Results 1 to 4 of 4

Thread: A little trouble generating serials for an application

  1. #1

    A little trouble generating serials for an application

    Hello! I'm having some trouble generating valid serial numbers for an application and I hope someone here can shed some light on the whole thing.

    As per the FAQ, here is the relevant info:

    1. What is the problem....

    A while ago, some developer released version 1.0 of some application, protected by a serial check routine. I was able to understand the algorithm used to validate serial numbers and create a serial generator for that application.

    Now, the same developer released an update for that application which requires a new serial number. That validation routine is the same as before, except for an extra step. I was able to create a new, working serial generator, but I am unsure if it's actually as good as it can be.

    2. What is the protection.....

    Custom-made serial number check.

    3. What tools are you using....

    The application is written in Python and I was able to decompile it using a tool called uncompyle2.

    4. What tutorials have you read....

    Some tutorials on Python programming and a few more on decompiling applications made in Python.

    5. Show your output listing WITH comments....

    I'm not entirely sure what output I should list here, so I'll try to explain how the serial check routine works in the updated version of the application, keeping it as generic as possible.

    First of all, as I mentioned previously, it simply does the same check as in the initial version, 1.0 (that was simple to understand). Then comes the extra step, which goes like this:

    1. it takes the name of the application and calculates it's SHA1 hash;
    2. it takes that hash and converts it from base 16 to base 10 (I'm not sure if I'm explaining this operation correctly, English is not my native tongue, but I can give an example if needed);
    3. it stores the remainder (let's call it R1) of the division between the result from the previous step and a number (constant integer), let's call it X;
    4. it takes the entered serial number and calculates it's SHA1 hash;
    5. it takes that hash and converts it from base 16 to base 10;
    6. it stores the remainder (let's call it R2) of the division between the result from the previous step and X (the constant);
    7. it checks if the two remainders, R1 and R2, are equal;
    8. if R1 = R2, then the serial number is considered valid.

    To generate valid serials for the new version of the application, I create random serials which are valid for the initial version and do the calculations mentioned in the list above again and again, until I get a serial that works.

    Basically, I now cannot constantly create valid serials for the updated application like I did before. I have to create many serials and do the calculations on them until I find ones that are valid.

    6. NOW ask your question....

    Is my method of generating valid serials for the new version of the application the most efficient one? Or is there a correlation between the SHA1 hashes, the conversion from base 16 to base 10 and the remainders, which I'm not seeing? Does the developer generate valid serials in the same way, or does him/her have a different method, which constantly yields valid serial numbers?

    If needed, I can explain the serial check routine more thoroughly.

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    0xD1
    Guest
    Brute-force is the correct approach. You can optimize the check for a valid hash, but it mostly comes down to generating hashes as fast as possible by threading and/or offloading to GPU.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by ratshasa View Post
    Does the developer generate valid serials in the same way
    Yep.

  4. #4
    Ok, then I guess I will try to optimize my serial generation and validation algorithms as much as possible. Thanks for the input!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How to find code generating known data?
    By nomatter in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: September 10th, 2010, 04:10
  2. trouble with asprotect
    By homersux in forum The Newbie Forum
    Replies: 11
    Last Post: June 24th, 2005, 16:41
  3. Key generating, computer ID, etc.
    By Le-Fay in forum The Newbie Forum
    Replies: 4
    Last Post: January 15th, 2005, 00:22
  4. softice 4.0 trouble
    By computerbum30 in forum The Newbie Forum
    Replies: 2
    Last Post: July 19th, 2004, 18:35
  5. MPR.DLL trouble
    By CccT in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 27th, 2002, 21:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •