if you dump the crp32002.ngn you can see UserKey/MasterKey...
1. start my app
2. go to activation screen
3. start petools
4. look for crp32002.ngn
5. make a full dump with petools
6. open the dump in olly
7. i found the master and userkey with ultra string reference plugin in olly
Now i've seen this lines, i mean this was the clear code. Not obfuscated and the decryption ? , maybe anybody can explain it.
0165 D5F1 F70C 85A3 40
The next prob are the key options, how can i find this one?
0165 D5F1 F70C 85A3 40 is cleared SiteCode
Heres what I've located and used ->
015F 1B7B 1B9F F446 00
CA BB98 AA64 D711 2CE1 2C61
aad328231cab87079bfd8e64763318b062a18cb0137b846b56 be3a064ad04fa0d086c57e66a1878f41d807613bceb890f7ef 0348018a65632de5446b69e441fb49566e16a4bbf4ea8fa192 9b3f3f25f773c4176940dbc2a451b8b1d43f1f8a84c7c22208 6fea4e1137960ad90a17542f802d03a2918da41740a922564a 30c52f
Then with ckinfo ->
+ Site Code : 015F 1B7B 1B9F F446 00
+ Plaintext Password : WWGNW7>WGZ
+ Easy Licence? : Yes
+ Key Level : 65535
+ Key Options : 1-16
Key Validation - OK
Creating Key - 0000 015E E9FF FFFF FF00 00F7 35
Encrypting Key - 3BE0 D0AE 518F 7CD3 1D84 8F07 10
Should I be doing something different here, any guidance would be appreciated.
after registering the app, where whould be inserted the UNLOCK MODULES code?
someone can kindly make a screenshot? :)
Greets. I'd like to try my hand at fishing for the plain Site Code for a CrypKey 7.1 target program.
The obfuscated Site Code was XXING1 NWVX59 WPNXVV Y61X1P XXXDRX VXXK5I. It changed to XXIG4X 2NKSY9 GNM2S4 Y61X1P XXXDRX VXXK5R when the clock was set forward to trial expiry and it stays expired for now.
At both instances before and after expiry, Ollydbg Ultra String Reference found nothing from crp32002.ngn or <prog>.exe dumping at prog activation page run. Kinda stealth.
And PE Explorer found FE02 6835 D3E7 A293 BF at the very end of crp32002.ngn dump file but ckInfo v1.13 gave no joy.
How else can I defeat CrypKey jigsaw puzzle (short of reverse engineering) to produce a Site Key?
I hope to get a few further hints or pointers from you wise guys. Thanks.
Target program download (87 MB)
Work the problem backwards, ignore the site code.
You have master key & user key with hash values.
Make your own script for ckinfo & generate a good site key.
You by chance grabbed the original site key that gives you the trial?
Don't put it in the box where it asks, after you generate put where on your system site key resides. Replace unreadable site key with 26 byte key you generate. Usually documents & settings under xp, program data under 7.
Make sure you can view the o/s files under folder view.
or use sdk to write your own little tool to call get_sitecode2() for your app.
@wakid you should search better.. your sitecode is where you already searched..
just look after get_sitecode1() into the dump and you wil see it:)
now you should find options / levels and of course if you want you can understand how obfuscation works. i suggest you to dig into EISIcrypto.dll
The most important thing for MaxSea
UCHAR Key =
0xAA, 0x6F, 0xA7, 0x8D,
0xF9, 0x5E, 0x64, 0xCF
1) Decode Site Code with BlowFish algo
and receive "deobfuscated" Site Code
2) Encode Site Key with BlowFish algo
and receive "obfuscated" Site Key
|All times are GMT -4. The time now is 04:15 PM.|
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.