Exetools - Help with generating serial

Page 2 of 2

Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - Help with generating serial (https://forum.exetools.com/showthread.php?t=20016)

TempoMat

12-24-2021 06:03

I did some tests on step 2 with different values for the VolumInfoA
2. AK2 = the Hex2SignedDec(VolumeInfoA("C:\")) from Res2
and found out that if the value of the VolumeSerialNumber is positive i.e. below 0x80000000 then the converted value has a space(0x20) instead of "+" before it.

Final thing to note is that the RegCode should always be generated on the target computer. Then the 3 checks the program does are all related to the result from Step2

First it gets the Hex2SignedDec(VoluemInfoA("C:\")=>VolumeSerialNum then decrypts the RegCode and the ActivKey and final does the following comparisons:

Is VolumeSerialNum=Res2 from decrypted RegCode?
Is VolumeSerialNum=AK2 from the decrypted ActivKey?
Is Res2=AK2?

foil	12-24-2021 06:39

Quote:

Originally Posted by raduga_fb (Post 124279)

:) You need to eat much more bread.

Who said that pass_1 & pass_2 should be name & email? They are already mentioned above.

string pass_1 = "?????" <- 5 digits = Li***

string pass_2 = "??????" <- 6 digits = To****

Hi @raduga_fb
Ahhh, okay, that worked! I do need much more knowledge with encryption and decryption. I am reading lots of material about the subjects, and am rewriting your code by hand on paper to try to understand the flow a little better :)

I did receive an error on a second test machine about the Registration Code not being a valid Base64 string, but I'll cross that bridge later.

Thank you again for all of your help, I haven't ever put much effort into reversing keys! :)

Quote:

Originally Posted by TempoMat (Post 124281)

I appreciate all of your help as well, @TempoMat ! :)
I am studying over everything that everyone has told me and am not going to give up on it! Thank you so much

T-rad

12-25-2021 15:47

Actually the RegCode is useless for generating a working key. also check 3 is redundant. is only checking if the VolumeSerialNum from RES2 is the same VolumeSerialNum from AK2. If check 1 & 2 pass, 3 has no choice but to pass

TempoMat

12-26-2021 21:30

Quote:

Originally Posted by T-rad (Post 124294)

... also check 3 is redundant. is only checking if the VolumeSerialNum from RES2 is the same VolumeSerialNum from AK2. If check 1 & 2 pass, 3 has no choice but to pass

I agree with you. Maybe the programmer/vendor is paranoid.

Quote:

Originally Posted by T-rad (Post 124294)

Actually the RegCode is useless for generating a working key....

Not for the programmer/vendor, then he will need the RegCode in order to extract from it the RandomBytes and the VolumeSerialNum to generate the corresponding correct key for the registrant.

A Keygen can for instance have the option for the user to enter a Regcode (Registation code) from a different machine and generate the corresponding ActivKey (Activation Key).
Also just for a gemmick, it could include options to decode the RegCode and ActiveKey to compare the RandomBytes and the VolumeSerialNum.

T-rad

12-27-2021 04:36

Quote:

Not for the programmer/vendor, then he will need the RegCode in order to extract from it the RandomBytes and the VolumeSerialNum to generate the corresponding correct key for the registrant.

not exactly, the vendor just requires the VolumeSerialNumber, the rest is just for show.
Any random bytes will work so they do not need to be extracted as the program decrypts the decoded bytes using the first 16 bytes as the key.

Code:

var_2C = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0)

= RC4(data, key)

for example... using 0123456789ABCDEFFEDCBA9876543210 as the random bytes / key and using *-91511383# from the first post, this key should work for that computer

ts3Huirg1Olt00VIn78ZgsVes7y8VZqw1Q==

TempoMat

12-27-2021 21:11

Quote:

Originally Posted by T-rad (Post 124322)

for example... using 0123456789ABCDEFFEDCBA9876543210 as the random bytes / key and using *-91511383# from the first post, this key should work for that computer

ts3Huirg1Olt00VIn78ZgsVes7y8VZqw1Q==

Your key in itself is correct but it will only be accepted if the same random bytes are used for the generation of the RegCode as well.
Meaning that the key is valid if and only if the Regcode is replaced with a newly generated one with your sample random bytes.

The VolumeSerialNum is for sure the only part that is always the same on a target machine but every newly generated RegCode will have a different random bytes which are used in the ActivKey generation as well.

Therefore using different random bytes as in your key with the initial RegCode from post #1 will fail.

As a prove, deleting the string value for RegCode in the registry location: example

Code:

[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\NDataScan\Activation]

"Name"="TemPoMat"

"Email"="TemPoMat"

"RegCode"="GIv/lhuqYNCUTPZfPgYG3rM5EtzvsurmsyLeOB0"

"ActivKey"="mP1y4G/RxxQvtIPpV8ZAI/yGoab2NnDSgZWT"

will result in a new RegCode been generated with the same VolumeSerialNum but different random bytes upon re-registration.

I assume this is one of the reasons it is doing the 3 checks.

T-rad

12-27-2021 23:22

It will work regardless. I've tried it, using my own volume serial of course.

There is does no check against the random bytes.

Code:

var_8020 = GetVolumeInformation("C:\", String$(256, False), 255, global_005C507C, global_005C5084, global_005C5080, String$(256, False), 255)

global_005C507C = VolumeSerial#

Code:

var_2C = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0)

var_2C = decoded VolumeSerial# from our input

Code:

var_8050 = Proc_23_0_565AB7(Proc_24_1_56681B(GetSetting("NDataScan", "Activation", "RegCode", 10), var_CC, 80020004h), "Lilys", var_C4)

var_3C = var_8050

var_34 = Proc_23_0_565AB7(Mid(var_3C, 17, Len(var_3C)), Mid(var_3C, 1, 16), 0)

var_34 = Left(var_34, Len(var_34)(-1))

var_34 = Right(var_34, Len(var_34)(-1))

var_34 = decoded VolumeSerial# from registry, less the left and right chars

Code:

If CBool((var_2C = var_34) And (var_2C = Str(global_005C507C)) And (var_34 = Str(global_005C507C))) Then

var_40 = "NDSI has been sucessfully activated. Please restart NDSI."

check 1. -> var_2C = var_34
compare the decoded VolumeSerial# from our input with the decoded VolumeSerial# from registry, less the left and right chars.

check 2 -> var_2C = Str(global_005C507C)
compare the decoded VolumeSerial# from our input with the GetVolumeInformation VolumeSerial#

check 3 -> var_34 = Str(global_005C507C)
decoded VolumeSerial# from registry, less the left and right chars with the GetVolumeInformation VolumeSerial#

as i said before, check 3 is redundant. It will always pass as the program generated it .

TempoMat

12-29-2021 20:37

Quote:

Originally Posted by T-rad (Post 124329)

It will work regardless. I've tried it, using my own volume serial of course.

There is does no check against the random bytes.

Correct.
That is because the random bytes used to encrypt the VolumeSerialNum in the 1.encryption are in themselves included in each case in the 2.encryption leading to the final RegCode and the ActivKey respectively.

Therefore an ActivKey generated with the same VolumeSerialNum of a target machine will work regardless of the RegCode.

Quote:

Originally Posted by T-rad (Post 124329)

as i said before, check 3 is redundant. It will always pass as the program generated it .

This is a valid point.

All times are GMT +8. The time now is 02:38.

Page 2 of 2

Show 40 post(s) from this thread on one page