How the private key of WinRAR ECC is deduced

WhoCares · #1 03-05-2026, 18:06

It seems that the author of WinRAR made a big mistake. He passed a zero-length seed to his home-made Key Derivation Function (KDF) to get the ECC private key. LOL

https://github.com/bitcookies/winrar-keygen/blob/master/README.HOW_DOES_IT_WORK.md

And SeVeN/FFF incidentally found this 17 years ago? Not sure.
But that KDF GeneratePrivateKey() is called twice when generating license key.
The first call is GeneratePrivateKey(userName, strlen(userName)).
Maybe SeVeN was inspired by those 2 calls.

private key: k = 0x59fe6abcca90bdb95f0105271fa85fb9f11f467450c1ae9044b7fd61d65e = GeneratePrivateKey(NULL, 0);

Code:

    static BigInteger GeneratePrivateKey(const void* lpSeed, size_t cbSeed) {
        uint32_t Generator[6];
        uint16_t RawPrivateKey[15] = {};

        if (cbSeed) {
            Hasher Sha1(HasherSha1Traits{}, lpSeed, cbSeed);
            HasherSha1Traits::DigestType Sha1Digest;

            Sha1Digest = Sha1.Evaluate();

            for (unsigned i = 0; i < 5; ++i) {
                Generator[i + 1] = _byteswap_ulong(reinterpret_cast<uint32_t*>(Sha1Digest.Bytes)[i]);
            }
        } else {
            Generator[1] = 0xeb3eb781;
            Generator[2] = 0x50265329;
            Generator[3] = 0xdc5ef4a3;
            Generator[4] = 0x6847b9d5;
            Generator[5] = 0xcde43b4c;
        }
        
        for (uint32_t i = 0; i < 15; ++i) {
            Hasher Sha1(HasherSha1Traits{});
            HasherSha1Traits::DigestType Sha1Digest;

            Generator[0] = i + 1;
            Sha1.Update(Generator, sizeof(Generator));
            Sha1Digest = Sha1.Evaluate();

            RawPrivateKey[i] = static_cast<uint16_t>(
                _byteswap_ulong(reinterpret_cast<uint32_t*>(Sha1Digest.Bytes)[0])
            );
        }

        // `Order` has 241 bits, while `RawPrivateKey` has (15 * 16 = 240) bits at most
        // So `RawPrivateKey` must be less than `Order` which means `RawPrivateKey` must be valid private key.
        return BigInteger(false, RawPrivateKey, sizeof(RawPrivateKey), true);
    }

Quote:

Winrar was previously cracked using patches, because the crypto used for registration was supposedly unbreakable. It was also used to authenticate archive's authors , like a signature. Cracked version couldn't properly make signed archives of course.

Then came FFF's keygen. No patching involved. Not sure how they did but they broke it. They never revealed their method on how they found the private key.

Then we suddenly saw the rise of Winrar Keygens.. By complete random people...again without explanations. "Double Labyrinth" apparently studied FFF's keygen (i believe he doesn't even lie about it), "DeltaFoX "used this study to make one and Double Sine (Tianjin University) too, whatever...

Of course the last two of them may have find "how to do" by themselves, but this is very unlikely. Why? Because even CORE'S keygen (the one without patching) was ripped from FFF, as you can read in the NFO of "photoline-v15-53-multilingual-incl-keymaker-and-apology-to-fff". If CORE didn't find how to do we can have doubts on random peeps...

This keygen was the reason why Rarlab removed the "archive signature" feature from Winrar, because everyone could sign archive as anyone after its release.

https://www.reddit.com/r/Piracy/comments/e88l32/winrar_nukes_pirate_keygen/

The Following 5 Users Say Thank You to WhoCares For This Useful Post:
emo (03-06-2026), niculaita (03-05-2026), ontryit (03-06-2026), tonyweb (03-08-2026), wx69wx2023 (03-10-2026)