crypkey

[wassim_]

Hello guys

Can someone tell me plz why a very cheap program like armadillo gets cracked and stripped all the time while the very expensive crypkey doesn't? Why is it that these talented crackers don't target the hardest and more sophisticated if they want to prove themselves in the scene?

[JMI]

Perhaps you should go over to the RCE Messageboard and do a search for discussion of crypkey, or crapkey as it was called. There is alot of material there.

Regards.

[Squidge]

Like JMI basically says, Crypkey does get hacked and stripped all the time. However, Armadillo is a far more challenging target than Crypkey.

Unpacking Crypkey "Stealth" targets is pretty much childs play, so although unpackers exist, there's not much use in distributing them.

As for the authorisation keys, these can be calculated quite easily with the right tools which are already out there in the wild (or just by hacking up the sitekey generator in the development kit)

[wassim_]

Guys, let's face it, crypkey is much harder than armadillo, everything on the net about it is old very old, (version 5.7 SDk by PGC) nothing for current versions ...

I guess the fact that they don't post free trials of their current versions is the reason...

[Squidge]

Please explain to me why you think Crypkey is much harder than Armadillo. I have experience in both protections and I believe Armadillo is certainly better, protection wise.

To unpack a Crypkey 6.0 app requires nothing more than simple debugger and 5 minutes of your time. Look for one jump and dump the app there. Not even the import table is messed around with.

Crypkey 7.0 is better, with an armadillo-like encrypt/decrypt on demand, but still takes no more than 30 minutes to unpack.

The authorisation keys for app's protection with Crypkey 6 and 7 are very difficult to break or copy. However, the demonstration version of the sitekey generator is very easy to break and allows you to generate these keys with ease. I'll estimate it didn't take me 45 minutes to change the demo sitekey generator into the full version.

Oh, and BTW, you can find current trial versions of there software if you know where to look...

Your turn

[wassim_]

squidge, the latest version is 6.0, there is no 7.0 yet, maybe you are talking about another software, and btw, I know where to look, and I already "fixed" the trial version on their website....

If it's so easy for you, give us a simple proof, unlock the current trial version...then we will talk.

[Squidge]

Ok, no problem.

However, because this board is pretty much open to anyone, I've protected my unpacked/unlocked version slightly by (1) making it expire on the 14th June and (2) making it self-terminate after 5 minutes use, (3) adding nag boxes.

I'll remove these files about 1 week from now, if they are not removed before by someone else.

<< Attachment removed >>

[wassim_]

I have nothing to say but this:

A job well done...

unfortunately, the skw is useless since you still need to solve the master/user password that Kenonic.inc should provide to "protect your software, yes friend, what You did proves your point...

Am I fair or what?

thank you for your time

[Squidge]

The passwords are easy to get, as every protected program I've seen either relies on Crypkey Stealth, or simply places the hex data for the master / user keys in the program as plaintext. There are many programs which will extra this data from the dumped files (for Stealthed applications) or from the program directly.

Eg.

G:\Hacking\Crypkey60> ckuserkey \CrypKey.60\SiteKey.Generator\skw.exe

User Key : DAA7 6B07 0237 5AF5 24
Decryption - Seed : 0x0C
Decryption - Stage 1 : 0C08 36F5 21B9 BEB9 BE
Decryption - Stage 2 : 0C09 0A09 0809 0909 09
Encrypted Password : 090A090809090909
Plaintext Password : OWOGOOOO
Password Number : 1621952091
Key Value - v1.00+ : 0x48
Key Value - v6.00+ : 0x9805

Putting this information into the skw ini file, you can easily generate the authorisation keys for the product.

[bunion]

Hehe nice one Squidge!!

paul333

Well, unless I've gone completely daft (which isn't impossible), the usual place where you could grab the current SDK of CrypKey has apparently caught on and only has the old version available for download. So... as a courtesy to all other reversers interested in exploring this delightful scam^h^hheme, I've upped the CrypKey SDK v6.0 and CrypKey Instant v6.0.311 to the ftp. If any of you have questions about how CrypKey works as far as authentication (I'm into cryptography, not unpacking), feel free to PM me.

Cheers!

PS: We should chat again some time Squidge. There's much research to be done yet!

Any good tutorials / targets to practice it on ???

[Squidge]

Practice what? Unpacking or Authentication? In any case, the SDK itself is good for both things.

Though i have read abt I havent worked with crypkey till now, So what do u suggest ??? I have downloaded the sdk's from Aarons ftp. what next ???

As you mentioned i would like to do both, unpacking and authentication.

[Squidge]

After downloading the SDK, the next step would be to get past the password protection

Next would be to get out Ollydbg/IDA and start unpacking. There's no tuts for this so your on your own, but it's pretty easy.