View Full Version : ECC

November 8th, 2011, 11:15
Hi guys!

Hopefully this won't be seen as a crack request

I'm interested in an Application which is using ECC in its registration scheme. it shouldn't be an Application which comes with an third party security software, which means the registration scheme is "homemade". is anybody aware of such an Application ? I'm working on a private project which deals with ecc and so i need targets to analyse. I figured out that it is not that easy to find such targets, thats why i would appreciate any help in this direction!

If this violates the rules, let me just say......sorry


November 8th, 2011, 18:03
I didn't understand very well what you need but I have some security applications. If you explain better to me what you want maybe I can help.

What is ECC ?

November 8th, 2011, 18:42


It's nice that you want help, but without knowing what ecc is i doubt that you can identifying it in an executable when you see it, but correct me if i am wrong!


November 8th, 2011, 18:51
Hi OHPen

the first thing that comes to my mind when thinking about ECC is WinRar.
I once came across another one but I can't remember it's name. Guess I'll have to dig my drives a bit.


November 8th, 2011, 21:43

I don't see any applications per se.
I see it used primarily to pass keys.

Perhaps I misunderstand what you are looking for.

openssh 5.7 uses ECC.


November 9th, 2011, 03:55
[Originally Posted by Woodmann;91365]...
I don't see any applications per se.

ECC is a public key crypto system. A registration scheme would be simple: The developer signs the registration information with his private key and the application checks the registration using the build-in public key. It should be impossible to create a keygen without getting the private key. I think this kind of registration is used more or less often, but I don't know an example.


November 9th, 2011, 04:08
@Darkelf: Thx for the hint! I think i also had in mind that it somehow uses ecc but I forgot about it Will have a look at it. If that is the case, then all the floating around lics are retail and not generated ;D I wonder if that can be because the registration names are sometimes quite "descriptive". I think about something like "cracker[grp]", lol.

@woodmann: radix explanation hit it exactly. It can be used for almost everything which can be done with public key crypto. But as mentioned I'm especially interessted in implementations which are connection licensing and drm.

@radix: you know what i'm searching for ;D i will post application names as soon as i have identifier ecc in it ( if allowed ;D )

Sure I could code a few implemenation by myself but that is not what I want. usually self coded stuff does not always reflect the "reality".

Thank you guys!


November 9th, 2011, 15:50

Anything with FLEXlm will be ideal (unless I misunderstand your request). WinRar is/was also ECC (got broken because Roshal used publically available keys - from a crypto book ifirc).

If you clarify I can probably name a load more ECC 'targets'.



November 9th, 2011, 16:53
Check this ECC tutor : http://www.mediafire.com/?e90q4pl7h59nyy2#1

original topic : http://forum.tuts4you.com/topic/23534-keygening-tutorial/

November 10th, 2011, 05:00
@CrackZ: Thx, I know that ECC is part of FlexLM, but as mentioned I don't want a full blow drm system like flex because this won't allow me to focus on the ecc stuff Flex has a lot of other goodies to play with, hehe. But if you know application parallel to flexlm than i would be glad if you could send me their names!

@Kurapica: Thanks for the Links. I will check them out as soon as possible!


November 30th, 2011, 10:08
ASPR 2.x uses ECC for its short key, if i remember well. aaah, homemade.
hmmm, well, aspr is quite analyzed, you might just take/dump its protect dll, and go from there.
Long time I dont touch aspr, sorry..

December 1st, 2011, 03:19
Aspr is already on my list Thanks!!

December 10th, 2011, 10:27

I have an application, which is used as Flexman protection system version 5.2.

Study recommended FLEXlm.
I already did.

However, I wondered why patching the vendor daemon can not read the license.

I suggest that is the encryption modules.

I am very confused.

Maybe my goal, is very difficult for the level I have.
I hope you can help


December 11th, 2011, 13:47
Windows uses ECC for validating its product key / registration number.

December 12th, 2011, 03:50

good point but the problem here is that it probably will take a while to figure out which is the important portion of code i have to analyse. Windows has a little bit huge code base and to be h0nest i prefer smaller applications for analysis
But if you can point out in which binary the stuff is located than i will have a look at this as well...


December 12th, 2011, 06:37
one of the first programs to use ecc was clonecd back in the days.

December 12th, 2011, 06:57
Ah, good one !!!!! Thanks

December 20th, 2011, 10:39
...and homemade crackme using ECC would be what you are in need of? with a simple accept/reject of a value based off the ECC decryption?

December 21st, 2011, 07:17
Yes!!!!! Something like that would be great, because especially the custom implementations are interesting. Do you have something in mind ?

December 21st, 2011, 15:13
Give me some time (well, adding a plea to my wife too wouldnt hurt )

December 21st, 2011, 16:01
Lol , nah don't waste time. I mean i have now a lot of examples and it is fine for me. Enough to start my ecc analysis