Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   Crypkey : How to get sitekey using cKInfo (http://www.reteam.org/board/showthread.php?t=1868)

panhandlebob 01-28-2011 03:10 PM

ok, that is what i did. and my site key that i generate "encrypting key" does't work.

here is my script that i'm using

Default Script (ckInfo)

ScriptName=pos

Action=CreateSiteKey
Userkey=cb1c52c0e054b7fe704d69
SiteCode=dc693914c59ced2a13
Password=N7G7W7N7W
NumberOfLicences=1
NetworkLicence=no
LicenceDuration=unlimited
KeyLevel=10
KeyOptions=9,15

narciszu 01-28-2011 03:27 PM

For your example script, site key returned is:
D3B6 D436 02D0 A65E 9D10 84AE 98

Add at the end the last two digits cutted to obtain correct sitecode. Add it in reverse order. If the last 2 digits cutted was 2E you need to add E2 and obtain key to enter in program:

D3B6 D436 02D0 A65E 9D10 84AE 98E2

sparpacillon 01-28-2011 03:39 PM

wrong level, wrong options, and the last 2 chars are not calculated as you said.

narciszu 01-28-2011 03:57 PM

This is my data:
Script:
Quote:

#Default Script (ckInfo)
ScriptName=Create Site Key POSER
Action=CreateSiteKey
MasterKey=FA8D57C4E4C5F401F409335E61CC968B1DFD968B 6C1C
UserKey=CB1C 52C0 E054 B7FE 704D 69
AddToExistingLicence=no
NumberOfLicences=1
NetworkLicence=no
LicenceDuration=unlimited
EasyLicence=no
KeyLevel=14
KeyOptions=0
Generated Sitecode
D91F FAA4 C588 BF1C 242E

Corect sitecode
D91F FAA4 C588 BF1C 24

Generated SiteKey
D7D9 7404 D13F 2E4F 8527 2E27 51

Entered SiteKey
D7D9 7404 D13F 2E4F 8527 2E27 51E2

Now, program ask me for password. It was probably a coincidence the reversed last 2 digits for sitekey.

panhandlebob 01-28-2011 04:17 PM

used your script and my sitecode and still fails......

my sitecode checks correct. wtf?

sparpacillon 01-28-2011 04:46 PM

@panhandlebob
you did not understand that those 2 chars are connected with serial number and commerce name...
more than an help was given to you.. now go alone :)

panhandlebob 01-28-2011 06:39 PM

thanks for your time. i am not seeing it, but thanks again.

narciszu 01-29-2011 03:14 AM

If you put Serial numebr=1500000 and Commerce Name=TEST You could add at the end of generated sitekey this digits: E2

If you increase serial number by 1, need to decrease last digits by 1 (in HEX). I don't know yet the algo but this works.

LastDigits Serial Name
E2 1500000 TEST
E1 1500001 TEST
E0 1500002 TEST
DF 1500003 TEST

But you still need to find passwords.

Maybe @sparpacillon give a hint !?

sparpacillon 01-29-2011 05:01 AM

Code:

60404669    8B4D F8                            MOV ECX,DWORD PTR SS:[EBP-8]
6040466C    E8 2F000000                        CALL ?IsDistributor@CDialogPassword@@IAEHXZ
60404671    8945 FC                            MOV DWORD PTR SS:[EBP-4],EAX
60404674    837D FC 00                          CMP DWORD PTR SS:[EBP-4],0
60404678    75 0B                              JNZ SHORT 60404685
6040467A    8B4D F8                            MOV ECX,DWORD PTR SS:[EBP-8]
6040467D    E8 DE000000                        CALL ?IsDevelopment@CDialogPassword@@IAEHXZ
60404682    8945 FC                            MOV DWORD PTR SS:[EBP-4],EAX
60404685    837D FC 00                          CMP DWORD PTR SS:[EBP-4],0
60404689    75 0B                              JNZ SHORT 60404696
6040468B    8B4D F8                            MOV ECX,DWORD PTR SS:[EBP-8]
6040468E    E8 3D020000                        CALL ?IsUser@CDialogPassword@@IAEHXZ
60404693    8945 FC                            MOV DWORD PTR SS:[EBP-4],EAX

finding the passwords is trivial.. they are hardcoded

narciszu 01-29-2011 07:13 AM

You can enter program by typing 2 spaces into the password dialog box with DISTRIBUTOR Level. Another passwords are: "HELLO", "7544", "18681543", "00410989". This are OK only if you NOT choose to install SP4. But first password (2 spaces) works anyway (even you don't type anything on the user name field if you already installed SP4)

Now you can play with KeyLevel and KeyOptions. This two modifies workstation number and activate various modules.

More explanation:
Quote:

#Default Script (ckInfo)
ScriptName=Create Site Key POSERA Maitre'D Back-Office
Action=CreateSiteKey
MasterKey=FA8D 57C4 E4C5 F401 F409 335E 61CC 968B 1DFD 968B 6C1C
UserKey=CB1C 52C0 E054 B7FE 704D 69
AddToExistingLicence=no
NumberOfLicences=1
NetworkLicence=no
LicenceDuration=unlimited
EasyLicence=no
KeyLevel=16353
KeyOptions=3-4,6-10,12-16

KeyOption details:

2 = DEMONSTRATOR
3 = Academic
4 = FastFood
5 = Auxilliary Back-Office Only
6 = Stock management
7 = Multi Location Inventory
8 = Delivery
9 = Time & Attendance
10 = Account Receivable
11 = Backup Server
12 = Corporate Client
13 = Corporate Server pak #1
14 = Corporate Server pak #2
15 = Electronic Fund Transfer
16 = Interface Front Desk

KeyLevel Details:
3 = Interface customer
4 = Interface general Ledger
5 = Interface Account Receivable
6 = Interface Acoount Payable
7 = Interface Payroll
8 = Interface Scale
9 = Interface Bar
10 = Interface Time & Attendance
11 = Interface Gift Certificate

Key Level 1,12-16 is responsible for the workstation number. Maximum is 63 workstations.

KeyLevel = 16 => Workstation = 1
KeyLevel = 15 => Workstation = 2
KeyLevel = 15,16 => Workstation = 3
...
KeyLevel = 12-16 => Workstation 31

KeyLevel 1 add 32 to the workstation number. If you specifies KeyLevel 1,16 => Worsktaion number is 32+1=33



KeyLevel 2 - seems to be unused
KeyOption 1 if set = ERROR Authorisation

Here you can see how to obtain correct value for KeyLevel. Red line is the value I put it in script. KeyLevel=16353



And here you can see how to "play" with KeyOptions
KeyOptions=3-4,6-10,12-16


THANK YOU @sparpacillon for the password hint.

For this work to be complete, we must find the algo for generating last 2 digits added at the end of the correct sitekey.


All times are GMT -4. The time now is 03:47 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.