#16
|
|||
|
|||
Quote:
h**p://w*w.exetools.com/forum/showthread.php?threadid=2385 2. RC5/6 was implemented in a lot libraries on the net. 3. See atach as example RC6 work (it's source for Oscar 17(Summer Edition) Serials Database decipher). |
#17
|
|||
|
|||
Quote:
|
#18
|
|||
|
|||
do you still have a page alephz?
remember great tools posted on it. thanks |
#19
|
|||
|
|||
Quote:
F-Group Software junk progs. (h**p://w*w.fgroupsoft.com) Unfortunately, for now I haven't time to recovery it and more sad, haven't time to enjoy with new junk from F-Group Software. Well, I keep it in my TODO list :-\ |
#20
|
|||
|
|||
Quote:
Thankyou. I'll give this a look over. 5Alive |
#21
|
|||
|
|||
Quote:
well,thanks for the answer! |
#22
|
|||
|
|||
Ups. I forgot I'm not supposed to post Requests in this Forum and JMI edited my post to this stupid message.
Actually if I'd taken the time to use the "search" button and "kanal" on the left side, I would have found the answer to my question is here: http://www.exetools.com/forum/showthread.php?s=&threadid=2348&highlight=kanal pd. LOL JMI 10x friend. Last edited by ByTESCRK; 08-07-2003 at 23:51. |
#23
|
|||
|
|||
Quote:
Thanks alephz! I have since found a string ref to RC4 too! I think the serial number is a rc4 key, and the content decryption is handled by RC6. The app produces a unique system id number using API calls to GetSystemInfo, GetComputerNameA and GetVolumeInformationA. This is to restrict a valid password to a single PC. If your system ID changes, you are sent an new serial to unlock the content. Therefore, system ID is equivalent to a user name and the serial is the password. So I think I am looking at some sort of RC4 keygen. Yikes! I've got some more questions I'll try to answer myself before posting. I'm new to reverse engineering, where do the hours go? 5Alive. |
#24
|
|||
|
|||
RC4 isn't that hard
|
#25
|
|||
|
|||
Is the best solution to rip the RC4 code and insert it into yor own app? I'm using DeDe and IDA.
Once I isolated the code, is MASM the best tool for keygen creation? I notice that Dede doesn't recognise win32 API calls and IDA doesn't recognise some custom Delphi library calls. Can this be fixed, or do I need to work between the two to build a clearer picture of what the functions are doing? I've compiled/created DCU/DSF file from source code to help me identify calls in DeDe. As far as I'm aware FLIRT only supports Delphi 1.0 TPUs which is of no use to me. Anyone know any different and like to share their knowledge? Thanks 5Alive. |
#26
|
|||
|
|||
Quote:
But pay attention to the S-box and to the field K! Don't forget to rip the init routine! Quote:
Quote:
As sKAMER said: Olly and IDA --> deadly combo Last edited by ArC; 08-07-2003 at 20:35. |
#27
|
|||
|
|||
Thanks, I'll keep your comments in mind when attempting this.
5Alive. |
#28
|
|||
|
|||
[QUOTE]Originally posted by ArC
[B]You can try to rip the RC4 code..... But pay attention to the S-box and to the field K! Don't forget to rip the init routine![QUOTE] To find the values of the S-box and K field I would need to single step with a debugger to extract these values. Is this correct? 5Alive. |
#29
|
|||
|
|||
Usually there should be an init routine
which inits the S-Box and the K field. If you want to rip, you will have to rip the init routine as well. However, you should trace (with a debugger) the init routine as well since it usually contains the key. |
#30
|
|||
|
|||
Thanks, I'll look into trying this. I have source for RC4 just now so I'll probably create my own little program to encrypt/decrypt to familiarise myself with it's workings.
5Alive. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Any current Crypto Scanners or tools like KANAL in use? | TempoMat | General Discussion | 13 | 09-18-2021 00:53 |
Kanal | koncool | General Discussion | 7 | 08-01-2003 04:56 |