tE!

November 3rd, 2001, 09:45

Hi there.

As you might have noticed one of the prime factors of N

is 3 and as you know the size of P and Q should normally not differ too much. All I wanted to say with posting that example

is that it depends also a lot on carefully chosen parameters for

the RSA system (goatass already said it might be useful to

search for weak points in the implementation). The N I posted will be factored in no noticable amount of time by every lame

factoring program which starts with trial division by small primes.

---

Recca/DAMN could break the RSA-1024 system in older versions

of Asprotect, because he discovered a weakness in Asprotect's

primenumber generator. Alexey used a .dll (which has been

stored inside the asprotect.exe as compressed resource) to

generate both primenumbers P and Q. To manage this he used

some shitty pseudo random number generator (PRNG) routine to generate

512 bits of 'random' data for each number, P and Q. Then he tested if those numbers are prime. If not -> increase number

and test again. <- Loop. The prng he used was similar to the C rand() function. But it comes even worse. As SEED value for this

crap generator he used a 32(!) Bit value which was some mixture

of ThreadID XOR some Timestamp if I remember right

Well, everyone can see now how it was possible to break this

lame crap. There was no need to factor the public modulus N.

All efforts could be reduced to a complexity of max. 2^32

bruteforce attempts using the ripped prime number generator

from Alexey and perform one trial modulus operation for each

seed value, thus each generated primenumber. Basically:

1) seed=-1;

2) seed++;

2) Prime=GeneratePrimeUsingAlexeysShit(seed);

3) remainder=N%Prime

4) If (remainder==0) -> P=Prime, Q=N

5) Else goto 2

Infact the complexity wasn't even 2^32 (means you would

not start with seed=0) because of the timestamp he used in the

seed. TMG released keygens for asprotected programs, too and

we measured on my Athlon 800 that it was possible to factor

*every* asprotect key in max. 12h. We could find parameters

P&Q for some programs in less than 20 minutes even. Not bad

for such super-secure program like asprotect

Sidenote: As many other routines in Asprotect (compression, polyengine...) the .dll Alexey used hasn't been coded by himself, as usual...Well, at least he's good in 'borrowing' other peoples

code.

Another leeto who fucked up his RSA-512 'protection' in his

ugly Asprotect clone was/is Bruno Branciforti in his

License Control v1.01 application. I'm not gonna post here

what he did wrong, because we released a keygen for this

program and good old Bruno already tried to bother us on

IRC for info how we made that (the moron came into our

chan using a fake nick and introduced himself as cracker - lol).

Oke, hope someone finds this posting useful.

Regards,

tE![TMG]