pknight

September 20th, 2002, 06:16

hi, i can't upload target specific code (despite the fact that there is ~no way to identify the target from this code).. if someone wants my commented asm key validation routine, pm me..

so, now for the problem ..

my main question is: how do all the prostar reversers approach this situation because i'm stuck? also, is there a common name for this key validation technique (i.e. one better than "xor protection"?

problem:

key is of form:

XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

^^^^^set #1

it is validated by a routine that does the following:

groupY = f( 5 hex characters in set Y )

groupY is 3 bytes

block = byte1, byte2, byte3, ... byte15

= group1, group2, ... group5

var_1D = byte1 ^ byte2 ^ byte3 ^ ... ^ byte14

if( byte15 == var_1D )

GOOD

else

BAD

-> need to find combination of byte1 .. byte15 that work

-> under constraint that set #i passes critera in subroutine.

-> ~500,000 possibilities for each set #i

i first tried the easy approach: set #1 == set #2 == .. == set #4

then byte13 ^ byte14 = byte15 would give you an answer

unfortunately, this case doesn't work with any valid sets

i wrote a brute forcer to get all valid sets.. i wrote one too to try with set #1 == set #2 and solve the rest.. it's still pretty ridiculous and i don't expect a solution from it

-pknight

so, now for the problem ..

my main question is: how do all the prostar reversers approach this situation because i'm stuck? also, is there a common name for this key validation technique (i.e. one better than "xor protection"?

problem:

key is of form:

XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

^^^^^set #1

it is validated by a routine that does the following:

groupY = f( 5 hex characters in set Y )

groupY is 3 bytes

block = byte1, byte2, byte3, ... byte15

= group1, group2, ... group5

var_1D = byte1 ^ byte2 ^ byte3 ^ ... ^ byte14

if( byte15 == var_1D )

GOOD

else

BAD

-> need to find combination of byte1 .. byte15 that work

-> under constraint that set #i passes critera in subroutine.

-> ~500,000 possibilities for each set #i

i first tried the easy approach: set #1 == set #2 == .. == set #4

then byte13 ^ byte14 = byte15 would give you an answer

unfortunately, this case doesn't work with any valid sets

i wrote a brute forcer to get all valid sets.. i wrote one too to try with set #1 == set #2 and solve the rest.. it's still pretty ridiculous and i don't expect a solution from it

-pknight