Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #211  
Old 04-27-2011, 02:43 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,244
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

if you dump the crp32002.ngn you can see UserKey/MasterKey...
__________________
... Either you work well or you work much ....
Reply With Quote
  #212  
Old 04-27-2011, 04:36 AM
mr.smart mr.smart is offline
Member
 
Join Date: Apr 2011
Posts: 13
Default

Quote:
Originally Posted by BfoX View Post
if you dump the crp32002.ngn you can see UserKey/MasterKey...
Thanks mate, i've done this:

1. start my app
2. go to activation screen
3. start petools
4. look for crp32002.ngn
5. make a full dump with petools
6. open the dump in olly
7. i found the master and userkey with ultra string reference plugin in olly

Thanks men.

Now i've seen this lines, i mean this was the clear code. Not obfuscated and the decryption ? , maybe anybody can explain it.

0165 D5F1 F70C 85A3 40
%02d-%02d-%02d %02d:%02d:%02d
%02d-%02d-%02d %02d:%02d:%02d

The next prob are the key options, how can i find this one?

Thanks

Last edited by mr.smart : 04-27-2011 at 08:31 AM.
Reply With Quote
  #213  
Old 04-27-2011, 12:22 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,244
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

0165 D5F1 F70C 85A3 40 is cleared SiteCode
__________________
... Either you work well or you work much ....
Reply With Quote
  #214  
Old 04-28-2011, 01:35 PM
mr.smart mr.smart is offline
Member
 
Join Date: Apr 2011
Posts: 13
Default thanks mate

Quote:
Originally Posted by BfoX View Post
0165 D5F1 F70C 85A3 40 is cleared SiteCode
Thanks, maybe you can explain how to find the key options.
Reply With Quote
  #215  
Old 05-10-2011, 08:27 AM
hohosanta69 hohosanta69 is offline
Junior Member
 
Join Date: May 2011
Posts: 1
Default

Quote:
Originally Posted by salamander12 View Post
The program is maxsea time zero downloaded from previous posts and requires 28 digit activation code. The code i can generate is only 26 digits long. How am i wrong?Obfuscation problems?(I saw blowfish.dll inside maxsea directory)
Like Salamander, I can only produce a 26 digit code and MaxSea Time Zero wants a 28 digit one. I see blowfish is being used, but I don't know how to deal with that unlike salamander who provided a key.

Heres what I've located and used ->

Site Code:

015F 1B7B 1B9F F446 00

User Key:

CA BB98 AA64 D711 2CE1 2C61

Master key:

aad328231cab87079bfd8e64763318b062a18cb0137b846b56 be3a064ad04fa0d086c57e66a1878f41d807613bceb890f7ef 0348018a65632de5446b69e441fb49566e16a4bbf4ea8fa192 9b3f3f25f773c4176940dbc2a451b8b1d43f1f8a84c7c22208 6fea4e1137960ad90a17542f802d03a2918da41740a922564a 30c52f

Then with ckinfo ->

Key Information...
+ Site Code : 015F 1B7B 1B9F F446 00
+ Plaintext Password : WWGNW7>WGZ
+ Easy Licence? : Yes
+ Key Level : 65535
+ Key Options : 1-16

Key Validation - OK
Creating Key - 0000 015E E9FF FFFF FF00 00F7 35
Encrypting Key - 3BE0 D0AE 518F 7CD3 1D84 8F07 10

Should I be doing something different here, any guidance would be appreciated.
Reply With Quote
  #216  
Old 05-13-2011, 01:34 PM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

after registering the app, where whould be inserted the UNLOCK MODULES code?
someone can kindly make a screenshot?
Reply With Quote
  #217  
Old 05-13-2011, 09:20 PM
wakid wakid is offline
Junior Member
 
Join Date: May 2011
Posts: 1
Default

Greets. I'd like to try my hand at fishing for the plain Site Code for a CrypKey 7.1 target program.

The obfuscated Site Code was XXING1 NWVX59 WPNXVV Y61X1P XXXDRX VXXK5I. It changed to XXIG4X 2NKSY9 GNM2S4 Y61X1P XXXDRX VXXK5R when the clock was set forward to trial expiry and it stays expired for now.

At both instances before and after expiry, Ollydbg Ultra String Reference found nothing from crp32002.ngn or <prog>.exe dumping at prog activation page run. Kinda stealth.

And PE Explorer found FE02 6835 D3E7 A293 BF at the very end of crp32002.ngn dump file but ckInfo v1.13 gave no joy.



How else can I defeat CrypKey jigsaw puzzle (short of reverse engineering) to produce a Site Key?
I hope to get a few further hints or pointers from you wise guys. Thanks.

Target program download (87 MB)

Last edited by wakid : 05-13-2011 at 09:53 PM.
Reply With Quote
  #218  
Old 05-14-2011, 02:56 AM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default

Work the problem backwards, ignore the site code.
You have master key & user key with hash values.
Make your own script for ckinfo & generate a good site key.
You by chance grabbed the original site key that gives you the trial?
Don't put it in the box where it asks, after you generate put where on your system site key resides. Replace unreadable site key with 26 byte key you generate. Usually documents & settings under xp, program data under 7.
Make sure you can view the o/s files under folder view.
Have fun
Reply With Quote
  #219  
Old 05-14-2011, 05:32 AM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

or use sdk to write your own little tool to call get_sitecode2() for your app.
@wakid you should search better.. your sitecode is where you already searched..
just look after get_sitecode1() into the dump and you wil see it
now you should find options / levels and of course if you want you can understand how obfuscation works. i suggest you to dig into EISIcrypto.dll

Last edited by sparpacillon : 05-14-2011 at 07:39 AM.
Reply With Quote
  #220  
Old 05-14-2011, 07:27 AM
WRP WRP is offline
Senior Member
 
Join Date: May 2009
Posts: 142
Default

The most important thing for MaxSea

BlowFish Key->

UCHAR Key[] =
{
0xAA, 0x6F, 0xA7, 0x8D,
0xF9, 0x5E, 0x64, 0xCF
};


1) Decode Site Code with BlowFish algo
and receive "deobfuscated" Site Code

2) Encode Site Key with BlowFish algo
and receive "obfuscated" Site Key

Last edited by WRP : 05-17-2011 at 12:49 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.