Page 2 of 3

Posted: Sun Oct 14, 2012 3:22 am
by yescardmen
Hi everyone,

Janjan have you found a solution to your problem?
Because i've exactly the same. I've got the master key / userkey, dumped the cp32002, but the sitecode is not obfuscate, just newer for ckinfo and can't be processed.
The software is protected by Crypkey 7.7 Build 7712....

Not yet

Posted: Mon Oct 15, 2012 3:45 pm
by janjan
No,
I haven't found any solution yet.
I keep searching and let you know when i do.
Let me know if you do...

Cryptkey 1.13 and 1.14 problem

Posted: Mon Oct 29, 2012 11:39 am
by spwoof
Hi,

I´m trying to make one sitekey, but I´m getting the error below.
Any one knows how can I fix it?

I used the ckinfo 1.13 and ckinfo 1.14. Both with same error message.

keygen /SITECODE 9F50 C112 6F9F 51C1 1E
CrypKey Copy Protection Information v1.13 and v1.14

Parsing Code - 9F50 C112 6F9F 51C1 1E
Decrypt Failed - Trying v6.00 Decryption...

Error #16: Error occurred decrypting the Site Code - Encryption Keys Not Found

Well, the cryptkey worked with old one sitecode, but there was a software version upgrade, after that I cannot make good sitekey any more.

Is there a way to fix that? I´ve got userkey, masterkey maybe to get a sitekey in that new version? Maybe dump the new NGN file or using another method??? Can you give me any help to fix that issue?

Thanks a lot any information about how fix that.

Spwoof

Posted: Mon Oct 29, 2012 11:46 am
by FoxB
crypkey has change from v7.6+ cipher keys and ckinfo not have it, imho

Posted: Mon Oct 29, 2012 11:50 am
by spwoof
Quote Originally Posted by FoxB View Post
crypkey has change from v7.6+ cipher keys and ckinfo not have it, imho
Ok thanks!

But is there any way to reverse engineering that??? Any method???
Always there is a way. But I don´t know how do that yet.

THX a lot

Posted: Mon Oct 29, 2012 11:52 am
by FoxB
Try to do something by yourself.

Posted: Mon Oct 29, 2012 11:57 am
by spwoof
FoxB wrote:Try to do something by yourself.
Thanks again.

I´m trying. Dump the ngn file... Well, I did do everthing I know. But no good results.
I don´t need someone doing for me, I just need know if there is a way and if exist how can I do that?

THX a lot

Posted: Tue Apr 16, 2013 8:30 am
by FoxB
@spwoof:

Parsing Code - 9F50 C112 6F9F 51C1 1E
Decrypting Code - 0002 4D37 0544 4F41 76 [0x04:0x0E]
Code Validation - OK
Formatting Code :
02 4D 3705 444F 4176
╚╣ ╚╣ ╠══╝ ╠══╝ ╠══╝
║ ║ ║ ║ ╚═══════════════ Code CRC - 0x4176
Allow Add Licence? - No ═══╣ ║ ║ ╠════════ User Key Hash (Seed) - 0x4F44
Allow Easy Licence? - Yes ═╝ ║ ║ ╚══════════ Drive Serial Number - 20292
CrypKey Libraries - v7.7 ═════╝ ╠═ Account Number - 311
╠═ Application Id - 1
╚═ Company Number - 7956311

Posted: Sat May 11, 2013 11:37 am
by burt.muhlenbeim
It would be great to understand this process a little better. I've been searching for a while and can't find a good explanation. My process is the following:
  1. open [offending program]
  2. open ollydbg
  3. file->attach crp32002.ngn
  4. plugin->ollydbg pe dumper->make dump of process
  5. debug->close
  6. file->open the saved dumped process file
  7. plugins->ultra string->find ascii
  8. search for something that looks like a site code, in my case right after "get_site_code_1" is "5051 53C4 2895 4762 91"
There are a few problems. One is that site code seems to be associated with crypkey rather than maxsea. The other is that even if I could get the site code, it seems with the version 1.14 of ckinfo available, it wouldn't parse it anyway. I say this because many of the keys posted don't decrypt, giving the error:
Error #16: Error occurred decrypting the Site Code - Encryption Keys Not Found

Is there a path forward or should I just give up? Is my procedure the correct procedure?

Posted: Sat May 11, 2013 11:44 am
by FoxB
you got dafault SC from Crypkey Canada =)

Parsing Code - 5051 53C4 2895 4762 91
Decrypting Code - 0003 3D00 0455 3353 69 [0x0D:0x14]
Code Validation - OK
Formatting Code :
03 3D 0004 5533 5369
╚╣ ╚╣ ╠══╝ ╠══╝ ╠══╝
║ ║ ║ ║ ╚═══════════════ Code CRC - 0x5369
Allow Add Licence? - Yes ══╣ ║ ║ ╠════════ User Key Hash (Seed) - 0x3355
Allow Easy Licence? - Yes ═╝ ║ ║ ╚═════════ Drive Serial Number - unused
CrypKey Libraries - v6.1 ═════╝ ╠═ Account Number - 0
╠═ Application Id - 1
╚═ Company Number - 79560

for maxsea you have obfuscated SC. he can't use with ckinfo directly

Posted: Sat May 11, 2013 11:51 am
by burt.muhlenbeim
Right, so was I doing something wrong in my procedure, where I should've at least got the obfuscated SC? If I did get the obfuscated SC would the procedure at http://www.reteam.org/board/printthread ... e=31&pp=10
work? Or is the obfuscated SC a dead end at the current time?

Posted: Sat May 11, 2013 12:02 pm
by FoxB
search in dumped crp32002 string "Copyright (c) 1992-2004 by P.J.Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED." press Down - you see UK, MK and press Down again - you see SC

Posted: Sat May 11, 2013 12:42 pm
by burt.muhlenbeim
Couldn't find that string, but with further looking, found this code is also in the dump:

FE13 69CC D696 043F FF

[ATTACH]2758[/ATTACH]

Posted: Sun May 12, 2013 5:53 am
by FoxB
Parsing Code - FE13 69CC D696 043F FF
Decrypting Code - 0002 4DEF 0F2C FF75 A0 [0x13:0x15]
Code Validation - OK
Formatting Code :
02 4D EF0F 2CFF 75A0
╚╣ ╚╣ ╠══╝ ╠══╝ ╠══╝
║ ║ ║ ║ ╚═══════════════ Code CRC - 0x75A0
Allow Add Licence? - No ═══╣ ║ ║ ╠════════ User Key Hash (Seed) - 0xFF2C
Allow Easy Licence? - Yes ═╝ ║ ║ ╚════ Drive Serial Number (Error) - 212
CrypKey Libraries - v7.7 ═════╝ ╠═ Account Number - 1007
╠═ Application Id - 3
╚═ Company Number - 79561007



you are wrong:
Couldn't find that string, but with further looking
004A4FC0: 43 6F 70 79-72 69 67 68-74 20 28 63-29 20 31 39 Copyright (c) 19
004A4FD0: 39 32 2D 32-30 30 34 20-62 79 20 50-2E 4A 2E 20 92-2004 by P.J.
004A4FE0: 50 6C 61 75-67 65 72 2C-20 6C 69 63-65 6E 73 65 Plauger, license
004A4FF0: 64 20 62 79-20 44 69 6E-6B 75 6D 77-61 72 65 2C d by Dinkumware,
004A5000: 20 4C 74 64-2E 20 41 4C-4C 20 52 49-47 48 54 53 Ltd. ALL RIGHTS
004A5010: 20 52 45 53-45 52 56 45-44 2E 00 00-70 7C 48 00 RESERVED. p|H
004A5020: 34 72 49 00-00 00 00 00-2E 3F 41 56-5F 63 6F 6D 4rI .?AV_com
004A5030: 5F 65 72 72-6F 72 40 40-00 00 00 00-00 00 00 00 [email protected]@
004A5040: 0A 00 00 00-00 00 00 00-04 00 02 80-00 00 00 00
А
004A5050: FF FF FF FF-00 00 00 00-00 00 00 00-00 00 00 00 ****
004A5060: 00 00 00 00-00 00 00 00-44 31 30 36-35 32 32 45 D106522E
004A5070: 32 33 38 36-37 35 46 30-30 46 00 00-00 00 00 00 238675F00F

Posted: Sun May 12, 2013 8:56 am
by burt.muhlenbeim
Ok great. I see now that the Copyright was in memory but not in the ollydbg ultra string window. So now for the big question, can I generate a site key? My ckinfo doesn't process it. Also, I'm confused, is the site code in the memory dump obfuscated or not?

Code: Select all

v1.14>ckinfo /createkey site
CrypKey Copy Protection Information v1.14

Key Information...
+ Site Code            : FE13 69CC D696 043F FF
  Decrypt Failed - Trying v6.00 Decryption...

Error #16: Error occurred decrypting the Site Code - Encryption Keys Not Found