#1
|
|||
|
|||
Reversing Key using pattern
I have a device that uses feature codes to turn on/off features. It is system serial# specific.
I have a list of valid codes based on serial#'s... so I thought I'd see if I could find a pattern. Well I did for the one I tried. And I can create valid keys for that feature. However I would like to try to figure out the algorithm as there are over 30 features and that would take forever to manually decipher. This is probably more in line with cryptography than cracking. Does anyone have information that may help me discover the algorithm based on pattern recognition? The license keys are 12 chars only from back in the early 1990's. Thanks, P.S. My guess is that they are using a lookup table. If this number = x then lookup and use k, etc. But not 100%. Program is not MS-DOS/WIN based so no debugger. Last edited by Maltese; 11-06-2007 at 23:54. |
#2
|
|||
|
|||
Quote:
|
#3
|
|||
|
|||
Lynx OS is the operating system which is an off-shot of Unix. Not sure on the CPU exactly. Possibly made by Motorola. They used Sun Microsystems in their facility.
|
#4
|
|||
|
|||
from back of 90'... hm, 68k ? no way to disasm the program ?
|
#5
|
|||
|
|||
Apparently there is a debugger with LynxOS on the trial CD. I will have to re-install it and check that out.... I do not have documentation. It's not like a windows debugger...think DOS-like.
|
#6
|
|||
|
|||
check here: h!!p://www.gnu.org/software/gdb/documentation/
|
#7
|
|||
|
|||
There is no generic information that may help you discover the algorithm based on pattern recognition because there can be millions of possibilities how to do it ... Best way is try reverse original app. First analyze compiled language then try find some disassembler or debugger ...
Or if you have a lot of keys you can try analyze what is changing with specific feature. |
#8
|
|||
|
|||
I have decoded 3 feature keys using patterns alone. It's not very complex, but now it's a pain for the feature I'm working on now.
As an example I have provided 3 legitimate codes used to reverse the pattern. System Serial# = 50000, Legitimate license code = aMrNvhKz6pR3 System Serial# = 50217, Legitimate license code = aMvRwDKzEhO3 System Serial# = 65218, Legitimate license code = MAzPvwoNMlR- Now let's pick a random serial number between 50000 & 65000: 54222 Here is this features reversal to get to generate the licensed code. 1st digit in serial number determines 1st digit in licensed code: 5xxxx = a 6xxxx = M 2nd digit of Licensed code is determined by the 1st 2 digits in serial Number: 50xxx = M 51xxx = 6 52xxx = U 53xxx = E 54xxx = Q 55xxx = A 56xxx = Y 57xxx = I 58xxx = unknown - no data 59xxx = 8 60xxx = M 61xxx = 6 62xxx = U 63xxx = E 64xxx = Q 65xxx = A 3rd digit of serial# (only) determines 3rd digit in licensed code xx0xx r xx1xx z xx2xx v xx3xx 3 xx4xx t xx5xx 1 xx6xx x xx7xx 5 xx8xx q xx9xx y 4th digit of serial# (only) determines 4th digit in licensed code xxx0x = N xxx1x = R xxx2x = P xxx3x = T xxx4x = M xxx5x = Q xxx6x = O xxx7x = S xxx8x = N xxx9x = R 5th digit of serial# (only) determines 5th digit in licensed code xxxx0 = v xxxx1 = x xxxx2 = u xxxx3 = w xxxx4 = v xxxx5 = x xxxx6 = u xxxx7 = w xxxx8 = v xxxx9 = x For 6th digit of license code, use chart below: If serial# starts with 5, use: Look at last number (of serial) and match with chart: 0 = h 1 = h 2 = h 3 = h 4 = D 5 = D 6 = D 7 = D 8 = x 9 = x If serial# starts with 6, use: Look at the last number (of serial) and match with chart: 0 = g 1 = g 2 = g 3 = g 4 = C 5 = C 6 = C 7 = C 8 = w 9 = w For 7th digit of license code, use chart below: If serial# starts with 5, 7th pos = K If serial# starts with 6, 7th pos = o For 8th digit of license code, use chart below: Look at last 4 of serial# (ignore the last 3). Using the first number, use the chart below: 0xxx = z 1xxx = V 2xxx = j 3xxx = F 4xxx = r 5xxx = N 6xxx = b 7xxx = 7 8xxx = unknown - no data 9xxx = Z For 9th digit of license code, use chart below: Look at last 3 of serial# (ignore the last 2). Using the first number, use the chart below: 0xx = 6 1xx = M 2xx = E 3xx = U 4xx = A 5xx = Q 6xx = I 7xx = Y 8xx = 8 9xx = O For 10th digit of license code: Look @ last 2 digits of serial#. Use the chart as follows for 10th digit: 00-09 = p 10-19 = h 20-29 = l 30-39 = d 40-49 = n 50-59 = f 60-69 = j 70-79 = b 80-89 = o 90-99 = g For License positions 11 + 12, use the following: If serial Number starts with 5 ends in 0: R3 ends in 1: N3 ends in 2: T3 ends in 3: P3 ends in 4: Q3 ends in 5: M3 ends in 6: S3 ends in 7: O3 ends in 8: RZ ends in 9: NZ If serial Number starts with 6 ends in 0: R4 ends in 1: N4 ends in 2: T4 ends in 3: P4 ends in 4: Q4 ends in 5: M4 ends in 6: S4 ends in 7: O4 ends in 8: R- ends in 9: N- The generated license code is: aQvPuhKrElT3 I looks like basic look-up and arithmetic. The program is however changing the algorithm so you can't repeat for each feature. I was hoping for a Uber secret program to help out. To save time of course. Last edited by Maltese; 11-07-2007 at 07:56. |
#9
|
|||
|
|||
I have attached a file containing almost a 1000 legitimate pass codes to try reverse.
1) License position 1: If the serial# starts with 5xxxx, the license char 1 = d If the serial# starts with 6xxxx, the license char 1 = P 2) License position 2: Partially determined by 2nd char in serial# a) x0xxx = B or 7 b) x1xxx = N or R c) x2xxx = F or J d) x3xxx = V or Z e) x4xxx = B or 7 f) x5xxx = N or R g) x6xxx = F or J h) x7xxx = V or Z i) x8xxx = B or 7 j) x9xxx = T or P Still not sure what determines which 3) License position 8: Similar to position 2 except characters differ. a) x0xxx = H or 9 b) x1xxx = l or d c) x2xxx = X or P d) x3xxx = t or 1 e) x4xxx = H or 9 f) x5xxx = l or d g) x6xxx = X or P h) x7xxx = t or 1 i) x8xxx = H or 9 j) x9xxx = p or h 4) License Position 11: Based solely on the last digit of the serial# 0 = N 1 = R 2 = P 3 = T 4 = M 5 = Q 6 = O 7 = S 8 = N 9 = R 5) License position 12 (last char): Is based on if the serial starts with 5xxxx or 6xxxx. If serial starts with 5xxxx, then it's one of 4 chars: a) z b) v c) N d) r If serial starts with 6xxxx, then it's one of 4 chars: a) 0 b) s c) W d) O Still not sure what determines it. Any help would be appreciated. |
#10
|
||||
|
||||
What is the Feature number for these :
System Serial# = 50000, Legitimate license code = aMrNvhKz6pR3 System Serial# = 50217, Legitimate license code = aMvRwDKzEhO3 System Serial# = 65218, Legitimate license code = MAzPvwoNMlR- Do you have a list of Feature numbers/codes?. Are there exactly 30 or are there more than 32 Features?. Also, what is the range of the serial number? Git Last edited by Git; 11-07-2007 at 22:15. Reason: addition |
#11
|
|||
|
|||
Serials are around the range of: 50,000 to 65,000.
There are different features. Not sure how many there are exactly. And not all serials have the same features enabled. |
#12
|
|||
|
|||
Does anyone have access to a program for analyzing patterns? I've decoded a few more (different ones), still not the 2nd one listed above in this thread.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[C++] Pattern Scanner | atom0s | Source Code | 4 | 02-11-2016 06:03 |
pattern matching algorithm | OHPen | General Discussion | 9 | 10-10-2003 05:11 |
Need to find a pattern in a running file | merlin | General Discussion | 14 | 07-20-2002 06:59 |