It might be calculated every time the program is started, but that seems unlikely.
Keep trying, your making a good start.
Your follow-up post is much more informative about what you are doing and where, apparently you need help. Again, my purpose is not to be a critic, but to show where there is some inconsistency in your post that confuses the response.
First, you stated:
"If you read the above (thread) you will see i asked for the sitecode not the authorisation code for the skw.exe. The site code is useless to anyone to unpack or register the skw.exe."
Let me say that I am a complete novice at working with CrypKey, but the manual, at page 7 states that:
"Send us your site code via email, fax, or phone, along with the other information outlined in Section 1.4.1: Registering with Kenonic to Get Your Developer Keys."
So it does not appear accurate to state that the "site code" is useless for registering.
I assume that you are looking for the Developer Keys, generated after one sends the company the Site Code and they run it through their program to make Developer Keys. I would assume that the skw.exe has a routine to check some form of hash of the site code and the site key to determine whether it is "legitimate." Have you located that?
Did you notice that your skw generated a skw.key file, the first time you ran it? Did you notice, from the manual, the different language at the top of the "license dialogue box" when it is licensed and unlicensed? (See page 8). Maybe examining how that dialogue is changed will lead you to the code which checks the site key. Just a thought. Somewhere there is probably a "good boy-bad boy" jump that finds what you entered in the box as a valid site key to "license" the program.
Your post becomes confusing in the later portion where you ask:
"Therefore if i can get someone elses SKW.exe i can then examine what encoding numbers are in the sitecode to better understand it. "
Are you confusing the ske.exe with the site code you first requested? Is it the site code only that you want?
You also might want to check out a post I made on the General section of about November 11 or 14, about the Microsoft Activation Process that includes a reference to an article explaining how MS calculates site codes and it has links to tools to examine your own machine's M$ "site code", which might give you some understanding of the workings of the CrypKey's determination of that number.
Share a little more about what you think a different site code will permit you to discover and I probably will share my own code.
Have you considered simply altering the code generated for your machine to see whether it checks it after it is first determined. It might be calculated every time the program is started, but that seems unlikely.
Keep trying, your making a good start.
peterg70
December 5th, 2001, 20:46
A few quick answers
1) I don't require the developers keys because any target you look at has them. I don't want to protect my programs with crypkey i want to remove crypkey from the program
2) I have registered the skw.exe file Thats not my problem. What i want is the site codes from someone elses skw.exe so i can decode them to examine what bits belong to PC and what are part of the general codes. Hell i might even register their skw.exe for them if needed.
3) it would be best that you look and understand the crypkey coding as it not comparable to microsucks product.
4) the skw.key is only part of the encryption process. The SDK is useless unless you understand the implementation of crypkey into the target.
1) I don't require the developers keys because any target you look at has them. I don't want to protect my programs with crypkey i want to remove crypkey from the program
2) I have registered the skw.exe file Thats not my problem. What i want is the site codes from someone elses skw.exe so i can decode them to examine what bits belong to PC and what are part of the general codes. Hell i might even register their skw.exe for them if needed.
3) it would be best that you look and understand the crypkey coding as it not comparable to microsucks product.
4) the skw.key is only part of the encryption process. The SDK is useless unless you understand the implementation of crypkey into the target.
scorpie
December 6th, 2001, 08:12
Hello,
I am interested in Crypkey, but not yet dig deep enough. Here is my understanding about Crypkey:
In order to license a proggie (including SKW.exe), four (4) parameters are required:
1. Master Key: constant 44 bytes.
2. User key : variable length depends on password (point 4 below).
3. Application name: maximum 8.3 format
4. Password to be used in SKW.exe when generating the license.
Master key(1) and Application name(3) can easily be found once the proggie is "debugged" ("break on" site code or similar). The user key can also be obtained "not far" from (1) during debugging, so the only required information is the password for generating licenses. The password has some correlation with the user key (JMI is absolutely correct that this password has something to do with "hashing function" or crypto in general). I have mentioned to Peterg70 that I am not yet familiar with unpacking, so if I can get his unpacked SKW.exe, I might be able to help him.
His request about the site code can be avoided if he partitions the hard-disk, so more than one OS'es can be installed on one computer.
If Peterg70 contradicts his statement that he can give the unpacked SKW.exe to the ones who are interested in "learning" Crypkey, but he never does that (again JMI is right with his postings), then I will have to do it myself (will take more time until I am familiar with unpacking).
Bye,
Scorpie
I am interested in Crypkey, but not yet dig deep enough. Here is my understanding about Crypkey:
In order to license a proggie (including SKW.exe), four (4) parameters are required:
1. Master Key: constant 44 bytes.
2. User key : variable length depends on password (point 4 below).
3. Application name: maximum 8.3 format
4. Password to be used in SKW.exe when generating the license.
Master key(1) and Application name(3) can easily be found once the proggie is "debugged" ("break on" site code or similar). The user key can also be obtained "not far" from (1) during debugging, so the only required information is the password for generating licenses. The password has some correlation with the user key (JMI is absolutely correct that this password has something to do with "hashing function" or crypto in general). I have mentioned to Peterg70 that I am not yet familiar with unpacking, so if I can get his unpacked SKW.exe, I might be able to help him.
His request about the site code can be avoided if he partitions the hard-disk, so more than one OS'es can be installed on one computer.
If Peterg70 contradicts his statement that he can give the unpacked SKW.exe to the ones who are interested in "learning" Crypkey, but he never does that (again JMI is right with his postings), then I will have to do it myself (will take more time until I am familiar with unpacking).
Bye,
Scorpie
jsteed
December 6th, 2001, 12:07
Here are a variety of SiteKeys. This should give you all the information needed to build a key generator. The Site Codes vary each time a protected program is accessed because the computer's system time is incorporated into it.
peterg70
December 6th, 2001, 18:42
Scorpie
Check your PM i sent it ages ago requesting an email address from you so i can attach the program.
I have progressed alot further since last time.
I have a skw.exe that is registered and have been able to register other peoples SKW.exe.
You are right about the password being required to generate passwords but All i need to generate passwords is the password , the company number and the Program ID number.
The company number is encoded inside the site code. so this isn't a problem. The Program ID can be also found inside the site code.
The Password is my next step.
The user key and Master Key are inside the target and are easily found by examining the parameters passed to the init_crypkey function. You can also find the filename as well.
The company number and passnum are passed as part of the ckChallenge routine. (Not sure what to do with these yet)
All in all starting to get to grips with this protection system. Just have to get the password from the system somehow.
Peterg70
Check your PM i sent it ages ago requesting an email address from you so i can attach the program.
I have progressed alot further since last time.
I have a skw.exe that is registered and have been able to register other peoples SKW.exe.
You are right about the password being required to generate passwords but All i need to generate passwords is the password , the company number and the Program ID number.
The company number is encoded inside the site code. so this isn't a problem. The Program ID can be also found inside the site code.
The Password is my next step.
The user key and Master Key are inside the target and are easily found by examining the parameters passed to the init_crypkey function. You can also find the filename as well.
The company number and passnum are passed as part of the ckChallenge routine. (Not sure what to do with these yet)
All in all starting to get to grips with this protection system. Just have to get the password from the system somehow.
Peterg70
scorpie
December 7th, 2001, 00:12
Peterg70,
Nice reply and progress.
I have sent my e-mail address to you (kindly check your PM).
Thank and bye,
Scorpie
Nice reply and progress.
I have sent my e-mail address to you (kindly check your PM).
Thank and bye,
Scorpie
peterg70
December 7th, 2001, 20:03
Scorpie you should have the unpack skw.exe by now. If not let me know.
Peterg70
Peterg70
scorpie
December 8th, 2001, 07:17
Hello Peterg70,
Thank for the unpack SKW.exe.
I have done something on it, but frankly speaking it does not work on Win2K SP2. I will install on the other OS, and see whether we can "reverse" the password.
Reagards,
Scorpie
Thank for the unpack SKW.exe.
I have done something on it, but frankly speaking it does not work on Win2K SP2. I will install on the other OS, and see whether we can "reverse" the password.
Reagards,
Scorpie
peterg70
December 8th, 2001, 08:16
Would be good to reverse the password
Currently i am bruteforcing the password.
A note with the password there are collisions in the generation
i.e. the USER ID applies to multiple passwords
TRY AAAAA then up to AAAAG same USER ID
Also 5 and 6 letter password provide the same length USER ID
Same with 7 or 8 letter passwords
Most of my applications are 7 or 8 letter password and it can take a while to bruteforce especially when multiple USER ID
POST NOTE:
I decieded to relax and approach the user key password from another angle.
Further investigation has found that the encryption of the password works on 2 letters at a time of the password and will generate the same user key part everytime regardless of where in the password the 2 letters are.
So after removing the CRC wrapper from the user key and simple comparison with each pair of possible characters 00 to ZZ Found that there are only so many possible codes finds a useable password (may not be the original but it works.)
So instead of 24+ hours to find valid password now 2 secs decode
So thats the end of crypkey for me. Not much else to do.
If you need any pointers or info let me know
peterg70
Currently i am bruteforcing the password.
A note with the password there are collisions in the generation
i.e. the USER ID applies to multiple passwords
TRY AAAAA then up to AAAAG same USER ID
Also 5 and 6 letter password provide the same length USER ID
Same with 7 or 8 letter passwords
Most of my applications are 7 or 8 letter password and it can take a while to bruteforce especially when multiple USER ID
POST NOTE:
I decieded to relax and approach the user key password from another angle.
Further investigation has found that the encryption of the password works on 2 letters at a time of the password and will generate the same user key part everytime regardless of where in the password the 2 letters are.
So after removing the CRC wrapper from the user key and simple comparison with each pair of possible characters 00 to ZZ Found that there are only so many possible codes finds a useable password (may not be the original but it works.)
So instead of 24+ hours to find valid password now 2 secs decode
So thats the end of crypkey for me. Not much else to do.
If you need any pointers or info let me know
peterg70
peterg70
December 9th, 2001, 03:45
Scorpie
If you need some more info contact me via email But i have done as much as i can with the crypkey.
I will be writting up an essay (maybe) on it but don't count on it.
But basically the following is required.
Get the SDK
Unpack the SDK (install password)
Unpack the SKW.EXE
Modify SKW.exe (two byte to change)
From target get the following
Filename
User Key
Site Code
Enter config into SKW.exe (FILENAME,PRODID,COMPANYNUM,PASSWORD)
Product ID and CompanyNum are encoded into the Site Code.
Password is Encoded into User Key (easy to find due to encoding collisions)
Generate any sort of license (unlimited, limited runs/day)
Done
I haven't played with network (floating licenses) but assume its the same.
Anyway CASE closed (unless i missed something)
If you need some more info contact me via email But i have done as much as i can with the crypkey.
I will be writting up an essay (maybe) on it but don't count on it.
But basically the following is required.
Get the SDK
Unpack the SDK (install password)
Unpack the SKW.EXE
Modify SKW.exe (two byte to change)
From target get the following
Filename
User Key
Site Code
Enter config into SKW.exe (FILENAME,PRODID,COMPANYNUM,PASSWORD)
Product ID and CompanyNum are encoded into the Site Code.
Password is Encoded into User Key (easy to find due to encoding collisions)
Generate any sort of license (unlimited, limited runs/day)
Done
I haven't played with network (floating licenses) but assume its the same.
Anyway CASE closed (unless i missed something)
scorpie
December 9th, 2001, 07:22
Hello Peterg70,
Nice finding if you can patch the SKW.exe, so it can license any programs.
My progress so far is not much. I have Crypkey SDK 5.7, but it can not be licensed on Windows 2000 (there is an error message "Unknown Crypkey error..."
. So, I can not do much on win2K. I switch to windows 98SE, and I can license the SKW, and your SKW.exe can be debugged. I can eliminate the "Site code from other company..." by patching two location in the SKW.exe, but the resulted site key is not valid. I will try to dig further, but your finding will certainly a good input.
I have notice that Microsoft Debugger or TRW 1.23 work fine for "unpacking" SKW.exe; don't you think so ?
I am looking forward to your essay. This is the first Crypkey essay with this kind of aspects.
Bye,
Scorpie
Nice finding if you can patch the SKW.exe, so it can license any programs.
My progress so far is not much. I have Crypkey SDK 5.7, but it can not be licensed on Windows 2000 (there is an error message "Unknown Crypkey error..."
. So, I can not do much on win2K. I switch to windows 98SE, and I can license the SKW, and your SKW.exe can be debugged. I can eliminate the "Site code from other company..." by patching two location in the SKW.exe, but the resulted site key is not valid. I will try to dig further, but your finding will certainly a good input.I have notice that Microsoft Debugger or TRW 1.23 work fine for "unpacking" SKW.exe; don't you think so ?
I am looking forward to your essay. This is the first Crypkey essay with this kind of aspects.
Bye,
Scorpie
peterg70
December 9th, 2001, 16:25
Scorpie,
I debugged the skw.exe with ollydbg on WinME. The unknown crypkey error is probably due to you deleteing the 4kb files it creates on your harddisk.
Unpacking the skw.exe was done using w32dasm(before I found ollydbg), procdump and revirgin.
If you patched the code in the two places then you shouldn't have a problem generating codes for the skw.exe. If you need more info email me on that.
I have yet to see an essay on accutally registering the exe using crypkey codes. Most essays have been bypassing the crypkey system. This way you don't modify the exe and you won't need to upgrade the license until crypkey changes the way it works.
Though i must say on reflection the protection is not to robust. Okay the key generating may use some advanced crytography but its not random so therefore there is a method to the madness.
peterg70
I debugged the skw.exe with ollydbg on WinME. The unknown crypkey error is probably due to you deleteing the 4kb files it creates on your harddisk.
Unpacking the skw.exe was done using w32dasm(before I found ollydbg), procdump and revirgin.
If you patched the code in the two places then you shouldn't have a problem generating codes for the skw.exe. If you need more info email me on that.
I have yet to see an essay on accutally registering the exe using crypkey codes. Most essays have been bypassing the crypkey system. This way you don't modify the exe and you won't need to upgrade the license until crypkey changes the way it works.
Though i must say on reflection the protection is not to robust. Okay the key generating may use some advanced crytography but its not random so therefore there is a method to the madness.
peterg70
liu029
December 11th, 2001, 21:41
It's easy to write a site_key generator. You don't have to reverse the SKW.exe. All the secrets are hidden in SDK. Furthermore, you don't have to get the password from your target, because its user_key is enough. All you have to do is:
1. get the user_key and site_code
2. get the levels and options
3. set version, copies, runs or days information
4. generate the site_key (call SDK's functions)
That's all.
1. get the user_key and site_code
2. get the levels and options
3. set version, copies, runs or days information
4. generate the site_key (call SDK's functions)
That's all.
peterg70
December 12th, 2001, 02:25
I agree that is all that is required to do.
But why waste such a useful frontend which does all the checking and authorising for you.
And it more fun to decode the the system than rather program your own site code generator.
Call me lazy but why program something when i can reverse it ;-)
But why waste such a useful frontend which does all the checking and authorising for you.
And it more fun to decode the the system than rather program your own site code generator.
Call me lazy but why program something when i can reverse it ;-)
cqfan
December 29th, 2001, 23:14
hi liu029
i have the SDK 5.5 and 5.7
i unpack the skw.exe
can you hint me how to use the sdk without the password to make a kegen?
thanks
i have the SDK 5.5 and 5.7
i unpack the skw.exe
can you hint me how to use the sdk without the password to make a kegen?
thanks
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.