PDA

View Full Version : Easy RSA

mrcrackbrain
February 20th, 2002, 16:01
I'm just trying to learn all this cryptography stuff and wondered if you great cryptogurus here could give me url's for few easy crypto-protected programs what i could crack. Hope there are some
RSA would be maybe the easiest for cryptonewbie like me, as i havent got a grip of other's yet

Thanks!

DakienDX
February 20th, 2002, 17:30
Hello mrcrackbrain !

Of course there are many RSA targets available, but is it so interesting doing such stuff?

Let's say you've a 128-bit RSA key. What do you do with it? Well, you bruteforce it. It take less than a second. Learning effect? None. Go to bed.
Let's say you've a 256-bit RSA key. What do you do with it? Well, you bruteforce it. It takes 10 hours in which you can do nothing with your computer. Learning effect? None. Many useless hours in front of your TV.
Let's say you've a 512-bit RSA key. What do you do with it? Well, you bruteforce it. You write a letter which should be delivered to your affinity in 1000 years saying they should insert the RSA key into a keygen. Learning effect? None. Your affinity is happy to have a keygen for a 1000 year old program.
Did you ever think that most RSA programs in the last year were protected by RSA-1024? And that there where no programs using RSA before 9/20/00, when the RSA patent from 9/20/83 expired?

RSA was a cool thing to play with when it was new, but now it's impossible to crack it in a reasonable time if the author knows how to use it.

Kythen
February 20th, 2002, 18:05
Ummm.... I would have to disagree with you there DaikenDX, on both accounts. Learning to do cryptography isn't just about bruteforcing some RSA key. You have to learn how to reverse engineer large integer packages and you learn a lot of very worthwhile mathematics. Also, breaking large key size RSA is by no means impossible, unless as you said the author knows what he/she is doing. You just have to take different approaches to solving the problem

Now in answer to your question mrcrackbrain, I don't know of any commercial targets you could play with offhand that have small key RSA. You may want to try newer versions of targets used in past crypto essays. If you look in the Mini-Project section there was a 5 level crackme that a number of people were working on. Level 4 of that crackme is RSA-128.

Good luck and if you have any questions/problems let us know!
Kythen

mike
February 20th, 2002, 19:22
There are a few things you can do with rsa. One is decrypt the serial to a known string. You can either change the known string or the key used to decrypt it, but keygenning is out unless the key is very small. Checksumming is a popular defense against changing either of those.

Another is decrypt code or flags or internal variables or so forth with a user-provided key. Once a key is known, however, it can be shared, so it doesn't do much to prevent piracy.

If the random number generator used to pick the keys is bad (a la C's rand() function) then you can sometimes bruteforce the RNG instead of the key. rand() has at most 31 bits, but usually has around 20 because of the popular srand(time(NULL)) initialization.

stealthFIGHTER
February 20th, 2002, 20:09
Quote:
 If you look in the Mini-Project section there was a 5 level crackme that a number of people were working on. Level 4 of that crackme is RSA-128.

/me lame - can't find it

February 21st, 2002, 10:39
Hi,

Geeworks TrialMaster 2.5 Standard Edition: RSA-77

happy reversing

mrcrackbrain
February 23rd, 2002, 06:32
Thank you very much all of you for your help and advices
I hope i'll keygen my first RSA soon

stealthFIGHTER
February 23rd, 2002, 10:45
Quote:

Hello,

I have a q.: How do you know it uses RSA-77?

Thank you,
sF

ThrawN
February 23rd, 2002, 10:56
Its non standard i believe
requires some altering of the library right??
Im no expert on non standard crap tho so im most likly wrong hehe

February 23rd, 2002, 13:43
Quote:
 Originally posted by stealthFIGHTER Hello, I have a q.: How do you know it uses RSA-77? Thank you, sF

Hi,

after ~2 hours of reversing I found the following scheme:

md5=MD5(name+email+2nd part of Prod. ID)
chksum(md5)=md5[0]+...+md5[15]
serial=chksum^d mod n (serial is Base36)

E,N (RSA Parameter) are also stored in Base36.
Im sure you will find it.

happy reversing,