Results 1 to 2 of 2

Thread: des modified algo

  1. #1
    Registered User
    Join Date
    Feb 2002

    Question des modified algo

    hello crypto reversers,

    I currently reversing a licencing manager system using dongle/token number scheme

    Dongle query give 32 bits hostid : rnbosentinelpro static library
    A token (16 hex digit) is asked to the user
    hi, crypto reversers,
    I currently investigating a custom licence manager scheme using sspro dongle and key (named token) registration
    but I am stuck understanding which algo is used....

    In the registration process, the token and hostid is passed through Is_token_valid_sub_404070
    this procedure call sub_402910 which control that hostid/token pairs are valid
    in sub_402910
    key1 = set_keys_4028A0(hostid, buffer)
    key2 = set_keys_4028A0(81040100, buffer)

    hostid is expanded to 64 bits value and submitted to parity checking and return key1
    an harcoded value 81040100 is also expanded the same way and key 2 is nreturned

    then bool sub_decrypt_and_check_402730 (key1, key2, buffer, token) is called
    in these sub are called :

    sub_unknown_algo_403DD0 (key2,token, 8, switch=1, product name)
    operations on modified token
    sub_unknown_algo_403DD0 ((key1,token,8,0, switch=0, productname)
    operation on modified token
    return good or bad in esi

    Is_token_valid_ and rnbo fct can easely be patched to enable the whole stuff but,
    I want to understand the inner behavior of sub_403DD0. This procedure use mainly two calls, in
    which there are unrolled loop with tons of round which look like a custom DES implementation.
    Can you have a look at this stuff

    program removed...

  2. #2
    Registered User
    Join Date
    Feb 2002
    ...Snatch, Sorry for posting a prg, I won't do it any more...

    My problem is now solved : the decrypt and check routine first decrypt at run time the DES S and P tables which are used later to decrypt the token. Dumping these tables, building a correct xor reverse table, including this in rnbo* emulator and a correct tokenlicgenerator for **ilm lic manager is born.


Similar Threads

  1. testing algo
    By dion in forum Off Topic
    Replies: 6
    Last Post: November 19th, 2008, 15:06
  2. ollys modified
    By master in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 21st, 2007, 17:11
  3. hash algo help
    By ramin_rad2000 in forum RCE Cryptographics
    Replies: 5
    Last Post: September 7th, 2004, 15:49
  4. How to know which algo is used ?
    By MarcElBichon in forum RCE Cryptographics
    Replies: 7
    Last Post: November 20th, 2001, 03:56
  5. E changed to 1 in RSA algo.
    By Problem in forum RCE Cryptographics
    Replies: 1
    Last Post: November 7th, 2001, 11:12


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts