Coersum
July 28th, 2002, 08:16
Hi,
I wasn't sure to post this in Crypto or in newbie so.......
ok, I found out that the program I'm trying to crack has it's serialS (diff serials for more or less functions enabled) hardcoded in the exe.
At the source, it reads your serial from registry and/or from a file in it's directory, decrypt the key and compare diff parts of it.
Now, if I'm not mistaking, it is encrypted/decrypted using a stream cypher (because it seems to loop XORing diff value etc.. (I'm just starting to TRY to understand it so mind me pls).
One of the value hardcoded I thought was a serial isn't but look like another kind of key, now could it be the cipher key ?
Here it is:
s89h234uiwefy7hui234ui3ervn34275v875u34uhweuihwer78ywerhu2q3hu4h
Also, I can find those Calls in between RegQueryValue and when the Serials are tested with (I found out my decrypted serial as first push to lstrcmp was from registry/decryption result and second from hardcoded (pointer) LSTRCMP:
@fstreambase@open$qpci
@istream@read$qpci
@dehonogen$qpcii
@fstreambase@close$qpci
Later on, I breaked before it save the data in the registry again and I have the same except "read" replaced now by:
@istream@Set$qpci
They are all calls many times. I'd think dehonogen would be the decryption routine call...not sure at all tho.
Also:
Knowing most of the plein text of the encrypted key contained in my registry (hardcoded serial + first+lastname), is there a way to decrypt it or try at least (magical proggy).
Any input is off course welcome....
I tried to find info in crypto threads but couldn't find anything like that except "Tutorial: finding encryption code" where "mike" describe a stream cypher.
Thanks!
Coersum
I wasn't sure to post this in Crypto or in newbie so.......
ok, I found out that the program I'm trying to crack has it's serialS (diff serials for more or less functions enabled) hardcoded in the exe.
At the source, it reads your serial from registry and/or from a file in it's directory, decrypt the key and compare diff parts of it.
Now, if I'm not mistaking, it is encrypted/decrypted using a stream cypher (because it seems to loop XORing diff value etc.. (I'm just starting to TRY to understand it so mind me pls).
One of the value hardcoded I thought was a serial isn't but look like another kind of key, now could it be the cipher key ?
Here it is:
s89h234uiwefy7hui234ui3ervn34275v875u34uhweuihwer78ywerhu2q3hu4h
Also, I can find those Calls in between RegQueryValue and when the Serials are tested with (I found out my decrypted serial as first push to lstrcmp was from registry/decryption result and second from hardcoded (pointer) LSTRCMP:
@fstreambase@open$qpci
@istream@read$qpci
@dehonogen$qpcii
@fstreambase@close$qpci
Later on, I breaked before it save the data in the registry again and I have the same except "read" replaced now by:
@istream@Set$qpci
They are all calls many times. I'd think dehonogen would be the decryption routine call...not sure at all tho.
Also:
Knowing most of the plein text of the encrypted key contained in my registry (hardcoded serial + first+lastname), is there a way to decrypt it or try at least (magical proggy).
Any input is off course welcome....
I tried to find info in crypto threads but couldn't find anything like that except "Tutorial: finding encryption code" where "mike" describe a stream cypher.
Thanks!
Coersum