Results 1 to 3 of 3

Thread: old encrypted cd

  1. #1
    kqt
    Guest

    old encrypted cd

    hello all
    I recently bought a used prog for $2 with a bunch of fonts on it.
    Its a multi-os cd that will work with win, mac, or 2 different kinds of unix. Its old 16-bit. It works this way..you browse the cd for fonts you want to buy, call the manufacturer, give them your customer key and credit card, and they give you unlock key to the fonts you bought. I thought "interesting". So I install in win 98. Installation takes a 23 digit password and your name, after install, I find in c:\windows a xxx.ini file with my name and a 20 digit "serial number". I run the prog and choose a font. Dialog informs me of my 22 digit "customer key" which is very similar but not the same as "serial number" in xxx.ini. Dialog then asks for 15 digit "unlock key"-box only accept numbers and auto-arranges into groups like:xxx xxxx xxxx xxxx. So I type fake unlock key and bpx getdlgitemtext.Previous dissasembly provided no clues to strings in error message about "wrong key", so I trace slow to find the offending call. I find the call, and inside are 20+ other calls. Watching registers as close as I can I find in memory my name, the original install pass,the 20 digit "serial number" from xxx.ini and my fake "unlock key".Also there is a 10 digit mystery number that is read from and written to several times, and my unlock key gets converted to other numbers than I originally entered. The check is not obvious, every time I think I see a check moving through ax 1 byte at a time, it is really one the other strings being read. Also there are pointers to a thing that looks like : 0 # 0 # 0 # 0 # 0 # 0 #.....And in the install directory and the cd is wierd hidden file "cdr0m.des" with no obvious entry point to dissasemble from. What should I be looking for here??? I can manage to reverse all conditional jumps leading to error message, forcing prog to spit out a font, but its still encrypted the way its stored on the cd, so......proper "unlock key"=decrypt key.....Right?? Are there ways to identify encryption algo similar to ways of identifying commercial protections like dongles and packers? Could "unlock key" be bruteforced by attaching to the process of the dialog box? I actually own 1 font that is on the cd in non-crypt form, could it be compared to the crypt one to find key like "known plain-text"?? Some searching revealed that the cd was supposedly made from a number of different masters to prevent a generic crack from being made, encryption algorythm different on each master, and that each time you install, new "serial number" is generated. Also, unamed graphics software giant no longer makes or supports this product, couldnt buy the fonts anymore if you wanted to, which makes it even more interesting to me. A last note, prog traces in softice with no apparent problem, but out of curiosity I loaded frogsice and crash! error 10 debug registers..something about call dos3call...jn zxxx.... int 21...is this just a fice bug or real antidebug???
    Any input appreciated
    thanks
    kqt
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Howdy,

    Old school encryption......

    Your trying to hard methinks. XOR'ing and 16 bit encryption should turn up what you desire.
    I believe you can find that somewhere on this place.

    The lazy one can try DECRYPT.

    Peace, Woodmann

  3. #3
    kqt
    Guest
    Thanks for the reply, Woodman
    I havent found my answers yet, but I'll keep trying....
    I was searching on 16-bit crypt and xor crypt and ran
    into this...maybe people here have read this stuff
    already, but it's new to me and seems written in a
    very concise and informative way.....
    h**p://polywog.navpoint.com/reveng
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. encrypted harddisk
    By OHPen in forum RCE Cryptographics
    Replies: 13
    Last Post: January 29th, 2009, 12:55
  2. How to patch an encrypted dll after it's loaded?
    By scruffy in forum The Newbie Forum
    Replies: 2
    Last Post: September 10th, 2002, 22:38
  3. Editing DOS encrypted files
    By Unregistered in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: October 10th, 2001, 06:28
  4. encrypted .exe?
    By spamal in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: January 4th, 2001, 15:48

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •