Reverse Engineering Team Board

Reverse Engineering Team Board (
-   Reverse Code Engineering (
-   -   Crypkey : How to get sitekey using cKInfo (

noroute 07-21-2011 07:01 PM

I got the sitecode like you said but thats crypkey's sitecode.... If do a :

ckInfo.exe /createKey site
CrypKey Copy Protection Information v1.13

Key Information...
+ Site Code : 5051 53C4 2895 4762 91

Key Validation - OK
Creating Key - 008D 0200 0000 0000 0000 0488 55
Encrypting Key - 2188 3DB6 4B28 6B8F 0199 A0BD 98

I'm sure what to do with that key, how can I generate a working sitekey with this sitecode? isnt that crapkey's sitecode? how is this code connected to the app?

also, any chance you have the crapkey SDK? 7/ 7.1 ?


narciszu 07-22-2011 02:35 AM


OBFUSCATED: 3F95 21F5 182D 6A31 6738 8059 18A2
REAL: 5051 53C4 2895 4762 91
I think this real site code isn't good for this application. If you check with ckinfo you will see company number: 79560 - this is crypkey company itself. This site code exists in all crp32002.ngn. For this application company number is: 7956979.

If you dump crp32002 you will see something like realsitecode (at the end of dumped file - after user key and master key) but ckinfo can't decrypt.

For 3F95 21F5 182D 6A31 6738 8059 18A2 "real" site code seems to be: 583A 8216 5893 1538 D9

Algo for deobfuscate is simple:

We consider this obfuscated sitecode:
3F95 21F5 182D 6A31 6738 8059 18A2

This obfuscated sitecodes contains real sitecodes mixed with some garbage. In the red marked row I represented with "x" positions that needs to be eliminated from the obfuscated sitecode (garbage) and with letter from "A" to "R" (like in the alphabet) the order of each chars in the real sitecode.



From this:
3F95 21F5 182D 6A31 6738 8059 18A2
you obtain this:
583A 8216 5893 1538 D9

I already checked this with many obfuscated sitecodes and dumped ngn file. This realsitecodes is identical with that you can find in the dumped ngn files. But ... I think here is more than that because ckinfo can't decrypt it. Maybe the chars that remains needs to be in other order .....

sparpacillon 07-22-2011 05:11 AM

indeed :)

here are some hints, i have to dig further..

mainly, we have to see why "real_site_code" is not valid for ckinfo:)

noroute 07-22-2011 11:13 AM

narciszu & sparpacillon,

I am under the impression that the encryption & decryption of the sitecode is for 'display' only - just another way to represent the "real" sitecode (maybe should match some pattern and be compatible with older versions?) . the offsets sparpacillon just pointed at are just that layer.
thats why even after a dec/enc of the sitekey&sitecode the results could not be decoded by ckinfo.

so, I think that site generated site code (and maybe sitekey too) is either calculated differently or wrapped in another layer but not in the offset pointed at.

Thats why I was askin around for the SKG/SDK which theoretically should still be able to generate a correct sitekey (as the master and user are still valid) and also help better understand whats been done.

snowking 07-25-2011 08:49 AM

MaxSea UC UM codes
Hi guys!

I found this forum, while searching for UC UM codes for MaxSea Time 0.

Have read all the pages I hadn't got if anyone has succeded to get these codes with RE?


rahuul 07-28-2011 07:03 AM

thanks for the wonderful article and support throughout...

I am looking for this appz.

I saw your one of the post, where you have given the USerKey and MasterKey of the same appz Ver 6, now since the version is changed to ver 7, it does not work.

I tried to follow it but could not get the keys.

Could you please let me know how would I get that?

No words to thanks... you are simply brilliant!! Hats off to you guys!!

I tried this way but failed miserably.. :(

I thought, it should work with the .ckinfo file created by Narciszu for version 6.

How do I get that User Key Hash (2)?

Any help guys for Version 7??

pescador 07-28-2011 11:19 AM

Using OllyDbg ?
Hey, im tryng find master and site key using OllyDbg, but i really dont know how it works..

im trying in rmc software, PMP Fastrack v7.

Could someone help me?


narciszu 07-28-2011 12:49 PM


User key and Master key are the same like in previous version.


How do I get that User Key Hash (2)?
From user key: D200E78F9D2A70401E

Parsing Key - D200 E78F 9D2A 7040 1E
Decrypting Key - 0408 0908 0806 0606 00
Key Validation - OK
Formatting Key :
--- Password - GNGG777
--- Password Number - 364027498
--- User Key Hash (1) - 0x33
+--- User Key Hash (2) - 0x506B

pescador 07-28-2011 01:17 PM

I tried with the scripts that you send, but isnt working.

So, to try learn the process, i follow this line:

1 Open Fastrack 7
2 Open PE tool and Dump Full crp32002.ngn
3 Open ngn file with Notepad and try find MasterKey and Userkey, find the Masterkey , 742961ff378ed1cb1c25fa7bb4ee881c3b3a7e294d34a46601 20688be538874b1e586424e6eba7fe271ba31a066a747951fc a7e0eab433cfdea9c33e9804dbba19e6bd2177c28b29d742ea 8066e330fe7413972330efbf9717f1738d09e708fb5a4595be b347284431536db26badcd7fca1672fc1625cfc8ec9819fff9 2468f0 .

its correct? and for userkey?

i didnt find anything like userkey in notepad, using Olly i really cant find a option to help me.

Many tnks..

narciszu 07-28-2011 02:12 PM


8cec26332e61cefc11cb420143fee2e26e33a9015199dfef14 bfeab549dcb855b5ee7dfeb5e67d30b95a1c83ed8fa40cd4a0 39f287d46d2b887566b4d6ab687ff9f4c93f8f3f31545c6ac0 b6875c6a40a7a55fe37add64b859d58bdb7aa3a626a1e2b4f0 c064fe2501274d0c9767f198ff38cbb6a0d52e7aa68615733e 24dbf8

Execute pm_fastrack-pmp.exe and dump FROM MEMORY crp32002.ngn. You will find inside userkey and master key.

All times are GMT -4. The time now is 09:08 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.