Results 1 to 3 of 3

Thread: Stream Cipher with Key to decrypt

  1. #1

    Question Stream Cipher with Key to decrypt


    I wasn't sure to post this in Crypto or in newbie so.......

    ok, I found out that the program I'm trying to crack has it's serialS (diff serials for more or less functions enabled) hardcoded in the exe.

    At the source, it reads your serial from registry and/or from a file in it's directory, decrypt the key and compare diff parts of it.

    Now, if I'm not mistaking, it is encrypted/decrypted using a stream cypher (because it seems to loop XORing diff value etc.. (I'm just starting to TRY to understand it so mind me pls).

    One of the value hardcoded I thought was a serial isn't but look like another kind of key, now could it be the cipher key ?
    Here it is:

    Also, I can find those Calls in between RegQueryValue and when the Serials are tested with (I found out my decrypted serial as first push to lstrcmp was from registry/decryption result and second from hardcoded (pointer) LSTRCMP:
    Later on, I breaked before it save the data in the registry again and I have the same except "read" replaced now by:
    They are all calls many times. I'd think dehonogen would be the decryption routine call...not sure at all tho.

    Knowing most of the plein text of the encrypted key contained in my registry (hardcoded serial + first+lastname), is there a way to decrypt it or try at least (magical proggy).

    Any input is off course welcome....
    I tried to find info in crypto threads but couldn't find anything like that except "Tutorial: finding encryption code" where "mike" describe a stream cypher.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, without more information or actually looking at it myself, there's not much to go on.. I wouldn't mind looking at it myself, sounds interesting. It sounds like you're correctly identified it as a stream cipher, probably want to pin down what the exact algo is so you can read & understand the spec.. RC4 is a pretty popular stream cipher, it XORs the output of a PRNG with the data stream. It is a symmetic cipher, meaning the same key is used to encrypt and decrypt. Anyway that might very well be the key hardcoded in there.

    Then you'd use the key to reverse it, but I would definantely find out exactly what algo it is, get the spec, get an API for the crypto routine for whatever language you program in. and go from there. You can probably just write a short utility to call the API using the key and the encrypted data.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3

    Wanna look at it ?


    Thank for the reply....
    If you want to look at it, u can find the target at:

    I'm at work right now so I don't have my notes, but I'll PM you the offset where I think it decrypt/encrypt in a few hours.

    It seems to repeat a # of commands, inc a reg then cmp it:
    EAX := 5
    line of code 1
    line of code 2
    line of code 3
    cmp eax, EDX
    JNZ Back to line one....
    JNZ Back to line one
    XOR registerA, RegisterB

    It's Some thing like that I think (from memory) The reg are wrong but that's around what it does with some mov dword ptr etc..

    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. how decrypt swf
    By Koutedar in forum The Newbie Forum
    Replies: 2
    Last Post: October 27th, 2013, 10:08
  2. decrypt with RSA?
    By joblack in forum RCE Cryptographics
    Replies: 3
    Last Post: December 20th, 2010, 14:32
  3. how to decrypt *.rar file ?
    By icray in forum The Newbie Forum
    Replies: 33
    Last Post: February 16th, 2009, 17:05
  4. why not decrypt in exe ?
    By glx2k in forum RCE Cryptographics
    Replies: 3
    Last Post: March 13th, 2002, 16:16
  5. Unknown Cipher
    By XtremeX in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 12th, 2001, 15:07


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts