foxthree

March 13th, 2002, 13:54

Hi Folks:

I present below some of my analysis of the ASProtect's keygeneration scheme. I may be entirely off but like I said it is just my analysis that I wanted to share with fellow RCEs...

Okey. I recently acquired a ASProtect Key

Just by looking at it one can see that it is Base64 encoded. So, let's decode...

Decoding gives us 129 bytes of data..

hmmm.... this reminds me of ....... yes "PK Signatures"

In PK cryptography, you can sign arbitrary amounts of data and some algorithms generate 128 bytes of output signature.... (sometimes it is 128-bits also....)

So, my analysis is this is what probably Alexey does in his labs

(A) Get the userinformation (like name, email)

(B) Frame a string and end it will null (explains the last 129th byte)

(C) Uses his "Private key" to sign the data and

(D) Base 64 encode this

Distribute this as key...

On the application side, each app has the public key! So decrypt, check few bytes in the header to see if decryption is sucessful. If yes, say registered else run as unregistered app.

What do you guys think?

Signed,

-- FoxThree

I present below some of my analysis of the ASProtect's keygeneration scheme. I may be entirely off but like I said it is just my analysis that I wanted to share with fellow RCEs...

Okey. I recently acquired a ASProtect Key

Just by looking at it one can see that it is Base64 encoded. So, let's decode...

Decoding gives us 129 bytes of data..

hmmm.... this reminds me of ....... yes "PK Signatures"

In PK cryptography, you can sign arbitrary amounts of data and some algorithms generate 128 bytes of output signature.... (sometimes it is 128-bits also....)

So, my analysis is this is what probably Alexey does in his labs

(A) Get the userinformation (like name, email)

(B) Frame a string and end it will null (explains the last 129th byte)

(C) Uses his "Private key" to sign the data and

(D) Base 64 encode this

Distribute this as key...

On the application side, each app has the public key! So decrypt, check few bytes in the header to see if decryption is sucessful. If yes, say registered else run as unregistered app.

What do you guys think?

Signed,

-- FoxThree