pjr
January 16th, 2005, 06:12
I know that it must look funny to you that I am having problems with Crypkey, and that too with v5.6 !!!!!
But I have been trying to unpack this prog for the past several months without much success !!!!!!!!
I had downloaded the archives of the RCE forums (the lastest zip file gives upto Nov 26 I believe) and had gone thoroughly through them...I'd also looked up the essays by Fravia, the excellent paper by Exefoliator, and several others on the net regarding Crypkey. I was interested in unpacking by myself. So I'd done a lot of research including trying to use the CKKeygen and CKinfo108.zip among others. Of course...With no sucess...Which is why I am posting here.
The prog is an exe file packed with Crypkey. No PE tools including PEiD etc give any info and Olly refuses to load it in and says it is not a valid Win32 PE file. Maybe so...Since when I actually DO run it, on Win 2000, on a Pentium 4, the prog name is not shown in the Task Manager but it runs under the DOS Virtual Machine and what is seen there is only wowexec under the ntvdm.exe or something similar in the task manager. Therefore it is pretty difficult to dump it. Imprec 1.6 is quite useless here as it claims that it is not a Win32 executable and hence refuses to get the imports when I tried to get the imports from the running app without dumping...
I had found some info on the net for patching LCRYPKYD.dll or some such file, but when I finallly found it in the App's directory, it turned out to be a 16-bit file and it really made me go nuts as to how to edit it since OLLY etc refused to load the file saying it is a 16-bit one. IDA Pro 4.3 loaded it and the GetAuthorization Module was also easily found but editing it became a problem. When I SOMEHOW tried to do calculations and changed the Hex bytes in Hex Editor, the file when put back into the Dir and when the prog was run, it said" Too big to fit into Memory" or some such thing (It was a few months ago in the initial stages so I don't remember exactly the message...)
So I changed my approach to trying to keygen the SiteKey. To that end, loaded the prog in VMware Virtual Machine (So that I could repeatedly try the various keys and just go back if the prog expired), used CKinfo v1.08 to find out as many details as possible. I used the key from the .rst file, .key file, and also the Master and User Keys got from the exe prog by disassembling it as they are stored as PlainText. Then I used the same CKinfo 1.08 prog to generate the SiteKey. Generated it successfully and input it also. The message box goes off but when I restart the prog, it again asks for the key with a different SiteCode. The prog refuses to run and just exits whether I repeat the process and give a new key or whether I press cancel.
It may be of interest to note that when I enter the SiteKey thus generated, the AUTHORIZED value stays on, the trial type changes to unlimited, and the days remaining and days used boxes go blank in the messagebox where we enter the sitekey. But the prog refuses to run thereafter. I had got the OptionLevel and the KeyLevel or something by using CK info in the manner:
CKinfo.exe /SiteKey XXXXXXX where the XXXXXXX was got from the .key file.
The prog is not crippled and is designed to run for 30 days. I had got the info about the Crypkey Ver used by CK Info 1.08 which says that v5.6 libraries of Crypkey are used. It is interesting to note that the actual file claimed to be encrypted by Crypkey according to CK info is EH.exe. But EH.exe is only 0 bytes though it exists in the dir and the actual fun which is run is RADAR8.EXE from which I'd got the User And Master Keys.
Your forum archives mention SKW.exe to generate the SiteKeys. I'd downloaded the demo from the Crypkey site itself an year ago. It was v5.7 which was downloaded at that time. If I install that Demo, I get a SKW.exe file also along with others, in the installed dir. Will it work for v5.6 also or is the SDK something else... I have a feeling it is something else and Google search did not help me...Then or now...
My attempts to keygen using CK Info 1.08 in the above manner had worked on Swish 2.0 which is also Crypkey protected... So my method I believe is not fundamentally wrong...
Can someone please point me in the right direction so that I may be able to keygen the SiteKey...
Am frustrated...Kindly please help ASAP...
Thanks in advance...
P.S. I know that you shouldn't ask for software...But the SKW.exe mentioned in the RCE archives is difficult to get hold of presently...Especially if it is not the same SKW.exe that comes with the CrypkeyDemo. I also have come across a post in the archives where a member was e-mailed the SKW.exe (If I remember right)...Any help in the direction for me to procure the SKW.exe will be greatly appreciated...Along with clues to how to patch it to generate keys for any company - This I think I can try to a large extent as there are posts in the archive on how to do the necessary patching. But procuring the SKW is a different thing altogether...
But I have been trying to unpack this prog for the past several months without much success !!!!!!!!
I had downloaded the archives of the RCE forums (the lastest zip file gives upto Nov 26 I believe) and had gone thoroughly through them...I'd also looked up the essays by Fravia, the excellent paper by Exefoliator, and several others on the net regarding Crypkey. I was interested in unpacking by myself. So I'd done a lot of research including trying to use the CKKeygen and CKinfo108.zip among others. Of course...With no sucess...Which is why I am posting here.
The prog is an exe file packed with Crypkey. No PE tools including PEiD etc give any info and Olly refuses to load it in and says it is not a valid Win32 PE file. Maybe so...Since when I actually DO run it, on Win 2000, on a Pentium 4, the prog name is not shown in the Task Manager but it runs under the DOS Virtual Machine and what is seen there is only wowexec under the ntvdm.exe or something similar in the task manager. Therefore it is pretty difficult to dump it. Imprec 1.6 is quite useless here as it claims that it is not a Win32 executable and hence refuses to get the imports when I tried to get the imports from the running app without dumping...
I had found some info on the net for patching LCRYPKYD.dll or some such file, but when I finallly found it in the App's directory, it turned out to be a 16-bit file and it really made me go nuts as to how to edit it since OLLY etc refused to load the file saying it is a 16-bit one. IDA Pro 4.3 loaded it and the GetAuthorization Module was also easily found but editing it became a problem. When I SOMEHOW tried to do calculations and changed the Hex bytes in Hex Editor, the file when put back into the Dir and when the prog was run, it said" Too big to fit into Memory" or some such thing (It was a few months ago in the initial stages so I don't remember exactly the message...)
So I changed my approach to trying to keygen the SiteKey. To that end, loaded the prog in VMware Virtual Machine (So that I could repeatedly try the various keys and just go back if the prog expired), used CKinfo v1.08 to find out as many details as possible. I used the key from the .rst file, .key file, and also the Master and User Keys got from the exe prog by disassembling it as they are stored as PlainText. Then I used the same CKinfo 1.08 prog to generate the SiteKey. Generated it successfully and input it also. The message box goes off but when I restart the prog, it again asks for the key with a different SiteCode. The prog refuses to run and just exits whether I repeat the process and give a new key or whether I press cancel.
It may be of interest to note that when I enter the SiteKey thus generated, the AUTHORIZED value stays on, the trial type changes to unlimited, and the days remaining and days used boxes go blank in the messagebox where we enter the sitekey. But the prog refuses to run thereafter. I had got the OptionLevel and the KeyLevel or something by using CK info in the manner:
CKinfo.exe /SiteKey XXXXXXX where the XXXXXXX was got from the .key file.
The prog is not crippled and is designed to run for 30 days. I had got the info about the Crypkey Ver used by CK Info 1.08 which says that v5.6 libraries of Crypkey are used. It is interesting to note that the actual file claimed to be encrypted by Crypkey according to CK info is EH.exe. But EH.exe is only 0 bytes though it exists in the dir and the actual fun which is run is RADAR8.EXE from which I'd got the User And Master Keys.
Your forum archives mention SKW.exe to generate the SiteKeys. I'd downloaded the demo from the Crypkey site itself an year ago. It was v5.7 which was downloaded at that time. If I install that Demo, I get a SKW.exe file also along with others, in the installed dir. Will it work for v5.6 also or is the SDK something else... I have a feeling it is something else and Google search did not help me...Then or now...
My attempts to keygen using CK Info 1.08 in the above manner had worked on Swish 2.0 which is also Crypkey protected... So my method I believe is not fundamentally wrong...
Can someone please point me in the right direction so that I may be able to keygen the SiteKey...
Am frustrated...Kindly please help ASAP...
Thanks in advance...
P.S. I know that you shouldn't ask for software...But the SKW.exe mentioned in the RCE archives is difficult to get hold of presently...Especially if it is not the same SKW.exe that comes with the CrypkeyDemo. I also have come across a post in the archives where a member was e-mailed the SKW.exe (If I remember right)...Any help in the direction for me to procure the SKW.exe will be greatly appreciated...Along with clues to how to patch it to generate keys for any company - This I think I can try to a large extent as there are posts in the archive on how to do the necessary patching. But procuring the SKW is a different thing altogether...
I hope you get some answers anyway...
This was rightly pointed out by squidge in pm and am going to try to register the prog using the SKW.exe than patch it...
