#1
|
|||
|
|||
Any one see this Cryptographic?
0041C249 . C74424 60 6>mov dword ptr ss:[esp+60],CD49046B
0041C251 . C74424 64 C>mov dword ptr ss:[esp+64],829A80CB 0041C259 . C74424 68 C>mov dword ptr ss:[esp+68],3F5157C0 0041C261 . C74424 6C 8>mov dword ptr ss:[esp+6C],B50C6384 0041C269 . C74424 70 5>mov dword ptr ss:[esp+70],AA56D550 0041C271 . C74424 74 7>mov dword ptr ss:[esp+74],B05ADF71 0041C279 . C74424 78 D>mov dword ptr ss:[esp+78],7B2E3CD4 0041C281 . C74424 7C C>mov dword ptr ss:[esp+7C],CFB69AC3 any one who knows the Cryptographic? thanks. |
#2
|
||||
|
||||
It can be everything, even not crypto stuff. Try to use PEId's plugin KANAL to identify crypto signatures.
|
#3
|
|||
|
|||
I saw the same thing twice before, not the same dwords, but it was setting up the bignum for rsa, but like he said use KANAL, or CRYPTOSEARCHER should give a better result.
|
#4
|
||||
|
||||
i had a target where these commands prepare a SHA-routine.
|
#5
|
|||
|
|||
its simply 8 dwords... we need more code and if KANAL willn't detect this constants than it may be simply home-made crypto... or it may be a big nums...
|
#6
|
|||
|
|||
There is also one good crypto searcher by Christal on http://christal1.cjb.net/
try that if Peid doesnt work... BYe NeOXOeN |
#7
|
|||
|
|||
Well£¬thanks all ,firstly.
I met this when I tried to make a keygen of WMV to AVI MPEG DVD WMV Converter 1.4.8. It's easy to patch.But i want a keygen. The offical site is:http://www.alloksoft.com. Code:
0041C220 > \6A FF push -1 0041C222 . 68 191D4300 push WMV_to_A.00431D19 ; SE handler installation 0041C227 . 64:A1 00000>mov eax,dword ptr fs:[0] 0041C22D . 50 push eax 0041C22E . 64:8925 000>mov dword ptr fs:[0],esp 0041C235 . 81EC 940000>sub esp,94 0041C23B . 8B8424 A400>mov eax,dword ptr ss:[esp+A4] 0041C242 . 53 push ebx 0041C243 . 56 push esi 0041C244 . 50 push eax 0041C245 . 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 0041C249 . C74424 60 6>mov dword ptr ss:[esp+60],CD49046B 0041C251 . C74424 64 C>mov dword ptr ss:[esp+64],829A80CB 0041C259 . C74424 68 C>mov dword ptr ss:[esp+68],3F5157C0 0041C261 . C74424 6C 8>mov dword ptr ss:[esp+6C],B50C6384 0041C269 . C74424 70 5>mov dword ptr ss:[esp+70],AA56D550 0041C271 . C74424 74 7>mov dword ptr ss:[esp+74],B05ADF71 0041C279 . C74424 78 D>mov dword ptr ss:[esp+78],7B2E3CD4 0041C281 . C74424 7C C>mov dword ptr ss:[esp+7C],CFB69AC3 0041C289 . E8 E8280100 call <jmp.&MFC42.#537> ; kernel32.lstrlenA;MSVCRT.memcpy 0041C28E . 8B8C24 B000>mov ecx,dword ptr ss:[esp+B0] 0041C295 . C78424 A400>mov dword ptr ss:[esp+A4],0 0041C2A0 . 51 push ecx 0041C2A1 . 8D4C24 0C lea ecx,dword ptr ss:[esp+C] 0041C2A5 . E8 CC280100 call <jmp.&MFC42.#537> 0041C2AA . 8B5424 0C mov edx,dword ptr ss:[esp+C] 0041C2AE . 8B35 BC2544>mov esi,dword ptr ds:[<&MSVCRT._mbscmp>>; msvcrt._mbscmp 0041C2B4 . 68 60FC4300 push WMV_to_A.0043FC60 ; /s2 = "" 0041C2B9 . 52 push edx ; |s1 0041C2BA . C68424 AC00>mov byte ptr ss:[esp+AC],1 ; | 0041C2C2 . FFD6 call esi ; \_mbscmp Registration successful. It seems the initial value . It should be symmetrical cipher . cipher(username)=Registrationcode |
#8
|
|||
|
|||
Quote:
These three calls look like BigCreate or smth like that: Code:
.text:0041C2ED call sub_401974 .... .text:0041C300 call sub_401974 .... .text:0041C317 call sub_401974 Code:
push 10001h on this line Code:
0041C289 . E8 E8280100 CALL <JMP.&MFC42.#537> Code:
0012CDF4 6B 04 49 CD CB 80 9A 82 kI§¯§Ђљ‚ 0012CDFC C0 57 51 3F 84 63 0C B5 §¡WQ?„c.µ 0012CE04 50 D5 56 AA 71 DF 5A B0 P§·VЄq§ÁZ¡ã 0012CE0C D4 3C 2E 7B C3 9A B6 CF §¶<.{§¤љ¶§± Code:
6B 04 49 CD CB 80 9A 82 C0 57 51 3F 84 63 0C B5 50 D5 56 AA 71 DF 5A B0 D4 3C 2E 7B C3 9A B6 CF Code:
6B0449CDCB809A82C057513F84630CB550D556AA71DF5AB0D43C2E7BC39AB6CF Code:
CFB69AC37B2E3CD4B05ADF71AA56D550B50C63843F5157C0829A80CBCD49046B You can get these tools here: Code:
http://www.asahi-net.or.jp/~KC2H-MSM/cn/ When you have N & D you can code keygen |
#9
|
|||
|
|||
cbs,Good man!
You are right! N=CFB69AC37B2E3CD4B05ADF71AA56D550B50C63843F5157C0829A80CBCD49046B I use ppsiqsv1.1 to get the factors p and q. P=E4E7E39EE5E5C98788BF466DDCBAB2DF Q=E84C8EBF8D5AA6A5ACB2569542DBCBF5 and use tE's RSA tool. E=10001 D=3CE0C02B5B070A3D2C12F63A523A70FA57692AFC70FAE36480D0E33205F6B4C1 BRD made a keygen of this product v1.4.6 which could bu used on v1.4.8. I disassembled the keygen to study,^_^. the RSA value of name should be changed to registration key by some tricks. Really appreciate the help of all you! Regards |
#10
|
|||
|
|||
Quote:
I've received PM asking which tool by Satoshi Tomabechi to use. Generally PPSIQS is used. But don't use RSA Tool for large composite numbers. It's too slow. I have tested RSA Tool vs PPSIQS and PPSIQS is approximately 3 (!) times faster. I tried RSA-255/256 many times and on my machine I get factors for a bit more than one hour. RSA Tool requires ~4-5 hours for the same task. RSA Tool is designed for 'playing' with numbers and keys generation And it's much better to use specialized tools for factoring. BTW I'm not sure if RSA Tool keys generation scheme is secure |
#11
|
|||
|
|||
Quote:
Quote:
But RSAtool is very slow. I use RSAtool to calculate D. Quote:
I downloaded it from programmerstools. I cracked it,a username could have many keys. In fact,It uses RSA. When I search RSA in tut from pediy.com(chinese site), I found someone has cracked the apis32,and made a keygen. In the tut,he said it used RSA,and surely it was! I got a little puzzled. In RSA,one username has one code. But i could get two or four ,or more. Does RSA have collision like MD5? If so,RSA should not be used on digital signature. Regards |
#12
|
|||
|
|||
RSA doesn't have collision, but usually what's encrypted isn't the actual document, it's the hash of the document. Since asymetric crypto is too slow usually they just take a hash of the doc and then encrypt the hash with RSA with private key. Then the end user uses public key to decrypt hash, takes hash themselves of the document, and compares hashes. If they match this means document hasn't been changed. If MD5 (the most common hash) has collision (still very rare I think) then that is why you may see it because possibly they are RSA the hash only.
-Lunar |
#13
|
|||
|
|||
Quote:
I am still in the mist. RSA(hash1)=RSA(hash2) Whether the hash1 or hash2 are MD5 hash is not important. What's important is that two different hash arrived the same RSA value. Anyway,I generally agree with you that RSA has no collision. Maybe when the program apis32 v2.5 checks the regcode, It is not the standand RSA_Decipher procedure,so I could got different Regcode for the same username. You could look at the apis32 v2.5. And I will provide more keys for the same username. Regards |
#14
|
|||
|
|||
What is the needed to use PPSIQS, i am receiving only...
Input number (input 0 to exit) |
#15
|
|||
|
|||
Hey bytescrk,
just input public Modulus in Base10 ... and ... ENTER ... play with ur girlfriend Bye |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Idenitfying a cryptographic algorithm | wassim_ | General Discussion | 1 | 07-15-2020 22:15 |
Public White-Box Cryptographic Implementations and their Practical Attacks | TechLord | General Discussion | 8 | 12-20-2016 08:03 |