Results 1 to 7 of 7

Thread: Help Understanding WIBU-BoX internal encryption process

  1. #1

    Question Help Understanding WIBU-BoX internal encryption process

    I have developed a fake wkWin64.dll that responds well with the host program I am trying to fool.

    However, I have run up on to a problem. The access method request by the host program requires that I use direct method encryption (WKB_SEL_DIRECT). This encryption process is symmetrical.

    Unfortunately, I don't know what type of FEAL WIBU-BOX v11 uses in the encryption/decryption process. From my research, there appear to be many different types of FEAL encryption methods (FEAL-8, FEAL-4, FEAL-NX, FEAL-N...ect).

    I have the AsicBuild, Firm Code. User Code and Selection Code, but I don't know what the 88bit const value pertains to.
    I have searched online and throughout the WIBU-SDK but I can't find up to date details on the inner workings of the WIBU-BOX anywhere online.

    So, when the host program calls WkbCrypt2, I can't really do much.



    NOTE: I don't have access to a WIBU-BOX usb.

    If anyone could provide some resources or impart some knowledge my way. That would be awesome.

  2. #2
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    wibu algo v1 is some knuth47 permutate, not used in modern wibu-protected software.
    wibu algo v2, v3 is FEAL-8, 40-bit selection sequence key, can be recovered by use the brute-force process.
    wibu algo v4, v5 is FEAL-32, 64-bit selection sequence key.

    algo v2 == v3, v4 == v5. difference for the FC only.

    const is 0x37 for v2, v3
    const is (FirmCode & 0xFF) for v4, v5
    Last edited by FoxB; November 3rd, 2018 at 02:55.

  3. #3
    I do not have a WIBU-BOX dongle so I can't really be sure what algorithm version will suffice. I do remember the dongle was in use from 2011-2012. It might have been a WibuBox/RU+ or WibuBox/RU. Not really sure. I only have the dongle dump now which states that the version of wibu-box is 11, but I haven't found anything to correlate that with an algorithm.



    You mentioned that Wibu's V2 algorithm can be brute-forced. I am a bit confused by that given that I have the AsicBuild, Firm Code. User Code and Selection Code. So my thought process was that I would just need to go over the encrypted bytes in the same process as pictured in my first post.

    Lastly, I just want to clarify, did you mean the 88bit const for v2 & v3 is 0x37 and for v4 & 5 the const is the firmware bit masked with 0xff (0x000fd0b0 & oxff)?

  4. #4
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    it not dependent at asic ver

  5. #5
    Oh my mistake. Thanks

    Do you know what the 88bit const refers to?

  6. #6
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    i think wiby-guys only. but for real purpose you not need this 88 bit.
    from v2,3,4,5 cipher you can extract some data for brute-force. for v2,3 is possible extract key in 1-4 day (8 round of the feal cipher and 40 bit key), for v4,5 - not possible (32 round of the feal cipher and 64 bit key) in reasonable time.

  7. #7
    Okay. Got it. Thanks for your help. It has really cleared up a lot of my misconceptions.
    Really appreciate it. 😁

Similar Threads

  1. WIBU WkbCrypt2 (WITH dongle)
    By fritzFS in forum Malware Analysis and Unpacking Forum
    Replies: 77
    Last Post: February 21st, 2009, 10:29
  2. New WIBU Envelope v5.20
    By FoxB in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: July 14th, 2007, 23:38
  3. JavaCard internal structure (JCOP, CyberFlex, etc.)
    By FractalizeR in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: March 18th, 2005, 08:21
  4. TRW2000 internal
    By dion in forum Tools of Our Trade (TOT) Messageboard
    Replies: 14
    Last Post: September 9th, 2002, 03:40
  5. WS Cad 4.0 + WIBU-Key
    By faka in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: December 24th, 2000, 18:45

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •