EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-28-2018, 03:12
TempoMat TempoMat is offline
Friend
 
Join Date: Jan 2006
Posts: 63
Rept. Given: 10
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 8 Times in 6 Posts
TempoMat Reputation: 6
Easy keygen targets with pep

I started recently trying my hands on some programs I had downloaded back in the early 2000 when I started with RCE.
So a few days ago I installed programs from Jaibosoft and to my surprise they were all with a long list of hardcoded 8 digit serials. So boring I thought.

However two of these programs (Outbreak with 500 and Astute DIB with 1030 hardcoded serials) had SHA1 hash algorithm implemented instead of the bare 8 digit serials.

The interesting thing is that the hardcoded serials are of 32 Chars or 128 Bits (16 Bytes) which should mean an MD5 Hash instead of 160 Bites (20 Bytes) or 40 Chars for SHA1 hashes.

As the programs first check whether the entered 8 chars for the serial are digits between 0…9, it looked at the first glance that keygenning aka brute forcing them could be the solution. This turns out not be feasible then the hardcoded serials as already stated above are actually SHA1 Hashes with the last 8 chars (4 Bytes) truncated.

The serial checking algorithm is as follows:
1. Check if chars of entered serial are digits
2. SHA1(Entered serial)
3. Compare first 32 Chars of the result under 2. with the hardcoded serials and set good/bad guy flag if a match is found or not.

Patching is not an issue here at all as I was only interested in a keygen.

Then the number of possible SHA1 hashes to generate and then compare with the hardcoded serials will be nPr (permuting the number of subsets of 8 from 10 digits that can be created and can include the same digits in different orders) would have the following combinations:
Code:
    P(n,r)=P(10,8)

   = 10!  ÷  (10-8)! 
   = 1814400
So finally I decided to leave them alone for the mean time rather than writing a program to stress my old RCE computers for several hours just for the fun of creating exactly One million eight hundred and fourteen thousand and four hundred SHA1 hashes to satisfy the quest of these programs.
Reply With Quote
The Following 2 Users Say Thank You to TempoMat For This Useful Post:
cachito (03-14-2019), niculaita (03-29-2018)
  #2  
Old 03-13-2019, 04:34
TempoMat TempoMat is offline
Friend
 
Join Date: Jan 2006
Posts: 63
Rept. Given: 10
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 8 Times in 6 Posts
TempoMat Reputation: 6
Update

Well I managed to do it.
It was in the end easier than I thought, due to the fact that only numeric string were hashed.
The solution was:
Code:
For i=11000000 to 99999999
    res=SHA1(i)
    for j=1 to lenHashTable
        if res=HashTable(j)
           Write2File (i=HashTable(i)
        end if
    next j
    Append2HashedFile (res)
next i
It took approximately 2:30 hours to finish on an old Core i3 330M Laptop.
Every 500000 SHA1 hashes generated was saved to a file was which had a size of approx. 27,34 MB.

PS:
The start value was chosen to be 11000000 because the range from 10000000 to 10999999
was used in the testing of the program which yielded no collision with the hardcoded hashes.
Reply With Quote
The Following User Says Thank You to TempoMat For This Useful Post:
tonyweb (03-17-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 18:58.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX