#16
|
|||
|
|||
I did some tests on step 2 with different values for the VolumInfoA
2. AK2 = the Hex2SignedDec(VolumeInfoA("C:\")) from Res2 and found out that if the value of the VolumeSerialNumber is positive i.e. below 0x80000000 then the converted value has a space(0x20) instead of "+" before it. Final thing to note is that the RegCode should always be generated on the target computer. Then the 3 checks the program does are all related to the result from Step2 First it gets the Hex2SignedDec(VoluemInfoA("C:\")=>VolumeSerialNum then decrypts the RegCode and the ActivKey and final does the following comparisons: Is VolumeSerialNum=Res2 from decrypted RegCode? Is VolumeSerialNum=AK2 from the decrypted ActivKey? Is Res2=AK2? |
#17
|
|||
|
|||
Quote:
Ahhh, okay, that worked! I do need much more knowledge with encryption and decryption. I am reading lots of material about the subjects, and am rewriting your code by hand on paper to try to understand the flow a little better I did receive an error on a second test machine about the Registration Code not being a valid Base64 string, but I'll cross that bridge later. Thank you again for all of your help, I haven't ever put much effort into reversing keys! Quote:
I am studying over everything that everyone has told me and am not going to give up on it! Thank you so much |
#18
|
|||
|
|||
Actually the RegCode is useless for generating a working key. also check 3 is redundant. is only checking if the VolumeSerialNum from RES2 is the same VolumeSerialNum from AK2. If check 1 & 2 pass, 3 has no choice but to pass
|
#19
|
|||
|
|||
Quote:
Not for the programmer/vendor, then he will need the RegCode in order to extract from it the RandomBytes and the VolumeSerialNum to generate the corresponding correct key for the registrant. A Keygen can for instance have the option for the user to enter a Regcode (Registation code) from a different machine and generate the corresponding ActivKey (Activation Key). Also just for a gemmick, it could include options to decode the RegCode and ActiveKey to compare the RandomBytes and the VolumeSerialNum. |
#20
|
|||
|
|||
Quote:
Any random bytes will work so they do not need to be extracted as the program decrypts the decoded bytes using the first 16 bytes as the key. Code:
var_2C = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0) for example... using 0123456789ABCDEFFEDCBA9876543210 as the random bytes / key and using *-91511383# from the first post, this key should work for that computer ts3Huirg1Olt00VIn78ZgsVes7y8VZqw1Q== |
#21
|
|||
|
|||
Quote:
Meaning that the key is valid if and only if the Regcode is replaced with a newly generated one with your sample random bytes. The VolumeSerialNum is for sure the only part that is always the same on a target machine but every newly generated RegCode will have a different random bytes which are used in the ActivKey generation as well. Therefore using different random bytes as in your key with the initial RegCode from post #1 will fail. As a prove, deleting the string value for RegCode in the registry location: example Code:
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\NDataScan\Activation] "Name"="TemPoMat" "Email"="TemPoMat" "RegCode"="GIv/lhuqYNCUTPZfPgYG3rM5EtzvsurmsyLeOB0" "ActivKey"="mP1y4G/RxxQvtIPpV8ZAI/yGoab2NnDSgZWT" I assume this is one of the reasons it is doing the 3 checks. |
#22
|
|||
|
|||
It will work regardless. I've tried it, using my own volume serial of course.
There is does no check against the random bytes. Code:
var_8020 = GetVolumeInformation("C:\", String$(256, False), 255, global_005C507C, global_005C5084, global_005C5080, String$(256, False), 255) Code:
var_2C = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0) Code:
var_8050 = Proc_23_0_565AB7(Proc_24_1_56681B(GetSetting("NDataScan", "Activation", "RegCode", 10), var_CC, 80020004h), "Lilys", var_C4) var_3C = var_8050 var_34 = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0) var_34 = Left(var_34, Len(var_34)(-1)) var_34 = Right(var_34, Len(var_34)(-1)) Code:
If CBool((var_2C = var_34) And (var_2C = Str(global_005C507C)) And (var_34 = Str(global_005C507C))) Then var_40 = "NDSI has been sucessfully activated. Please restart NDSI." compare the decoded VolumeSerial# from our input with the decoded VolumeSerial# from registry, less the left and right chars. check 2 -> var_2C = Str(global_005C507C) compare the decoded VolumeSerial# from our input with the GetVolumeInformation VolumeSerial# check 3 -> var_34 = Str(global_005C507C) decoded VolumeSerial# from registry, less the left and right chars with the GetVolumeInformation VolumeSerial# as i said before, check 3 is redundant. It will always pass as the program generated it . |
The Following User Says Thank You to T-rad For This Useful Post: | ||
niculaita (12-28-2021) |
#23
|
|||
|
|||
Quote:
That is because the random bytes used to encrypt the VolumeSerialNum in the 1.encryption are in themselves included in each case in the 2.encryption leading to the final RegCode and the ActivKey respectively. Therefore an ActivKey generated with the same VolumeSerialNum of a target machine will work regardless of the RegCode. This is a valid point. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can the bit0 mask in port 0x21 stop generating int 0x08? | BlackWhite | General Discussion | 0 | 03-19-2021 22:53 |