View Full Version : Analysis of ASProtect Keygeneration scheme

March 13th, 2002, 13:54
Hi Folks:

I present below some of my analysis of the ASProtect's keygeneration scheme. I may be entirely off but like I said it is just my analysis that I wanted to share with fellow RCEs...

Okey. I recently acquired a ASProtect Key

Just by looking at it one can see that it is Base64 encoded. So, let's decode...

Decoding gives us 129 bytes of data..

hmmm.... this reminds me of ....... yes "PK Signatures"

In PK cryptography, you can sign arbitrary amounts of data and some algorithms generate 128 bytes of output signature.... (sometimes it is 128-bits also....)

So, my analysis is this is what probably Alexey does in his labs

(A) Get the userinformation (like name, email)
(B) Frame a string and end it will null (explains the last 129th byte)
(C) Uses his "Private key" to sign the data and
(D) Base 64 encode this

Distribute this as key...

On the application side, each app has the public key! So decrypt, check few bytes in the header to see if decryption is sucessful. If yes, say registered else run as unregistered app.

What do you guys think?

-- FoxThree

March 13th, 2002, 16:08
I haven't looked at it, so I can't say. MD5 has 128-bit output, so he may hash the information before signing it. Most PK stuff will use at least 512 bits, because 128-bit numbers are almost trivial to factor.

Modular exponentiation happens in a loop over the exponent bits where you'll have a squaring and a conditional multiply (if the exponent bit is one) followed by a modular reduction. Chances are he'll use some kind of bignum code if he's doing PK stuff. Have you seen any code similar to that?

March 13th, 2002, 17:59
According to Asprotect v1.1 keygen info,
Protection =RipeMD 160 , MD5, RSA-1024 and offcourse base64 encoding

March 13th, 2002, 18:33

Yeah, that makes sense: 128 bytes = 1024 bits

Is the decryption key checksummed? If not, then you can replace it with your own.