Results 1 to 6 of 6

Thread: a guiding light on a protection routine....

  1. #1
    sadsack
    Guest

    a guiding light on a protection routine....

    Hi all,

    Total noob to all this but now I have to admit defeat after weeks of trying to diy.

    I have a prog that is 30 days limit, has a .key as well,

    Using Olly I found various routines that went to the 30 day limit, plus the reg is invalid and fully regs codes.

    I can easily get the prog to say fully regged, but obviously its not, after setting a few bp's I finally managed to trace the code and fill with NOP's and just when I thought I finally managed to bypass the serial check, I was left with a "Failed to write key" error.

    I just cant seem to leave it alone now, it's not as if the prog is even required, I came across it while searching for something totally different, and after unpacking it, it has just got my curiosity.

    Dog with a bone springs to mind.

    Am I allowed to say what the prog is that I am working on? so that some kindly person can show me where I am going wrong, personally I think it has some very good protection, although the prog itself is not protected with anything such as arma or aspro.

    much appreciated for any replies...

    sadsack
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    First off, NO, you aren't allowed to name the app.

    Now, if I were in your shoes, my first step from here would be to run one of the Crypto Analyzers on the executable, and see if it finds anything. It might turn out that the .key file is just some run of the mill data hashed with MD5, or something simple like that. If so, you can write a simple external MD5 decrypter app without much hassle, and see what's in there.

    As for the protection itself, it sounds like it might be reading the data into a buffer, and setting a flag somewhere if it matches. This flag probably defaults to "Not Registered", and relies on the key being correct to set it to another state.

  3. #3
    sadsack
    Guest
    Thanks for the reply FrankRizzo,

    Well the latest edition of Exeinfo - 27 01 2011 598 signs gave me this:

    Microsoft Visual C++ ver. 8.0 / Visual Studio 2005 - no MSCab
    Not packed , try disassemble OllyDbg ( www.ollydbg.de ) or WD32dsm89.exe ( www.exetools.com/disassemblers.htm )


    Die 0.64 gave me this:

    Microsoft Visual C++ [ver: x.x} C/C++
    Heuristic - Nothing Found

    PEID gave me - Nothing found *
    Entropy 6.30 [not packed]
    EP check not packed
    Fast Check not packed

    and the latest ed of ProtectionID gave me this:

    File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 12394496 (0BD2000h) Byte(s)
    [File Heuristics] -> Flag : 00000000000000001000000000000000 (0x00008000)
    [!] Possible CD/DVD-Key or Serial Check -> registration code
    [!] File appears to have no protection or is using an unknown protection
    - Scan Took : 2.484 Second(s)

    Hope this helps,

    sadsack
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    OK, using PEiD, give it a run through the Krypto ANALyzer, and see what it has to say.

    -> Plugins -> Krypto ANALyzer.

  5. #5
    sadsack
    Guest
    Hi FrankRizzo....

    This is what I got from Krypto..

    BASE64 table :: 00187ED8 :: 00587ED8
    The reference is above.
    CRC32 :: 00142950 :: 00542950
    Referenced at 004CF5D6
    Referenced at 004CF5EB
    Referenced at 004CF604
    Referenced at 004CF61D
    Referenced at 004CF636
    Referenced at 004CF64F
    Referenced at 004CF668
    Referenced at 004CF681
    Referenced at 004CF6B0
    CryptGenRandom [Name] :: 001555B0 :: 005555B0
    Referenced at 00501638
    ECC: B-163 (NIST), point order :: 00151978 :: 00551978
    Referenced at 00554144
    ECC: B-233 (NIST), point order :: 00151474 :: 00551474
    Referenced at 00554230
    ECC: B-283 (NIST), point order :: 00151058 :: 00551058
    Referenced at 005542C8
    ECC: B-409 (NIST), point order :: 00150C40 :: 00550C40
    Referenced at 00554334
    ECC: B-571 (NIST), point order :: 001506C8 :: 005506C8
    Referenced at 005543A0
    ECC: c2pnb163v1 (X 9.62), point order :: 001505C0 :: 005505C0
    Referenced at 005543E0
    ECC: c2pnb163v2 (X 9.62), point order :: 001504BC :: 005504BC
    Referenced at 00554420
    ECC: c2pnb163v3 (X 9.62), point order :: 001503E0 :: 005503E0
    Referenced at 00554460
    ECC: c2pnb208w1 (X 9.62), point order :: 0014FDE2 :: 0054FDE2
    The reference is above.
    ECC: c2pnb272w1 (X 9.62), point order :: 0014F7E2 :: 0054F7E2
    The reference is above.
    ECC: c2pnb368w1 (X 9.62), point order :: 0014F10A :: 0054F10A
    The reference is above.
    ECC: c2tnb191v1 (X 9.62), point order :: 00150160 :: 00550160
    Referenced at 005544CC
    ECC: c2tnb191v2 (X 9.62), point order :: 00150034 :: 00550034
    Referenced at 0055450C
    Referenced at 005FCB44
    Referenced at 006646B8
    Referenced at 006AF02E
    Referenced at 0082A82C
    Referenced at 008A5C08
    Referenced at 009D7EC0
    Referenced at 009ECF6A
    Referenced at 00A335C2
    Referenced at 00AA6784
    ECC: c2tnb191v3 (X 9.62), point order :: 0014FF30 :: 0054FF30
    Referenced at 0055454C
    Referenced at 0090A664
    ECC: c2tnb239v1 (X 9.62), point order :: 0014FC38 :: 0054FC38
    Referenced at 005545B8
    ECC: c2tnb239v2 (X 9.62), point order :: 0014FAD0 :: 0054FAD0
    Referenced at 005545F8
    ECC: c2tnb239v3 (X 9.62), point order :: 0014F990 :: 0054F990
    Referenced at 00554638
    ECC: c2tnb359v1 (X 9.62), point order :: 0014F370 :: 0054F370
    Referenced at 005546D0
    ECC: c2tnb431r1 (X 9.62), point order :: 0014EE40 :: 0054EE40
    Referenced at 00554728
    ECC: K-163 (NIST), point order :: 00151B60 :: 00551B60
    Referenced at 005540C4
    ECC: K-233 (NIST), point order :: 001515EA :: 005515EA
    The reference is above.
    ECC: K-283 (NIST), point order :: 00151210 :: 00551210
    Referenced at 00554288
    ECC: K-409 (NIST), point order :: 00150E9A :: 00550E9A
    The reference is above.
    ECC: K-571 (NIST), point order :: 001509E8 :: 005509E8
    Referenced at 00554360
    ECC: P-192 (NIST), prime order :: 0015393C :: 0055393C
    Referenced at 00553AA4
    ECC: P-192 v2 (X 9.62), base point x-coord :: 0015311C :: 0055311C
    Referenced at 00553B9C
    ECC: P-192 v3 (X 9.62), prime order :: 00152FBC :: 00552FBC
    Referenced at 00553BE4
    ECC: P-224 (NIST), prime order :: 001537A0 :: 005537A0
    Referenced at 00553AE4
    Referenced at 00553F98
    ECC: P-239 v1 (X 9.62), prime order :: 00152E3C :: 00552E3C
    Referenced at 00553C24
    ECC: P-239 v2 (X 9.62), prime order :: 00152D14 :: 00552D14
    Referenced at 00553C64
    ECC: P-239 v3 (X 9.62), prime order :: 00152C14 :: 00552C14
    Referenced at 00553CA4
    ECC: P-256 (NIST), prime order :: 00152A68 :: 00552A68
    Referenced at 00553CE4
    ECC: P-384 (NIST), prime order :: 00153508 :: 00553508
    Referenced at 00553B24
    ECC: P-521 (NIST), prime order :: 001531B0 :: 005531B0
    Referenced at 00553B64
    ECC: secp112r1 (SEC2), prime order :: 0015297C :: 0055297C
    Referenced at 00553D24
    ECC: secp112r2 (SEC2), prime order :: 001528B0 :: 005528B0
    Referenced at 00553D64
    ECC: secp128r1 (SEC2), prime order :: 001527B0 :: 005527B0
    Referenced at 00553DA4
    ECC: secp128r2 (SEC2), prime order :: 001526D4 :: 005526D4
    Referenced at 00553DE4
    ECC: secp160k1 (SEC2), prime order :: 00152620 :: 00552620
    Referenced at 00553E10
    ECC: secp160r1 (SEC2), prime order :: 001524F0 :: 005524F0
    Referenced at 00553E50
    ECC: secp160r2 (SEC2), prime order :: 00152414 :: 00552414
    Referenced at 00553E90
    ECC: secp192k1 (SEC2), prime order :: 00152318 :: 00552318
    Referenced at 00553EBC
    ECC: secp224k1 (SEC2), prime order :: 001521FC :: 005521FC
    Referenced at 00553EE8
    ECC: secp256k1 (SEC2), prime order :: 001520B8 :: 005520B8
    Referenced at 00553F14
    ECC: sect113r1 (SEC2), point order :: 00151EB8 :: 00551EB8
    Referenced at 00553FD8
    ECC: sect113r2 (SEC2), point order :: 00151DF0 :: 00551DF0
    Referenced at 00554018
    ECC: sect131r1 (SEC2), point order :: 00151D18 :: 00551D18
    Referenced at 00554058
    ECC: sect131r2 (SEC2), point order :: 00151C38 :: 00551C38
    Referenced at 00554098
    ECC: sect163r1 (SEC2), point order :: 00151A50 :: 00551A50
    Referenced at 00554104
    ECC: sect193r1 (SEC2), point order :: 00151814 :: 00551814
    Referenced at 00554184
    ECC: sect193r2 (SEC2), point order :: 001516E8 :: 005516E8
    Referenced at 005541C4
    ECC: sect239k1 (SEC2), point order :: 00151374 :: 00551374
    Referenced at 0055425C
    FORK-256 [mixing] :: 001073F9 :: 005073F9
    The reference is above.
    FORK-256 [mixing] :: 00107B87 :: 00507B87
    The reference is above.
    List of primes [long] :: 001564A8 :: 005564A8
    The reference is above.
    MD5 :: 00119248 :: 00519248
    The reference is above.
    RIJNDAEL [T1] :: 001472A8 :: 005472A8
    Referenced at 004E7ABE
    Referenced at 004E7AF4
    Referenced at 004E7B3A
    Referenced at 004E7B74
    Referenced at 004E7BDC
    Referenced at 004E7C15
    Referenced at 004E7C59
    Referenced at 004E7CAA
    Referenced at 004E7CE4
    Referenced at 004E7D1E
    Referenced at 004E7D64
    Referenced at 004E7D8E
    SHA1 [Compress] :: 0011B5D6 :: 0051B5D6
    The reference is above.
    SHA-224 [Init] :: 00107298 :: 00507298
    The reference is above.
    SHA-256 [mixing] :: 00155FA8 :: 00555FA8
    The reference is above.
    SHA-384 [Init] :: 00109258 :: 00509258
    The reference is above.
    SHA-512 [init] :: 001092F8 :: 005092F8
    The reference is above.
    {Big number} :: 0014EC44 :: 0054EC44
    Referenced at 005547AC
    {Big number} :: 0014ED2C :: 0054ED2C
    Referenced at 00554780
    {Big number} :: 0014EDD8 :: 0054EDD8
    Referenced at 00554750
    {Big number} :: 0014EDF8 :: 0054EDF8
    Referenced at 0055474C
    {Big number} :: 0014EEB0 :: 0054EEB0
    Referenced at 00554724
    {Big number} :: 0014F168 :: 0054F168
    Referenced at 005546F8
    {Big number} :: 0014F3D0 :: 0054F3D0
    Referenced at 005546CC
    {Big number} :: 0014F5D8 :: 0054F5D8
    Referenced at 00554690
    {Big number} :: 0014F628 :: 0054F628
    Referenced at 0055468C
    {Big number} :: 0014F678 :: 0054F678
    Referenced at 00554688
    {Big number} :: 0014F6C8 :: 0054F6C8
    Referenced at 00554684
    {Big number} :: 0014F718 :: 0054F718
    Referenced at 00554680
    {Big number} :: 0014F828 :: 0054F828
    Referenced at 00554660
    {Big number} :: 0014F9D0 :: 0054F9D0
    Referenced at 00554634
    {Big number} :: 0014FB10 :: 0054FB10
    Referenced at 005545F4
    Referenced at 009001F2
    {Big number} :: 0014FC78 :: 0054FC78
    Referenced at 005545B4
    {Big number} :: 0014FE18 :: 0054FE18
    Referenced at 00554574
    {Big number} :: 0014FF64 :: 0054FF64
    Referenced at 00554548
    {Big number} :: 00150068 :: 00550068
    Referenced at 00554508
    Referenced at 00618EEE
    Referenced at 00633EB6
    Referenced at 006D298C
    Referenced at 007D3874
    Referenced at 0080D3A6
    Referenced at 0095DD80
    Referenced at 009BD086
    {Big number} :: 00150194 :: 00550194
    Referenced at 005544C8
    {Big number} :: 001502C0 :: 005502C0
    Referenced at 0055448C
    {Big number} :: 001502F0 :: 005502F0
    Referenced at 00554488
    Referenced at 0071CD42
    {Big number} :: 00150320 :: 00550320
    Referenced at 00554484
    {Big number} :: 00150350 :: 00550350
    Referenced at 00554480
    {Big number} :: 00150380 :: 00550380
    Referenced at 0055447C
    {Big number} :: 0015040C :: 0055040C
    Referenced at 0055445C
    {Big number} :: 001504E8 :: 005504E8
    Referenced at 0055441C
    {Big number} :: 001505EC :: 005505EC
    Referenced at 005543DC
    {Big number} :: 00151FC8 :: 00551FC8
    Referenced at 00553F6C
    {Big number} :: 00152C54 :: 00552C54
    Referenced at 00553CA0
    {Big number} :: 00152D54 :: 00552D54
    Referenced at 00553C60
    {Big number} :: 00152E7C :: 00552E7C
    Referenced at 00553C20
    {Big number} :: 00152FF0 :: 00552FF0
    Referenced at 00553BE0
    {Big number} :: 001530B4 :: 005530B4
    Referenced at 00553BA4
    {Big number} :: 001530E8 :: 005530E8
    Referenced at 00553BA0

    ----------------------------------------------------------------------------------
    #include <idc.idc>

    static main(void)
    {

    auto slotidx;
    slotidx = 1;

    MarkPosition(0x00587ED8, 0, 0, 0, slotidx + 0, "BASE64 table");
    MakeComm(PrevNotTail(0x00587ED9), "BASE64 table\nBASE64 encoding (used e.g. in e-mails - MIME)");
    MarkPosition(0x00542950, 0, 0, 0, slotidx + 1, "CRC32");
    MakeComm(PrevNotTail(0x00542951), "CRC32\nCRC32 precomputed table for byte transform");
    MarkPosition(0x005555B0, 0, 0, 0, slotidx + 2, "CryptGenRandom [Name]");
    MakeComm(PrevNotTail(0x005555B1), "CryptGenRandom [Name]\nMicrosoft CryptoAPI function name");
    MarkPosition(0x00551978, 0, 0, 0, slotidx + 3, "ECC");
    MakeComm(PrevNotTail(0x00551979), "ECC\nNIST-recommended elliptic curve over binary field, point order of B-163 curve");
    MarkPosition(0x00551474, 0, 0, 0, slotidx + 4, "ECC");
    MakeComm(PrevNotTail(0x00551475), "ECC\nNIST-recommended elliptic curve over binary field, point order of B-233 curve");
    MarkPosition(0x00551058, 0, 0, 0, slotidx + 5, "ECC");
    MakeComm(PrevNotTail(0x00551059), "ECC\nNIST-recommended elliptic curve over binary field, point order of B-283 curve");
    MarkPosition(0x00550C40, 0, 0, 0, slotidx + 6, "ECC");
    MakeComm(PrevNotTail(0x00550C41), "ECC\nNIST-recommended elliptic curve over binary field, point order of B-409 curve");
    MarkPosition(0x005506C8, 0, 0, 0, slotidx + 7, "ECC");
    MakeComm(PrevNotTail(0x005506C9), "ECC\nNIST-recommended elliptic curve over binary field, point order of B-571 curve");
    MarkPosition(0x005505C0, 0, 0, 0, slotidx + 8, "ECC");
    MakeComm(PrevNotTail(0x005505C1), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb163v1 curve");
    MarkPosition(0x005504BC, 0, 0, 0, slotidx + 9, "ECC");
    MakeComm(PrevNotTail(0x005504BD), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb163v2 curve");
    MarkPosition(0x005503E0, 0, 0, 0, slotidx + 10, "ECC");
    MakeComm(PrevNotTail(0x005503E1), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb163v3 curve");
    MarkPosition(0x0054FDE2, 0, 0, 0, slotidx + 11, "ECC");
    MakeComm(PrevNotTail(0x0054FDE3), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb208w1 curve");
    MarkPosition(0x0054F7E2, 0, 0, 0, slotidx + 12, "ECC");
    MakeComm(PrevNotTail(0x0054F7E3), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb272w1 curve");
    MarkPosition(0x0054F10A, 0, 0, 0, slotidx + 13, "ECC");
    MakeComm(PrevNotTail(0x0054F10B), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2pnb368w1 curve");
    MarkPosition(0x00550160, 0, 0, 0, slotidx + 14, "ECC");
    MakeComm(PrevNotTail(0x00550161), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb191v1 curve");
    MarkPosition(0x00550034, 0, 0, 0, slotidx + 15, "ECC");
    MakeComm(PrevNotTail(0x00550035), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb191v2 curve");
    MarkPosition(0x0054FF30, 0, 0, 0, slotidx + 16, "ECC");
    MakeComm(PrevNotTail(0x0054FF31), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb191v3 curve");
    MarkPosition(0x0054FC38, 0, 0, 0, slotidx + 17, "ECC");
    MakeComm(PrevNotTail(0x0054FC39), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb239v1 curve");
    MarkPosition(0x0054FAD0, 0, 0, 0, slotidx + 18, "ECC");
    MakeComm(PrevNotTail(0x0054FAD1), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb239v2 curve");
    MarkPosition(0x0054F990, 0, 0, 0, slotidx + 19, "ECC");
    MakeComm(PrevNotTail(0x0054F991), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb239v3 curve");
    MarkPosition(0x0054F370, 0, 0, 0, slotidx + 20, "ECC");
    MakeComm(PrevNotTail(0x0054F371), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb359v1 curve");
    MarkPosition(0x0054EE40, 0, 0, 0, slotidx + 21, "ECC");
    MakeComm(PrevNotTail(0x0054EE41), "ECC\nX 9.62 EC-DSA elliptic curve over binary field, point order of c2tnb431r1 curve");
    MarkPosition(0x00551B60, 0, 0, 0, slotidx + 22, "ECC");
    MakeComm(PrevNotTail(0x00551B61), "ECC\nNIST-recommended elliptic curve over binary field, point order of K-163 curve");
    MarkPosition(0x005515EA, 0, 0, 0, slotidx + 23, "ECC");
    MakeComm(PrevNotTail(0x005515EB), "ECC\nNIST-recommended elliptic curve over binary field, point order of K-233 curve");
    MarkPosition(0x00551210, 0, 0, 0, slotidx + 24, "ECC");
    MakeComm(PrevNotTail(0x00551211), "ECC\nNIST-recommended elliptic curve over binary field, point order of K-283 curve");
    MarkPosition(0x00550E9A, 0, 0, 0, slotidx + 25, "ECC");
    MakeComm(PrevNotTail(0x00550E9B), "ECC\nNIST-recommended elliptic curve over binary field, point order of K-409 curve");
    MarkPosition(0x005509E8, 0, 0, 0, slotidx + 26, "ECC");
    MakeComm(PrevNotTail(0x005509E9), "ECC\nNIST-recommended elliptic curve over binary field, point order of K-571 curve");
    MarkPosition(0x0055393C, 0, 0, 0, slotidx + 27, "ECC");
    MakeComm(PrevNotTail(0x0055393D), "ECC\nNIST-recommended elliptic curve over prime field, prime order of P-192 curve");
    MarkPosition(0x0055311C, 0, 0, 0, slotidx + 28, "ECC");
    MakeComm(PrevNotTail(0x0055311D), "ECC\nX 9.62 EC-DSA elliptic curve over prime field, base point x-coordinate of P-192 v2 curve");
    MarkPosition(0x00552FBC, 0, 0, 0, slotidx + 29, "ECC");
    MakeComm(PrevNotTail(0x00552FBD), "ECC\nX 9.62 EC-DSA elliptic curve over prime field, prime order of P-192 v3 curve");
    MarkPosition(0x005537A0, 0, 0, 0, slotidx + 30, "ECC");
    MakeComm(PrevNotTail(0x005537A1), "ECC\nNIST-recommended elliptic curve over prime field, prime order of P-224 curve");
    MarkPosition(0x00552E3C, 0, 0, 0, slotidx + 31, "ECC");
    MakeComm(PrevNotTail(0x00552E3D), "ECC\nX 9.62 EC-DSA elliptic curve over prime field, prime order of P-239 v1 curve");
    MarkPosition(0x00552D14, 0, 0, 0, slotidx + 32, "ECC");
    MakeComm(PrevNotTail(0x00552D15), "ECC\nX 9.62 EC-DSA elliptic curve over prime field, prime order of P-239 v2 curve");
    MarkPosition(0x00552C14, 0, 0, 0, slotidx + 33, "ECC");
    MakeComm(PrevNotTail(0x00552C15), "ECC\nX 9.62 EC-DSA elliptic curve over prime field, prime order of P-239 v3 curve");
    MarkPosition(0x00552A68, 0, 0, 0, slotidx + 34, "ECC");
    MakeComm(PrevNotTail(0x00552A69), "ECC\nNIST-recommended elliptic curve over prime field, prime order of P-256 curve");
    MarkPosition(0x00553508, 0, 0, 0, slotidx + 35, "ECC");
    MakeComm(PrevNotTail(0x00553509), "ECC\nNIST-recommended elliptic curve over prime field, prime order of P-384 curve");
    MarkPosition(0x005531B0, 0, 0, 0, slotidx + 36, "ECC");
    MakeComm(PrevNotTail(0x005531B1), "ECC\nNIST-recommended elliptic curve over prime field, prime order of P-521 curve");
    MarkPosition(0x0055297C, 0, 0, 0, slotidx + 37, "ECC");
    MakeComm(PrevNotTail(0x0055297D), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp112r1 curve");
    MarkPosition(0x005528B0, 0, 0, 0, slotidx + 38, "ECC");
    MakeComm(PrevNotTail(0x005528B1), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp112r2 curve");
    MarkPosition(0x005527B0, 0, 0, 0, slotidx + 39, "ECC");
    MakeComm(PrevNotTail(0x005527B1), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp128r1 curve");
    MarkPosition(0x005526D4, 0, 0, 0, slotidx + 40, "ECC");
    MakeComm(PrevNotTail(0x005526D5), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp128r2 curve");
    MarkPosition(0x00552620, 0, 0, 0, slotidx + 41, "ECC");
    MakeComm(PrevNotTail(0x00552621), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp160k1 curve");
    MarkPosition(0x005524F0, 0, 0, 0, slotidx + 42, "ECC");
    MakeComm(PrevNotTail(0x005524F1), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp160r1 curve");
    MarkPosition(0x00552414, 0, 0, 0, slotidx + 43, "ECC");
    MakeComm(PrevNotTail(0x00552415), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp160r2 curve");
    MarkPosition(0x00552318, 0, 0, 0, slotidx + 44, "ECC");
    MakeComm(PrevNotTail(0x00552319), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp192k1 curve");
    MarkPosition(0x005521FC, 0, 0, 0, slotidx + 45, "ECC");
    MakeComm(PrevNotTail(0x005521FD), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp224k1 curve");
    MarkPosition(0x005520B8, 0, 0, 0, slotidx + 46, "ECC");
    MakeComm(PrevNotTail(0x005520B9), "ECC\nCerticom SEC2 elliptic curve over prime field, prime order of secp256k1 curve");
    MarkPosition(0x00551EB8, 0, 0, 0, slotidx + 47, "ECC");
    MakeComm(PrevNotTail(0x00551EB9), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect113r1 curve");
    MarkPosition(0x00551DF0, 0, 0, 0, slotidx + 48, "ECC");
    MakeComm(PrevNotTail(0x00551DF1), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect113r2 curve");
    MarkPosition(0x00551D18, 0, 0, 0, slotidx + 49, "ECC");
    MakeComm(PrevNotTail(0x00551D19), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect131r1 curve");
    MarkPosition(0x00551C38, 0, 0, 0, slotidx + 50, "ECC");
    MakeComm(PrevNotTail(0x00551C39), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect131r2 curve");
    MarkPosition(0x00551A50, 0, 0, 0, slotidx + 51, "ECC");
    MakeComm(PrevNotTail(0x00551A51), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect163r1 curve");
    MarkPosition(0x00551814, 0, 0, 0, slotidx + 52, "ECC");
    MakeComm(PrevNotTail(0x00551815), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect193r1 curve");
    MarkPosition(0x005516E8, 0, 0, 0, slotidx + 53, "ECC");
    MakeComm(PrevNotTail(0x005516E9), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect193r2 curve");
    MarkPosition(0x00551374, 0, 0, 0, slotidx + 54, "ECC");
    MakeComm(PrevNotTail(0x00551375), "ECC\nCerticom SEC2 elliptic curve over binary field, point order of sect239k1 curve");
    MarkPosition(0x005073F9, 0, 0, 0, slotidx + 55, "FORK-256 [mixing]");
    MakeComm(PrevNotTail(0x005073FA), "FORK-256 [mixing]\nFORK-256 mixing constants (subset of SHA-256)");
    MarkPosition(0x00507B87, 0, 0, 0, slotidx + 56, "FORK-256 [mixing]");
    MakeComm(PrevNotTail(0x00507B88), "FORK-256 [mixing]\nFORK-256 mixing constants (subset of SHA-256)");
    MarkPosition(0x005564A8, 0, 0, 0, slotidx + 57, "List of primes [long]");
    MakeComm(PrevNotTail(0x005564A9), "List of primes [long]\nAll prime numbers up to 251");
    MarkPosition(0x00519248, 0, 0, 0, slotidx + 58, "MD5");
    MakeComm(PrevNotTail(0x00519249), "MD5\nMD5 transform (\"compress\") constants");
    MarkPosition(0x005472A8, 0, 0, 0, slotidx + 59, "RIJNDAEL [T1]");
    MakeComm(PrevNotTail(0x005472A9), "RIJNDAEL [T1]\nRIJNDAEL (AES): encoding table 1; also used in other ciphers (e.g. SNOW 2.0)");
    MarkPosition(0x0051B5D6, 0, 0, 0, slotidx + 60, "SHA1 [Compress]");
    MakeComm(PrevNotTail(0x0051B5D7), "SHA1 [Compress]\nSHA1 additive constants (also used in SHA, SEAL, partly in RIPEMD)");
    MarkPosition(0x00507298, 0, 0, 0, slotidx + 61, "SHA-224 [Init]");
    MakeComm(PrevNotTail(0x00507299), "SHA-224 [Init]\nSHA-224 init constants (also used in SHA-384)");
    MarkPosition(0x00555FA8, 0, 0, 0, slotidx + 62, "SHA-256 [mixing]");
    MakeComm(PrevNotTail(0x00555FA9), "SHA-256 [mixing]\nSHA-256 mixing constants (also used in SHA-512)");
    MarkPosition(0x00509258, 0, 0, 0, slotidx + 63, "SHA-384 [Init]");
    MakeComm(PrevNotTail(0x00509259), "SHA-384 [Init]\nSHA-384 init constants (partly used also in SHA-224)");
    MarkPosition(0x005092F8, 0, 0, 0, slotidx + 64, "SHA-512 [init]");
    MakeComm(PrevNotTail(0x005092F9), "SHA-512 [init]\nSHA-512 init constants (partly used also in SHA-256)");
    MarkPosition(0x0054EC44, 0, 0, 0, slotidx + 65, "{Big number}");
    MakeComm(PrevNotTail(0x0054EC45), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 184 bits");
    MarkPosition(0x0054ED2C, 0, 0, 0, slotidx + 66, "{Big number}");
    MakeComm(PrevNotTail(0x0054ED2D), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 154 bits");
    MarkPosition(0x0054EDD8, 0, 0, 0, slotidx + 67, "{Big number}");
    MakeComm(PrevNotTail(0x0054EDD9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 112 bits");
    MarkPosition(0x0054EDF8, 0, 0, 0, slotidx + 68, "{Big number}");
    MakeComm(PrevNotTail(0x0054EDF9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 113 bits");
    MarkPosition(0x0054EEB0, 0, 0, 0, slotidx + 69, "{Big number}");
    MakeComm(PrevNotTail(0x0054EEB1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 430 bits");
    MarkPosition(0x0054F168, 0, 0, 0, slotidx + 70, "{Big number}");
    MakeComm(PrevNotTail(0x0054F169), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 367 bits");
    MarkPosition(0x0054F3D0, 0, 0, 0, slotidx + 71, "{Big number}");
    MakeComm(PrevNotTail(0x0054F3D1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 359 bits");
    MarkPosition(0x0054F5D8, 0, 0, 0, slotidx + 72, "{Big number}");
    MakeComm(PrevNotTail(0x0054F5D9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 289 bits");
    MarkPosition(0x0054F628, 0, 0, 0, slotidx + 73, "{Big number}");
    MakeComm(PrevNotTail(0x0054F629), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 304 bits");
    MarkPosition(0x0054F678, 0, 0, 0, slotidx + 74, "{Big number}");
    MakeComm(PrevNotTail(0x0054F679), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 301 bits");
    MarkPosition(0x0054F6C8, 0, 0, 0, slotidx + 75, "{Big number}");
    MakeComm(PrevNotTail(0x0054F6C9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 304 bits");
    MarkPosition(0x0054F718, 0, 0, 0, slotidx + 76, "{Big number}");
    MakeComm(PrevNotTail(0x0054F719), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 304 bits");
    MarkPosition(0x0054F828, 0, 0, 0, slotidx + 77, "{Big number}");
    MakeComm(PrevNotTail(0x0054F829), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 269 bits");
    MarkPosition(0x0054F9D0, 0, 0, 0, slotidx + 78, "{Big number}");
    MakeComm(PrevNotTail(0x0054F9D1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 238 bits");
    MarkPosition(0x0054FB10, 0, 0, 0, slotidx + 79, "{Big number}");
    MakeComm(PrevNotTail(0x0054FB11), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 239 bits");
    MarkPosition(0x0054FC78, 0, 0, 0, slotidx + 80, "{Big number}");
    MakeComm(PrevNotTail(0x0054FC79), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 239 bits");
    MarkPosition(0x0054FE18, 0, 0, 0, slotidx + 81, "{Big number}");
    MakeComm(PrevNotTail(0x0054FE19), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 204 bits");
    MarkPosition(0x0054FF64, 0, 0, 0, slotidx + 82, "{Big number}");
    MakeComm(PrevNotTail(0x0054FF65), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 191 bits");
    MarkPosition(0x00550068, 0, 0, 0, slotidx + 83, "{Big number}");
    MakeComm(PrevNotTail(0x00550069), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 189 bits");
    MarkPosition(0x00550194, 0, 0, 0, slotidx + 84, "{Big number}");
    MakeComm(PrevNotTail(0x00550195), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 191 bits");
    MarkPosition(0x005502C0, 0, 0, 0, slotidx + 85, "{Big number}");
    MakeComm(PrevNotTail(0x005502C1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 161 bits");
    MarkPosition(0x005502F0, 0, 0, 0, slotidx + 86, "{Big number}");
    MakeComm(PrevNotTail(0x005502F1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 175 bits");
    MarkPosition(0x00550320, 0, 0, 0, slotidx + 87, "{Big number}");
    MakeComm(PrevNotTail(0x00550321), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 176 bits");
    MarkPosition(0x00550350, 0, 0, 0, slotidx + 88, "{Big number}");
    MakeComm(PrevNotTail(0x00550351), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 175 bits");
    MarkPosition(0x00550380, 0, 0, 0, slotidx + 89, "{Big number}");
    MakeComm(PrevNotTail(0x00550381), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 176 bits");
    MarkPosition(0x0055040C, 0, 0, 0, slotidx + 90, "{Big number}");
    MakeComm(PrevNotTail(0x0055040D), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 163 bits");
    MarkPosition(0x005504E8, 0, 0, 0, slotidx + 91, "{Big number}");
    MakeComm(PrevNotTail(0x005504E9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 163 bits");
    MarkPosition(0x005505EC, 0, 0, 0, slotidx + 92, "{Big number}");
    MakeComm(PrevNotTail(0x005505ED), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 161 bits");
    MarkPosition(0x00551FC8, 0, 0, 0, slotidx + 93, "{Big number}");
    MakeComm(PrevNotTail(0x00551FC9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 161 bits");
    MarkPosition(0x00552C54, 0, 0, 0, slotidx + 94, "{Big number}");
    MakeComm(PrevNotTail(0x00552C55), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 237 bits");
    MarkPosition(0x00552D54, 0, 0, 0, slotidx + 95, "{Big number}");
    MakeComm(PrevNotTail(0x00552D55), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 239 bits");
    MarkPosition(0x00552E7C, 0, 0, 0, slotidx + 96, "{Big number}");
    MakeComm(PrevNotTail(0x00552E7D), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 239 bits");
    MarkPosition(0x00552FF0, 0, 0, 0, slotidx + 97, "{Big number}");
    MakeComm(PrevNotTail(0x00552FF1), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 190 bits");
    MarkPosition(0x005530B4, 0, 0, 0, slotidx + 98, "{Big number}");
    MakeComm(PrevNotTail(0x005530B5), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 192 bits");
    MarkPosition(0x005530E8, 0, 0, 0, slotidx + 99, "{Big number}");
    MakeComm(PrevNotTail(0x005530E9), "{Big number}\nPossible big number constant - it may indicate various asymmetric crypto: hexadecimal, 191 bits");
    }


    I hope this means more to you than it does me....

    Sadsack
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Yeah, that means that it has a little of everything in it. Might be statically linked against some big crypto library.

Similar Threads

  1. How to extract compilable ASM code for routine including sub routine from IDA?
    By joyung in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: March 26th, 2013, 11:36
  2. Decription routine
    By xor_axax in forum The Newbie Forum
    Replies: 3
    Last Post: March 19th, 2013, 06:34
  3. Looking for a light weight C/C++ debugging engine api
    By _genuine in forum The Newbie Forum
    Replies: 2
    Last Post: September 9th, 2012, 21:49
  4. ASM routine
    By steel in forum The Newbie Forum
    Replies: 8
    Last Post: April 28th, 2008, 12:06
  5. Winzip registration routine
    By SL0rd in forum The Newbie Forum
    Replies: 3
    Last Post: August 25th, 2004, 13:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •