PDA

View Full Version : The new MS protection scheme


Goat
August 20th, 2001, 00:44
I'm having trouble reversing the new MS protection scheme such as Office XP, Visio 2002, etc. (the certain software doesn't matter) Anyway I'm having trouble finding any leads to the segment where it checks A)How many times I've opened it and B)How many days I've used the software. It would be easier if it didn't make so fucking many registry calls upon loading so I wouldn't get lost in the code everytime I break on RegQueryValueExA or equivalent. When I disassemble in IDA either the Visio.exe or the DLLs it uses, I can't find any of the text from message/dialog boxes so I dunno now. Never reversed MS software, and anyone who has and wouldn't mind e-mailing me would be greatly appreciated.

JMI
August 21st, 2001, 02:22
Personally I don't know anything about the new MS protection scheme, but I remember copying an earlier thread on the subject that contains information about a RipeMD scheme for protection. It also has a reference to source code related to this issue. The thread was dated May 15, 2001 and titled "Microsoft Activation Protection". I don't have the direct URL, but could e-mail it to you if you can't find it with the information I've provided.

JMI

JMI
August 21st, 2001, 02:34
A quick search finds that the URL for the thread mentioned in my previous post is h**p://208.50.16.104/Ultraboard/Public/HTML/B5/2863.print.html

JMI

xOANINO
August 27th, 2001, 08:56
Hi,
i made the general crack for OfficeXP by patching MSO.DLL. This is the ~5mb file you find around the net. It was released by UCF in the mid of July. Email me (xoanino@hotmail.com) if you want help about cracking it yourself.

Anyway, if you're planning to make a keygen, as far as i remember the relevant key verification algorithm (together with the nasty CRC checks)is decrypted runtime, that's why you can't find anything with IDA. But i could be wrong, i'd have to recheck my IDA db about it.

Btw, if you want to crack Visio, it could be that my MSO.DLL (if visio uses that for Windows Product Activation) works for it too.

Regards,
xOANINO [UCF]

mutantem
August 28th, 2001, 03:40
I have started revesing Product Key, I have been reading licenturion document and I have found at pidgen.dll routines to validate product key, also I have found the "secret" key to validate them using RIPEMD160.

But I have determined exactli the validation method. We can start a discussion/cooperation about it ...

Kythen
August 28th, 2001, 08:04
Just a quick note for you all...

I haven't looked at the protection scheme, so I can't say for sure what that hash algo is. However, more than one algorithm uses those 5 initial values. What you actually have to look for are the other constants used in the different rounds of the algorithm. Those are the only truly unique identifiers of an algorithm. Just as an example, SHA and its descendants use those same seed values. Just by looking at them, you have no way to tell whether you are working with SHA or a modified RIPE-MD as suggested above. Look through the rest of the algorithm to tell, then let us know what you find

Regards,
Kythen

mutantem
August 28th, 2001, 10:16
I have checked them and I'm pretty sure, ofcourse nobody is perfect :-)

decx
August 29th, 2001, 14:40
As you can read in previous posts i posted some code ripped from MS algo, im pretty sure this is either SHA or RipeMD, as the initialization constants are the same, except R4 seems either modded, or i looked at the wrong code when researching it. Looks as its RipeMD-160, and since it does not seem to use any public key technology, but only hashing algorithms it is fully reversable, as there is no need for heavy factorization or bruteforceing. I think its more interesting to check how it determines the OEM keys etc. For there are beta keys, OEM keys etc. supported, some seems to include an expiry date, the rest is just ripping out the code basically, albeit it is rager large

mutantem
August 30th, 2001, 03:06
You are totally right I think it isn't a public key system. I prefer to reverse how to validate keys.

How they determine if it is an OEM key or not is using the 3 digits of the productid.

tsehp
August 30th, 2001, 03:49
I'm ready this very interesting thread as it evolves,
don't want to make some censorship at all and even don't give this place too much importance, but please don't give too much details of what you've found in this public place until the rtm of windows xp, ucf and other groups did some great jobs to provide us some working betas and m$ could change their protection system pretty fast before the final release, so it's maybe better to keep all this private at this time.

regards,

mutantem
August 30th, 2001, 06:06
I'm sorry, I have been reading Fravia since years and I don't want to cause any problem. If some one is interested on continue working e-mail me.

tsehp
August 31st, 2001, 01:25
don't be sorry, you don't have to.
m$ is responsible for the removal of some part of fravia's pages and was the only company that was able to threaten seriously our beloved, solid, isp.
m$ protectionnists would have their job seriously eased if they learn sensible flaws in their protection scheme, on this messageboard.

I'm just sure that they new protection system is again a pure joke, and the result will bring a bunch of malcontent legal customers to the cracked version instead of re-activating their windows on each hd format or each time they change something critical into their pc ;-)

BlackB
August 31st, 2001, 02:26
...if I can add a comment.... I 'd suggest to even PGP encrypt internal emails discussing the protection. I know this sounds pretty paranoid, but you would be amazed how many e-mail providers violate their privacy 'policy'. Also keep in mind that we're 'dealing' with Microsoft, a very big and powerful company that has, if not the biggest influence in the IT software market.
In my opinion it shouldn't be difficult for MS to gather all our emails, contact the mail providers to 'ask' them to send mails discussing the activation code system. Don't forget about the stupid DMCA law either! (speaking of the DMCA: http://www.zdnet.com/zdnn/stories/news/0,4586,5096421,00.html?chkpt=zdhpnews01).
Again, I'm not paranoid, but just be realistic in what is possible in this world (everything as a matter of fact).

greets,

BlackB

Hoof Arted
August 31st, 2001, 03:00
Don't forget about the stupid DMCA law either! (speaking of the DMCA: http://www.zdnet.com/zdnn/stories/news/0,4586,5096421,00.html?chkpt=zdhpnews01).
Again, I'm not paranoid, but just be realistic in what is possible in this world (everything as a matter of fact).

http://uk.eurorights.org/

BlackB
August 31st, 2001, 05:06
found a songlyric on the net ;-)

D.M.C.A.

Young boy, you bin playin' with our toy
I said young boy, you ain't givin' us joy
I said young boy, you stop acting so coy
We all got our own attornies

Young boy, just get down on your knees
I said young boy, better pay us our fees
Buy a license, cause I'm sure you find
It's much better than doing time

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
Cause we copyright music, we copyright text
And we'll copyright oxygen ne-xt

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
We got big shiny lawyers
We like our royalties
We can do whatever we pleease

Young geek, what you saying about me
I said young geek, that's proprietory
I said young geek, take that post off your site
Or you're gonna have a big fight.

So what, if our coding is bad
I said young geek, open source is a fad
And just pay up, or the D.M.C.A.
Will make a big dent in your day.

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
Cause we copyright music, we copyright text
And we'll copyright oxygen ne-xt

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
We got big shiny lawyers
We like our royalties
We can do whatever we pleease

Young geek, we were making the news
We said, we know - love bugs give us the blues
We were trying just to make it all run
When the D.O.J. stopped our fun.

That's when we called our attorney
He said "I know, how to make the law pay
There's a ruling called the D.M.C.A.
And it might just be jackpot day"

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
Cause we copyright music, we copyright text
And we'll copyright oxygen ne-xt

D.M.C.A

Let's go and play with the D.M.C.A.
We'll make you pay with the D.M.C.A.
Young boy, young boy, cause we've got legal aces
Young boy, young boy, cause we'll win any cases

D.M.C.A.
just bow down the the D.M.C.A.
Young geek, young geek, this is our finest hour
Young geek, young geek, cause we got total power.

D.M.C.A.
D.M.C.A.
D.M.C.A.