PDA

View Full Version : Searching RSA Protected Programs


€clips€
June 2nd, 2002, 17:42
I'm trying to learn how to keygen a program with RSA keygeneration routines but I need some programs to start with.
Please let me know if you find any protected program.

I also have another question, I've been taking a look on DAMN's site and on Crypto list section I saw that a lot of programs that used RSA-1024 were solved because of the weak RNG, and here comes my lame question, what does "weak RNG" means?

That's all for now, thank you in advace and excuse me for my terrible english.

foxthree
June 2nd, 2002, 18:14
Hi Eclipse:

A lot of apps now-a-days feature strong crypto (Blowfish, Twofish, RSA, ECC) to make keygenning impossible. Hmm makes me sad

For targets, you can try almost any ASPR*** apps. They all use RIPEMD-160, MD5, and RSA-1024. Living hell trying to keygen these But hey, that's me... give it a shot and see what you can come up with...

Also, "weak RNG" == Weak Random Number Generators. Many crypto were broken based on weak RNGs. Ask Mike about it and he'll give you stories ...

Signed,
-- FoxThree

mike
June 3rd, 2002, 00:19
Hi foxthree! I'll bite

Eclipse, see the winzip thread from a little while ago for an example of how I broke winzip thru the weak RNG. David Wagner broke Netscape's SSL implementation because they used the same weak RNG.

AdamA
June 3rd, 2002, 12:28
Hi,

Stock Price Monitor v1.1(h**p://www.tongsoft.com/down.htm):
Prot: RSA-192

GetDataBack for FAT v2.00(h**p://www.runtime.org):
Prot: RSA-65

happy factoring
AdamA

€clips€
June 4th, 2002, 18:35
Many thanks to all of you who have answered my lame questions, I'll give a try to the programs that AdamA have said,
I hope I'll be able to do my first approach, even if dont find P and Q, it will help me analizing the diferent parts af the algorithm.
Again, Thanks.

Lbolt99
July 30th, 2002, 02:23
Quote:
Originally posted by foxthree
For targets, you can try almost any ASPR*** apps. They all use RIPEMD-160, MD5, and RSA-1024. Living hell trying to keygen these But hey, that's me... give it a shot and see what you can come up with...


I have yet to see any Asprotect 1.2+ things keygenned At least not since the Weak RNG leak was fixed. I think the keyspace is too big and now that it's properly implemented in Asprotect, keygenning is pretty much out of luck for that..

Of course, one can always hope that the author will choose to continue using their own scheme instead of the aspr internal one.

Maybe some one with the RSA cracker machine will target aspr stuff for fun one day

foxthree
July 30th, 2002, 07:19
Hi LBolt:

I too was working on approaching the ASPR keygenning stuff and do have a couple of ideas of my own. But, I'm still yet to get this ideas vetted from "Master Crackers" -- guess they're all busy. Anyways, if you're interested in keygenning ASPR targets, we can discuss via PM and once we're fairly sure that the idea is okay, we can involve some heavy weights too

Signed,
-- FoxThree

Lbolt99
August 3rd, 2002, 06:32
Hi, I'd be interesting in discussing ASPR keygenning. Probably not for a couple of weeks though. Real life is cropping up, not much time for reversing right now Plus I want to get a little better versed at RSA which I'm working on studying in the meantime. In an effort to help understand, I'm going to try and duplicate DAMN's efforts on GetDataBack, which based on what I've read, is an easy factoring problem (RSA-65). Also need to read up on that RipeMD-160 thing. Never really looked at that.

I also have plans to look at the Armadillo keygen scheme but that might be put on the backburner. I downloaded the eval of 2.6 from their site. I see that they've added a feature for signed keys. Don't know what they're using though, haven't had a chance to examine it. The part where they ask the user to make a "security certificate" is interesting. Basically you're supposed to come up with a p/w, whatever you want, and Armadillo uses that to sign the key. Just based on speculation I think it hashes your input to get it to a certain size, then does something else from that point.

BTW legacy arm. uses a 64 bit hex reg key, the same as in CacheX which we tore apart on the "SHA-1 and BF examination on CacheX thread" In fact, CacheX uses a totally custom version of armadillo, integrated into the program.

New armadillo has options for signed keys, 14 bytes thru 40 bytes IIRC. Designed cause the old version was keygennable too easily with a valid license (secret blowfish key)

take care