I'm just trying to learn all this cryptography stuff and wondered if you great cryptogurus here could give me url's for few easy crypto-protected programs what i could crack. Hope there are some
RSA would be maybe the easiest for cryptonewbie like me, as i havent got a grip of other's yet

Thanks!

Hello mrcrackbrain !

Of course there are many RSA targets available, but is it so interesting doing such stuff?

Let's say you've a 128-bit RSA key. What do you do with it? Well, you bruteforce it. It take less than a second. Learning effect? None. Go to bed.
Let's say you've a 256-bit RSA key. What do you do with it? Well, you bruteforce it. It takes 10 hours in which you can do nothing with your computer. Learning effect? None. Many useless hours in front of your TV.
Let's say you've a 512-bit RSA key. What do you do with it? Well, you bruteforce it. You write a letter which should be delivered to your affinity in 1000 years saying they should insert the RSA key into a keygen. Learning effect? None. Your affinity is happy to have a keygen for a 1000 year old program.

Did you ever think that most RSA programs in the last year were protected by RSA-1024? And that there where no programs using RSA before 9/20/00, when the RSA patent from 9/20/83 expired?

RSA was a cool thing to play with when it was new, but now it's impossible to crack it in a reasonable time if the author knows how to use it.

Ummm.... I would have to disagree with you there DaikenDX, on both accounts. Learning to do cryptography isn't just about bruteforcing some RSA key. You have to learn how to reverse engineer large integer packages and you learn a lot of very worthwhile mathematics. Also, breaking large key size RSA is by no means impossible, unless as you said the author knows what he/she is doing. You just have to take different approaches to solving the problem

Now in answer to your question mrcrackbrain, I don't know of any commercial targets you could play with offhand that have small key RSA. You may want to try newer versions of targets used in past crypto essays. If you look in the Mini-Project section there was a 5 level crackme that a number of people were working on. Level 4 of that crackme is RSA-128.

Here's the link to the crackme thread I referred to:
http://www.woodmann.net/forum/showthread.php?s=&threadid=2438

Good luck and if you have any questions/problems let us know!
Kythen

There are a few things you can do with rsa. One is decrypt the serial to a known string. You can either change the known string or the key used to decrypt it, but keygenning is out unless the key is very small. Checksumming is a popular defense against changing either of those.

Another is decrypt code or flags or internal variables or so forth with a user-provided key. Once a key is known, however, it can be shared, so it doesn't do much to prevent piracy.

If the random number generator used to pick the keys is bad (a la C's rand() function) then you can sometimes bruteforce the RNG instead of the key. rand() has at most 31 bits, but usually has around 20 because of the popular srand(time(NULL)) initialization.

/me lame - can't find it

Hi,

try h**p://www.geeworks.com/trialmaster/download.shtml
Geeworks TrialMaster 2.5 Standard Edition: RSA-77

happy reversing
AdamA

Thank you very much all of you for your help and advices
I hope i'll keygen my first RSA soon

Hello,

I have a q.: How do you know it uses RSA-77?

Thank you,
sF

Its non standard i believe
requires some altering of the library right??
Im no expert on non standard crap tho so im most likly wrong hehe

Hi,

after ~2 hours of reversing I found the following scheme:

md5=MD5(name+email+2nd part of Prod. ID)
chksum(md5)=md5[0]+...+md5[15]
serial=chksum^d mod n (serial is Base36)

E,N (RSA Parameter) are also stored in Base36.
Im sure you will find it.

happy reversing,
AdamA