The Bat! got keygened

[o_o]

Really impressive feat.
Anyone already tried to reverse the keygen?

[kubik]

Quote:

Originally Posted by o_o

Really impressive feat.
Anyone already tried to reverse the keygen?

Main problem is search of private key ECDSA. Coding keygen isn't too hard. Reversing of keygen will not help.

[berry]

It's great. But if can crack the password of rar file would be greater.

[MaRKuS-DJM]

seems EDCSA isn't secure anymore... anyone know about (public) holes? didn't read any news about it.

[tofu-sensei]

aren't fff famous for stealing private keys off webservers?

[nanobit]

well, D-Jester did a little research. see them here:
ECDSA Books
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces

[tofu-sensei]

Quote:

Originally Posted by nanobit

well, D-Jester did a little research. see them here:
ECDSA Books
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces

these are hardly relevant, though.

[NoFlexlm]

Quote:

Originally Posted by Syoma

I don't think that ECDSA is vulnerable. IMHO, it was attack on implementation.
p.s. Forget about hasp, man

That is true, so we still can do something to find the right way.

[OHPen]

I also agree with the a few other guys that the attack was started over a vulnerable implementation of the algorithm.
propably somebody who found a weakness in the algorithm would rather say nothing at all or he/she would wrote a very detailed document on it, because of the importance of that fact.

just my 2 cents.

regards,
PAPiLLiON

[arlequim]

I'm thinking ... SeVen will be able to keygen CRO 239 bits (120 chars ECC) Flexlm target licenses??? Atm LND and ZWT cant do that, or not?

see more here

Code:

http://www-curri.u-strasbg.fr/documentation/calcul/doc/ProPack/3SP1/docs/doc/lmsgi-9.2.3/flexprog/chap15.htm

[Asus]

LND can do almost FlexLM with some experience reversers Legends Never Die

[arlequim]

Quote:

Originally Posted by Asus

LND can do almost FlexLM with some experience reversers Legends Never Die

thanks for reply but i think that is not right, because LND cracks Pro/Engineer with license.dat + patch, and this is not really *pure* keygening

[merfy]

keygen by FFF works 100% with version 4.2.12.4
_http://narod.ru/disk/12146877000/The.Bat!.v4.2.9.1_KEYGEN-FFF.zip.html
_http://rapidshare.com/files/309364279/The.Bat_.v4.2.12.4_KEYGEN-FFF.zip

[dirkmill]

Quote:

Originally Posted by arlequim

I'm thinking ... SeVen will be able to keygen CRO 239 bits (120 chars ECC) Flexlm target licenses??? Atm LND and ZWT cant do that, or not?

If FFF/SeVen did indeed break ECDSA on sect163k1 they should (in theory) be able to generate licenses with LM_STRENGTH_163BIT considering the following from the flexlm headers

Code:

#define LM_PUBKEY_CURVE113BIT 	sect113r1
#define LM_PUBKEY_CURVE163BIT 	ec163a02  // (a.k.a  sect163k1)
#define LM_PUBKEY_CURVE239BIT 	ec239a03  // (a.k.a. sect239k1)

IMHO it is much more likely that Rarlabs made a poor choice of privkey/pubkey or have other implementation problems whereas
Macrovision/Acresso/Flexera bought their ECC/ECDSA-implementation from Certicom, a respected(?) company dealing exclusively in high security software products...

So to answer your question: I personally don't think we are going to see keygenned flexlm CRO/TRL SIGN2 licenses anytime soon ...

cheers,
dirkmill

[arlequim]

Hello Dirkmill, thanks for reply.
After this result we can compare SeVen with other great keygeners on the past like Dimedrol. But i think you right, probably the choice of WinRAR keys is really poor. Cracking of FlexLM CRO protected applications will be harder of course, maybe it is impossible today. But who knows, freaks of nature (like Se7en) are ready to attack. We will see, alto this is another history.
Bye!