PDA

View Full Version : Encryption used in CRT


Kilby
June 12th, 2002, 16:28
Gentlemen & others,

In the absence of damn website to ask questions on, I thought this would be the most appropiate pace to ask this question in.

I use CRT from Van Dyke Technologies , and even have a site licence for it, however I am interested in how their keys work.

I understand from Ivanopulos .nfo files that they use 64bit ElGamal & modified RIPEMD-160.

Has anybody here done any research on how these are use together within CRT (and their other products).

As I know next to nothing about crypto (except a lot of what NOT to do when implementing it) if anybody could give me a helping hand up the learning curve it would be greatly appreciated

Regards,

Kilby...

Lbolt99
June 12th, 2002, 21:26
Do a search on here for 'securecrt', some good messages from goatass will come up.

I went through the same crash course in crypto about three weeks ago, analyzing the scheme used in CacheX and comparing it to the Keygen by Eclipse for the Opera version.

I learned a great deal from the documents I found on the web for SHA-1 and Blowfish. I recommend seaching the web for the specifications on the encryption you are reseaching. Makes things easier.

After I read and understood the documents, it was easy to see what the routines in CacheX were doing. Also how the keygen worked.

Still no go on CacheX, by the way. Artifex - any luck with that "fake S/N" you came by when running in trial mode? Have been meaning to look at this, but haven't had time.

mike
June 13th, 2002, 00:27
Quote:
I understand from Ivanopulos .nfo files that they use 64bit ElGamal & modified RIPEMD-160.

64 bit ElGamal? More likely 64-byte, or 512-bit.

Kilby
June 13th, 2002, 11:25
Mike,

I thought the same thing, but thats a cut & paste from the damn.nfo file, and I don't know enough about crypto systems to disagree with Ivanopulo.

Thanks for the tip on securecrt, as I did a search on van dyke and nothing turned up, and I could have sworn that Ivanopulo had posted somthing a while back (but that didn't turn up either).

I had a quick look in a damn keygen for absoluteftp and found what look like large numbers embedded in the code.

Though the relationship between the license key and the serial number is interesting enough to watch in the damn keygen.

Looking at CRT the protection appears to be in License30.dll.

It looks like an relatively easy patch job to remove the license requirement, this is not the object of the exercise.

I actually want to learn something about crypto systems, though a simpler target may have been a better choice.

Regards,

Kilby...

Artifex
June 13th, 2002, 12:29
Hi, Lbolt99.

>Artifex - any luck with that "fake S/N" you came by when >running in trial mode? Have been meaning to look at this, but >haven't had time.

No result for now. I think that when you have time you will use this clue much better than I can do.

Artifex

MarcElBichon
June 13th, 2002, 12:40
Some parts of DAMN site still work. Look at http://www.damn.to/crypto_list.html and you probably found an answer

Mike

Kilby
June 13th, 2002, 16:12
Yeah I have had a look aroud the remanants of damns site previously, but not much information on the bits I require.

I confirmed that all the serial number stuff is in the Licensexx.dll.
It's a pity that tey seem to use an interesting key routine, yet their .exe files are easily patched (4 bytes).

I think the best thing I can do is try and find if anybody has a backup of !tEs site, as he had some securecrt information there.

Infact if anybody has an archive of the site, I may be able to get it hosted <HINT HINT>, as it was always a great resource.

I noticed some values which look like keys in the unpacked Damn keygen for AbsoluteFTP, so if I can get an earlier damn keygen for the same product, I should be able to see which keys change between versions of Vandyke Products.

BTW AbsoluteFTP2.0 uses License31.dll, but still requires the same minimal patching to remove nags and time limits.

Kilby...

goatass
June 16th, 2002, 22:05
Killby, I just finished keygening tE!'s Keygenme #3 which uses Elgamal and RipeMD, I'm writing up the tutorial as I write this. I'll be including all my sources so you could use them as refrences if you like.
they are to solve the DLP and have the Elgamal implementation (in C++).

goatass

Kilby
June 17th, 2002, 09:43
Goatass,

That would be greatly appreciated.

Hmmm, this is the 1st time I have called anybody goatass, without being displeased with them

Regards,

Kilby...

Kilby
June 25th, 2002, 15:23
I had a short chat with a couple of guys (I assume) from tmg, and they where saying that the keygen method has changed in recent vandyke targets.

I think ECC 1024 (or 512 I can't remember) & blowfish are the current method used.

I will check this out in the next few days for accuracy, once I clear my current project up a bit and then report back.

Regards,

Kilby...

Lbolt99
June 26th, 2002, 01:48
Sounds interesting, wonder if their stuff is still able to be keygenned.. beginning to see more and more stuff impossible to keygen, unfortunately. Of course the hard patch on Van Dyke's stuff easy enough.. can't beat keygenning

Wonder what's up with the guys in DAMN.. the website is still "working", it's not "down".. kinda strange
Quote:
Originally posted by Kilby
I had a short chat with a couple of guys (I assume) from tmg, and they where saying that the keygen method has changed in recent vandyke targets.

I think ECC 1024 (or 512 I can't remember) & blowfish are the current method used.

I will check this out in the next few days for accuracy, once I clear my current project up a bit and then report back.

Regards,

Kilby...

Lbolt99
July 25th, 2002, 16:38
I took a look at SecureCRT 4.0 beta 2, it looks like they send you a different license key, so you're probably right as far as the crypto
changing. Have you had a chance to take a look at it yet?

Just tried the DAMN 3.4.1 keygen, doesn't work on 4.0

Kilby
July 25th, 2002, 17:17
I ain't had a chance to look at CRT & friends for a while, as real life has once again hit me with a vengance.

However this is what I know.

Every time they go up a full version (rather than a point release), they always changed their keygen, this appears to have been done via the seed values NOT the algo.

I had a look at the internals of the registration .dll (I think it was) and found what I believe to be the seed values.

I then had a look at the values within !tE's and Damns keygens and found their values.

Damn Securecrt 3.3
9E9350F141FFAC5
95CC918618D6ED4
12982884101B67F
7E61ED4B9ACFD2E

Damn Secure CRT 3.3.3
9E9350F141FFAC5
95CC918618D6ED4
12982884101B67F
7E61ED4B9ACFD2E

Damn SecureCRT 3.2.1
9E9350F141FFAC5
95CC918618D6ED4
12982884101B67F
7E61ED4B9ACFD2E

As you can see the values used did not change, therefore this seems to back up only a full version change causes a change in the registration data.


!te/TMG only apperaed to use 3 large numbers in their keygen

I believe up to last month that the keygen algo had not changed, but but can't speak for 4.0 ATM

Hope this helps a bit,

Kilby...

Kilby
July 25th, 2002, 17:21
BTW from what I heard, Damns website supplier landed himself in a coma through drinking some kind of bootleg alcohol.

I dunno how true it is but thats what I was told.

If anybody can correct me then please enlighten us as it was one of the best sites for useful info.

Kilby...