j_hallows
March 25th, 2002, 06:20
I need a little help finding a password for Installshield Password Protected EXE. Any Hints on what to look for when tracing with softice. Thanks.
View Full Version : Installshield Password Protected Self Extracting EXE
Solomon
March 25th, 2002, 07:06
It may be unable to break this version of PackageForTheWeb
Code:
001B:004037E9 PUSH 00000404
001B:004037EE PUSH DWORD PTR [ESP+08]
001B:004037F2 CALL [USER32!GetDlgItem]
001B:004037F8 TEST EAX,EAX
001B:004037FA JZ 00403828
001B:004037FC PUSH 00000080
001B:00403801 PUSH DWORD PTR [00416178]
001B:00403807 PUSH EAX
001B:00403808 CALL [USER32!GetWindowTextA] <-----our breakpoint
001B:0040380E PUSH DWORD PTR [00416178]
001B:00403814 CALL 004038A7 <-----hash algorithm inside
001B:00403819 POP ECX
001B:0040381A XOR ECX,ECX
001B:0040381C CMP EAX,[00416118] <------good guy or bad guy
001B:00403822 SETZ CL
001B:00403825 MOV EAX,ECX
001B:00403827 RET
thewd
March 25th, 2002, 10:28
included password recovery utility for packagefortheweb installations....
regards
thewd
[02 April 2002]
- uploaded new version (fixed a couple of issues)
regards
thewd
[02 April 2002]
- uploaded new version (fixed a couple of issues)
Solomon
March 25th, 2002, 10:45
hi thewd,
Your tool works perfectly!
Nice work.
j_hallows, the installation still needs a serial
Your tool works perfectly!
Nice work.j_hallows, the installation still needs a serial
foxthree
March 25th, 2002, 11:51
Time for ISDCC 
Signed,
-- FoxThree
Signed,
-- FoxThree
Solomon
March 25th, 2002, 16:53
Phase - II finished too
DakienDX
March 25th, 2002, 17:56
Hello thewd !
Does your program work the way I know (http://www.woodmann.net/forum/showthread.php?threadid=2044) or is there an other way?
I noticed your program crashes on files I generated with PFTW 4.00, but 2.03 to 3.00 works fine.
But files from InstallShield (which use probably 4.00 too) are still working.
Does your program work the way I know (http://www.woodmann.net/forum/showthread.php?threadid=2044) or is there an other way?
I noticed your program crashes on files I generated with PFTW 4.00, but 2.03 to 3.00 works fine.
But files from InstallShield (which use probably 4.00 too) are still working.
j_hallows
March 25th, 2002, 18:31
Quote:
| Originally posted by Solomon hi thewd, Your tool works perfectly! Nice work.j_hallows, the installation still needs a serial |
Ya I know but at least I am one step of the way. Not only a serial but CrypKey 5.6 Keygen.
It kind of funny but right after I posted the message I found a Util similar to the one thewd posted that gave the password for Installshield Package for the Web.
(See Attachment)
Thanks Solomon for the insight of where I was getting lost. I was trying to figure out how the password was being compared and didn't realize it was hash first then compared.
You don't know how much time I spent trying to understand figure out what is going on. BTW: Solomon what did you break on in Softice?
Solomon
March 26th, 2002, 03:30
well I mean directly breaking/bruteforcing the hash algorithm to get a valid password. However I have not check it thoroughly
DakienDX's stream cipher bruteforcing method is great
Phase II is quite simple. The 13-char serial is divided into 3 parts like XXXYYYYYZZZZZ.
XXX standands for product/license type.
ZZZZZ is calculated out from XXX and YYYYY by calling ispid._dllentryproc( ).
I wrote a keygen for it. Here is the partial source.
DakienDX's stream cipher bruteforcing method is great Phase II is quite simple. The 13-char serial is divided into 3 parts like XXXYYYYYZZZZZ.
XXX standands for product/license type.
ZZZZZ is calculated out from XXX and YYYYY by calling ispid._dllentryproc( ).
I wrote a keygen for it. Here is the partial source.
Code:
#define MAX_PRODUCT_TYPE 17
AnsiString TypeString[] =
{
"PPR",//Paradigm C++ PRO (x86 tool suites)
"PSS",//Paradigm C++ SuperTAP
"PSF",//Paradigm C++ for FS2
"PEF",//Paradigm C++ for FS2 (16/24-bit)
"PER",//Paradigm C++ for VAutomation
"PSR",//PSR(unknown)
"PRK",//Paradigm RTOS16 License
"PRS",//Paradigm RTOS16 License & Source
"PPK",//Paradigm RTOS32 License
"PPS",//Paradigm RTOS32 License & Source
"RTP",//Paradigm RTIP
"BTR",//Paradigm C++ (16-bit tool suite)
"BTE",//Paradigm C++ (24-bit tool suites)
"BTF",//Paradigm C++ PRO (x86 tool suites)
"PDF",//Paradigm Embedded File System
"PPM",//Paradigm C++ PRO with JTAG
"AMD" //Paradigm C++ - AMD Edition
};
long ProductCode[] =
{
0x8ead3f,
0x89cddf,
0x5f13cd,
0x62dbfe,
0x11e7e1,
0x0fe41e,
0x398a22,
0x6f51b5,
0x4b4c8d,
0x5a72bd,
0x29df9d,
0x4ca011,
0x72aad6,
0x5b4127,
0x5ec5af,
0x98967f,
0x98967f
};
//---------------------------------------------------------------------------
void __fastcall TForm1::GenerateKeyButtonClick(TObject *Sender)
{
if ((ListBox->ItemIndex < 0) || (ListBox->ItemIndex >= MAX_PRODUCT_TYPE))
{
Application->MessageBox("You must specify license type!", "Error", MB_ICONWARNING | MB_OK);
return;
}
long Temp = GetTickCount( ) % 100000L;
long Code = ProductCode[ListBox->ItemIndex];
long Final;
//ripped from ispid._dllentryproc( )
__asm
{
pushad
MOV ECX,0x3B9ACA00
MOV EAX,[Code]
IMUL DWORD PTR [Temp]
INC EAX
XOR EDX,EDX
DIV ECX
MOV ECX,EDX
MOV EAX,ECX
MOV ECX,0x00002710
CDQ
IDIV ECX
MOV EDX,EAX
MOV ECX,0x00002710
LEA EAX,[EAX*4+EDX]
SHL EAX,3
SUB EAX,EDX
SHL EAX,4
ADD EAX,EDX
SHL EAX,4
SUB EAX,EDX
CDQ
IDIV ECX
mov dword ptr[Final], eax
popad
}
AnsiString s;
s = s.sprintf("%05lu%05lu", Temp, Final);
SerialEdit->Text = TypeString[ListBox->ItemIndex] + s;
}
peterg70
March 26th, 2002, 10:02
Quote:
| Originally posted by j_hallows Ya I know but at least I am one step of the way. Not only a serial but CrypKey 5.6 Keygen. |
Why do you need a crypkey 5.6 keygen when they give it away with their SDK pack.
the crypkey generator is able to select all the options and generate valid keys ( i have v 5.7 downloaded and ready)
Search for some previous crypkey discussions in the forum for more info
catch ya
peterg70
j_hallows
March 27th, 2002, 05:32
Damn that was fast Solomon. Let's us newbies take a stab at it first. But anyways thanks for the keygen.
Peterg70 I don't quite get what you are saying. I know CRYPKEY SDK generates valid keys but you need the sitecode to do this first. Are you suggesting I patch the sdk to accept any site code? I did search previous messages but I don't see any that relates to my problem.
Peterg70 I don't quite get what you are saying. I know CRYPKEY SDK generates valid keys but you need the sitecode to do this first. Are you suggesting I patch the sdk to accept any site code? I did search previous messages but I don't see any that relates to my problem.
foxthree
March 27th, 2002, 10:23
Hi Peter:
I believe the SDK is available only for registered users! If you did get hold of the 5.7 SDK from somewhere else, could u post the URL (if u don't mind)? I searched high and low in google and got only an 5.5 SDK from a very slow site.
Signed,
-- FoxThree
I believe the SDK is available only for registered users! If you did get hold of the 5.7 SDK from somewhere else, could u post the URL (if u don't mind)? I searched high and low in google and got only an 5.5 SDK from a very slow site.
Signed,
-- FoxThree
peterg70
March 27th, 2002, 11:10
j_hallows said
May be i am missing something in what you said about a 5.6 keygen. I assumed that by saying "keygen" you meant something that generates a valid Authorisation code for the Match Site Code. (this is what the SDK keygen will do for you)
After a little patching the SDK is able to accept any sitecode and generate a valid authorisation code which can have any restrictions you wish. You are then able to use the CrapKey software to protect your own software if you want.
After reading the above statement perhaps your trying to determine how a sitecode is actually generated. This again is explained in the SDK and the method of decoding the SDK is fully coded in the keygen which is nicely structured for complete understanding. I.e. no tricks, no funny coding just a simple C++ proggie :-) . Also there is a nice tute on the Crapkey wrapper and how it protects the exe.
Then again I may have assumed wrong again. Maybe a few more words regarding what your doing. I have some interest in the Crapkey system. Just waiting for the next version.
foxthree:
Search with google and look for my lost friends hyubwoo or dasomcvg. They were my korean friends
Quote:
I don't quite get what you are saying. I know CRYPKEY SDK generates valid keys but you need the sitecode to do this first. Are you suggesting I patch the sdk to accept any site code? I did search previous messages but I don't see any that relates to my problem. |
May be i am missing something in what you said about a 5.6 keygen. I assumed that by saying "keygen" you meant something that generates a valid Authorisation code for the Match Site Code. (this is what the SDK keygen will do for you)
After a little patching the SDK is able to accept any sitecode and generate a valid authorisation code which can have any restrictions you wish. You are then able to use the CrapKey software to protect your own software if you want.
After reading the above statement perhaps your trying to determine how a sitecode is actually generated. This again is explained in the SDK and the method of decoding the SDK is fully coded in the keygen which is nicely structured for complete understanding. I.e. no tricks, no funny coding just a simple C++ proggie :-) . Also there is a nice tute on the Crapkey wrapper and how it protects the exe.
Then again I may have assumed wrong again. Maybe a few more words regarding what your doing. I have some interest in the Crapkey system. Just waiting for the next version.
foxthree:
Search with google and look for my lost friends hyubwoo or dasomcvg. They were my korean friends
foxthree
March 27th, 2002, 13:36
Hi peterg:
Thanks for your pointer. Interestingly, I was dling the 5.5 from dascomvg's site only. I'm able to find 5.7 in hyubwoo site Now for some serious research
Signed,
-- FoxThree
Thanks for your pointer. Interestingly, I was dling the 5.5 from dascomvg's site only. I'm able to find 5.7 in hyubwoo site
Now for some serious research Signed,
-- FoxThree
peterg70
March 30th, 2002, 01:24
Foxthree:
Good luck in your tasks
If you need some help, pointers or further info let me know
peterg70
Good luck in your tasks
If you need some help, pointers or further info let me know
peterg70
lammer
April 1st, 2002, 07:51
Hi peterg:
Thanks for your pointer.
Thanks for your pointer.
Solomon
April 12th, 2002, 03:45
j_hallows,
why did you delete your posts in this thread? I can understand why you removed the software URL in you post.
why did you delete your posts in this thread? I can understand why you removed the software URL in you post.
j_hallows
April 12th, 2002, 06:36
Quote:
| Originally posted by Solomon j_hallows, why did you delete your posts in this thread? I can understand why you removed the software URL in you post. |
Huh? I guess the moderator deleted my posts. I don't know why though.
Solomon
June 27th, 2002, 04:37
it's time for the authors to update the above 2 attached InstallShield password recovery tools. I got a exe with a long password. Both tools can't recover the password. They only give partial results. If you authors are interested, pls send me a private message for URL.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.