Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: Delphi RNG reversing

  1. #16
    As I said in earlier post this program uses QueryPerformanceCounter for initial seed. However I didn't get what you mean by
    If that's the case, then your keyspace just dropped dramatically.
    How we can predict the result of QueryPerformanceCounter? Could you elaborate on this topic?
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  2. #17
    What I was saying was that if they use the value of Query... for range limiting the acceptable values, and that value is LOW, then that limits the range of the random numbers, and might reduce the area you have to search.

  3. #18
    I want to know what is predictable the range of QueryPerformanceCounter if you know. I didn't come up with any predictable range. That is why I am searching 0-FFFFFFFFh range. Another problem is we also don't know how many times author generated big number. Each generation also affects RandomSeed. However, I am open to new ideas always.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  4. #19
    ShyKittten
    Guest

    Recca ?

    Why do you search the next prime number ?

    prime(M) + b = M with M the 1st random number and b a small number
    prime(N) + c = N with N the 2nd random number and c a small number

    So :
    - choose a seed
    - compute M and N
    - if (M*N - P) is small enough, you probably find the seed (with P = prime(M)*prime(N)), In other words : Take the most significant 32 bits of N and M, multiply, if the result is close to the most significant bits of P, take the next 32 bits of N and M, multiply...

    Bruteforce would be easy...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #20
    What is the relation between M, N and P?
    Program generates P and Q (primes of RSA) by using Random function and searching next prime like this

    Code:
    P=Random(Seed)
    P=FindNextPrime(P)
    Q=Random(Seed)
    Q=FindNextPrime(Q)
    N=P*Q
    The idea is if we can find fast method to find IsPrime function we can speed up searching. Because if we can recover the seed either seed of P or seed of Q we will find the prime numbers. Other than that I didn't get what you mean by M and N. drizz's code is very detailed and fast but I abandoned the project until I get my new computer.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  6. #21
    ShyKittten
    Guest
    In my previous post : P = M*N.

    You say :

    Code:
    P=Random(Seed)
    P=FindNextPrime(P)
    Q=Random(Seed)
    Q=FindNextPrime(Q)
    N=P*Q
    My idea :

    Code:
    P'=Random(Seed)
    Q'=Random(Seed)
    N'=P'*Q'
    if(|N'-N| small enough)
    {
           P=FindNextPrime(P')
           Q=FindNextPrime(Q')
           if(N==P*Q)
           {
                  Correct Seed !
           }
    }

    I use it to break RSA-1024 with similar weak RNG (<1h to check all the 32-bits values).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #22
    What is that small enough number? I have searched prime gaps and found that biggest gap is 4724 for 75 digits so theoretically that number will be 4724^2= 22316176 ( http://www.trnicely.net/gaps/g4k.html ) is this info true or it is lower than that?
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  8. #23
    ShyKittten
    Guest
    http://en.wikipedia.org/wiki/Prime_gap#Conjectures_about_gaps_between_primes

    g(pn) = O((ln pn)^2)
    If P and Q were independents, you would choose the gap carefully,
    But, here, P and Q are linked together by the seed so few (P',Q') (and probably only 1) will pass the test even if you choose a too big gap...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #24
    Thanks. It worked
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  10. #25
    Thanks
    Here is the tutorial by Laptonic
    http://forum.exetools.com/showthread.php?t=14836
    Crack and unpack is a way to enjoy life.

Similar Threads

  1. Full Delphi 6 and Delphi 7 Signature For IDA
    By TQN in forum Tools of Our Trade (TOT) Messageboard
    Replies: 28
    Last Post: June 25th, 2007, 11:20
  2. FSG 2 and Delphi...
    By Ghostz in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: September 4th, 2006, 13:32
  3. Help with Delphi 7 app
    By sloppysam in forum The Newbie Forum
    Replies: 7
    Last Post: January 5th, 2005, 08:37
  4. Full Delphi 6 and Delphi 7 IDA signature
    By TQN in forum OllyDbg Support Forums
    Replies: 2
    Last Post: September 16th, 2004, 01:50
  5. reversing Delphi 6 code ...
    By FriX in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: April 10th, 2003, 07:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •