Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Crypkey - Beating my head against the wall

First timers and new learners, this forum is for you. Please use the search function to see if your question has already been answered.
Locked
PSGAMA
Junior Member
Posts: 4
Joined: Wed May 14, 2014 11:50 am

Crypkey - Beating my head against the wall

Post by PSGAMA »

Hi Guys, So I'm trying to learn the ins and the outs of Crypkey protection in an application. I've read most of the previous posts on the subject.

I've used ckinfo successfully in a previous version of the same application and generated the key options required just by pure chance, as they Key level was 1 and the options were just 1 through 5.
Now in the newer version of the application, using ckinfo 1.14 to generate the keys just gives me an error -2 when I enter the site keys I create using the same key levels and options.

A little background on me.
I'm operating ollydbg 1.0 with plugins at a beginners level. Have patched a few apps. I have also managed to dump and emulate a couple superpro dongles with other applications as well as modify a variable on the key dump to allow more options in the application.

So, I know in order to find my key levels and key options, I should be attaching olly to my target.exe and/or the crp32002.ngn file when its running. But olly doesn't seem to be attaching correctly to the target.exe
I can attach it to the NGN file, and using ultrastring reference plugin I find some spots in the NGN code where getlevel and getoptions are referenced. Breakpoints on these items are never called

Note, If I don't push Play in olly right away after attaching to crp32002.ngn, when I bring my licence page up after resuming, the trial license seems to be killed and displays as no license until I restart the application. So there must be some kind of timer involved between the crp32002.ngn and crypserv.exe to detect debuggers.

Now, I haven't any experience in creating sig files in IDA and can't seem to find one online for crypkey 7.0+ to use against my target.exe in ollydbg. Is there a link to the SDK that is not dead?

Any tips or advice on how to continue would be appreciated.
Please see attached.
Link to target DLL can be made available upon request.
I believe its being protected by crypkey 7.7.0.1

Thanks from a noob to the RE scene.
Psgama
Attachments
target.rar
(224.64 KiB) Downloaded 194 times
PSGAMA
Junior Member
Posts: 4
Joined: Wed May 14, 2014 11:50 am

Post by PSGAMA »

Also, I can't seem to find where the trial sitekey is stored. Should this be in my NGN dump? If so I should be able to parse it into ckinfo and get the key level information that way?
Locked