PDA

View Full Version : RSA things!!!!


iceland
December 28th, 2012, 05:00
Lately i was caught in a 4096 bit Modulus of RSA during a software analysis. From a lot of study and research i almost got the feeling that it is next to impossible ...
But still deep inside my dreams the hope is still alive, when i see fff group releasing keygen of 1024 bit and some forum topics related to cryptoanalysis with posts to have broken RSA 1024 in less than an hour.
For practical purpose i do not have access to 1 billion CPU and i do not know a lot of new findings since a lot of them could be private..
Do you have some clues to enhance my curiosity or to completely dampen it ..... so that i understand the latest possibility till today ... As dreams are not always true... But some maybe .... you know better ...
Using KA tool ... i never got past any 256 bit prime factorization, so this is too much to ask .. lets hear from you guys ....

Extremist
December 28th, 2012, 18:37
768-bit RSA is the current record. 1024-bit hasn't been broken yet. If there are keygens or other claims to the contrary, they're doing something else or using inside information.

iceland
December 30th, 2012, 04:00
Yeah... As expected .. I should stop dreaming ..........
Without inside info ... no luck with this RSA.
Thanks all.............. patching is the only way now.......

hepL3r
December 30th, 2012, 08:09
no one has keygenned rsa-1024 till now , there are some weakness in some RSA's and groups like FFF use that, for example there are keygens for ASProtect and WinLicense targets which are all RSA-1024 and above

http://www.rsa.com/rsalabs/node.asp?id=2094

Silkut
December 30th, 2012, 12:37
Quote:
[Originally Posted by hepL3r;93950]no one has keygenned rsa-1024 till now , there are some weakness in some RSA's and groups like FFF use that, for example there are keygens for ASProtect and WinLicense targets which are all RSA-1024 and above

http://www.rsa.com/rsalabs/node.asp?id=2094



Indeed, there is a gap between pure math (where only RSA factoring would win) and buggy software implementation (every reverser knows how messed up a developer mind is).

squidge
December 30th, 2012, 12:43
Before you go patching the instructions of your target, you might want to try and see if my method works (and probably, the method of many other crackers out there) :

Forget trying to generate a key for a 1024+ bit RSA encrypted license without the private key.

However, there are always two parts: Public key and private key. So to authenticate the license, the software needs to have the public key inside it somehow. So find this key and swap it to one which you have the private key for, then build your keygen using this private key. Typically, the software will not know its been changed, and even if it does, its usually easier to patch those conditions, than all of the rest of the protection.