Reverse Engineering Team Board

Reverse Engineering Team Board (
-   Reverse Code Engineering (
-   -   Crypkey : How to get sitekey using cKInfo (

BfoX 04-27-2011 02:43 AM

if you dump the crp32002.ngn you can see UserKey/MasterKey... 04-27-2011 04:36 AM


Originally Posted by BfoX (Post 27979)
if you dump the crp32002.ngn you can see UserKey/MasterKey...

Thanks mate, i've done this:

1. start my app
2. go to activation screen
3. start petools
4. look for crp32002.ngn
5. make a full dump with petools
6. open the dump in olly
7. i found the master and userkey with ultra string reference plugin in olly

Thanks men.

Now i've seen this lines, i mean this was the clear code. Not obfuscated and the decryption ? , maybe anybody can explain it.

0165 D5F1 F70C 85A3 40
%02d-%02d-%02d %02d:%02d:%02d
%02d-%02d-%02d %02d:%02d:%02d

The next prob are the key options, how can i find this one?


BfoX 04-27-2011 12:22 PM

0165 D5F1 F70C 85A3 40 is cleared SiteCode 04-28-2011 01:35 PM

thanks mate

Originally Posted by BfoX (Post 27986)
0165 D5F1 F70C 85A3 40 is cleared SiteCode

Thanks, maybe you can explain how to find the key options.

hohosanta69 05-10-2011 08:27 AM


Originally Posted by salamander12 (Post 27702)
The program is maxsea time zero downloaded from previous posts and requires 28 digit activation code. The code i can generate is only 26 digits long. How am i wrong?Obfuscation problems?(I saw blowfish.dll inside maxsea directory)

Like Salamander, I can only produce a 26 digit code and MaxSea Time Zero wants a 28 digit one. I see blowfish is being used, but I don't know how to deal with that unlike salamander who provided a key.

Heres what I've located and used ->

Site Code:

015F 1B7B 1B9F F446 00

User Key:

CA BB98 AA64 D711 2CE1 2C61

Master key:

aad328231cab87079bfd8e64763318b062a18cb0137b846b56 be3a064ad04fa0d086c57e66a1878f41d807613bceb890f7ef 0348018a65632de5446b69e441fb49566e16a4bbf4ea8fa192 9b3f3f25f773c4176940dbc2a451b8b1d43f1f8a84c7c22208 6fea4e1137960ad90a17542f802d03a2918da41740a922564a 30c52f

Then with ckinfo ->

Key Information...
+ Site Code : 015F 1B7B 1B9F F446 00
+ Plaintext Password : WWGNW7>WGZ
+ Easy Licence? : Yes
+ Key Level : 65535
+ Key Options : 1-16

Key Validation - OK
Creating Key - 0000 015E E9FF FFFF FF00 00F7 35
Encrypting Key - 3BE0 D0AE 518F 7CD3 1D84 8F07 10

Should I be doing something different here, any guidance would be appreciated.

sparpacillon 05-13-2011 01:34 PM

after registering the app, where whould be inserted the UNLOCK MODULES code?
someone can kindly make a screenshot? :)

wakid 05-13-2011 09:20 PM

Greets. I'd like to try my hand at fishing for the plain Site Code for a CrypKey 7.1 target program.

The obfuscated Site Code was XXING1 NWVX59 WPNXVV Y61X1P XXXDRX VXXK5I. It changed to XXIG4X 2NKSY9 GNM2S4 Y61X1P XXXDRX VXXK5R when the clock was set forward to trial expiry and it stays expired for now.

At both instances before and after expiry, Ollydbg Ultra String Reference found nothing from crp32002.ngn or <prog>.exe dumping at prog activation page run. Kinda stealth.

And PE Explorer found FE02 6835 D3E7 A293 BF at the very end of crp32002.ngn dump file but ckInfo v1.13 gave no joy.

How else can I defeat CrypKey jigsaw puzzle (short of reverse engineering) to produce a Site Key?
I hope to get a few further hints or pointers from you wise guys. Thanks.

Target program download (87 MB)

Dr Pete 05-14-2011 02:56 AM

Work the problem backwards, ignore the site code.
You have master key & user key with hash values.
Make your own script for ckinfo & generate a good site key.
You by chance grabbed the original site key that gives you the trial?
Don't put it in the box where it asks, after you generate put where on your system site key resides. Replace unreadable site key with 26 byte key you generate. Usually documents & settings under xp, program data under 7.
Make sure you can view the o/s files under folder view.
Have fun

sparpacillon 05-14-2011 05:32 AM

or use sdk to write your own little tool to call get_sitecode2() for your app.
@wakid you should search better.. your sitecode is where you already searched..
just look after get_sitecode1() into the dump and you wil see it:)
now you should find options / levels and of course if you want you can understand how obfuscation works. i suggest you to dig into EISIcrypto.dll

WRP 05-14-2011 07:27 AM

The most important thing for MaxSea

BlowFish Key->

UCHAR Key[] =
0xAA, 0x6F, 0xA7, 0x8D,
0xF9, 0x5E, 0x64, 0xCF

1) Decode Site Code with BlowFish algo
and receive "deobfuscated" Site Code

2) Encode Site Key with BlowFish algo
and receive "obfuscated" Site Key

All times are GMT -4. The time now is 04:15 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.