Deobfuscated site code??
3 posters
Page 1 of 2
Page 1 of 2 • 1, 2 
Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 3:20 am
Team,
I was able to find the User/Master key in a DLL file CK VERSION: 7.1 Build 7305 using CKINFO, however the site code is 32 characters, when it should be 18.
How do we Deobfuscated site code?
I found a few tools (Blowfish) online but they ask for a key???!!
Any Ideas?
Thank you.
I was able to find the User/Master key in a DLL file CK VERSION: 7.1 Build 7305 using CKINFO, however the site code is 32 characters, when it should be 18.
How do we Deobfuscated site code?
I found a few tools (Blowfish) online but they ask for a key???!!
Any Ideas?
Thank you.
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by BfoX Sat Jul 15, 2017 3:32 am
site code show to you by software. tell us the software name
BfoX- Posts : 1218
Points : 1662
Reputation : 307
Join date : 2012-04-18
Location : Earth
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 3:47 am
AR
Last edited by sinbadon on Sat Jul 15, 2017 4:53 pm; edited 1 time in total
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 3:49 am
I found the ngn file, would that help?
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 5:48 am
This is what i am getting for sitecode: 6C0B 57FA 2153 05A5 4F
Last edited by sinbadon on Sat Jul 15, 2017 5:21 pm; edited 1 time in total
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 11:27 am
Help please, I managed to find everything except KEY LEVEL??? when using ckinfo
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 12:13 pm
Thank you hasp
Here it is: http://www.mediafire.com/file/2cd0fub5drgplqu/crp32002.zip
Here it is: http://www.mediafire.com/file/2cd0fub5drgplqu/crp32002.zip
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by hasp Sat Jul 15, 2017 12:41 pm
dump the xxx.ngn file with petools this to upload.
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 12:45 pm
http://www.mediafire.com/file/uzq5ie89v65u09i/Dumped.zip
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by hasp Sat Jul 15, 2017 1:00 pm
- key:
sitecode 5C61 0749 605B E1C3 9D
userkey C4B96B56D79B2CF9A64892881F
masterkey A560EB66B81BBB3F9CB879C74B9967DBD149DF06BD09969B71D2E263C34816C8225BD4A1043740DC057B0E618AEC97F0624BF5A7AFC0946486C6A0A5F3E1517EB97E8A8A98C7D3D3F60C32ACA898772B9E0B5DD64A72EC2F4F270D83ED5844CCD6A9A92C348068E056D66B6397F8B988321BB3E78D8CFEB5CB14145DC4F30CBD
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 1:04 pm
Thanks hasb, thats what i have.
I tried the sitecode but ckinfo 1.14 did not accept it
I tried the sitecode but ckinfo 1.14 did not accept it
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 1:07 pm
CrypKey Copy Protection Information v1.14+ modified by raduga_fb
Key Information...
+ Site Code : 5C61 0749 605B E1C3 9D
Decrypt Failed - Trying v6.00 Decryption...
Error #16: Error occurred decrypting the Site Code - Encryption Keys Not Found
Key Information...
+ Site Code : 5C61 0749 605B E1C3 9D
Decrypt Failed - Trying v6.00 Decryption...
Error #16: Error occurred decrypting the Site Code - Encryption Keys Not Found
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by hasp Sat Jul 15, 2017 1:09 pm
- Code:
Parsing Code - 5C61 0749 605B E1C3 9D
Decrypting Code - 0002 47FB 0DB7 5463 1E [0x13:0x07]
Code Validation - OK
Formatting Code :
02 47 FB0D B754 631E
╚╣ ╚╣ ╠══╝ ╠══╝ ╠══╝
║ ║ ║ ║ ╚═══════════════ Code CRC - 0x631E
Allow Add Licence? - No ═══╣ ║ ║ ╠════════ User Key Hash (Seed) - 0x54B7
Allow Easy Licence? - Yes ═╝ ║ ║ ╚══════════ Drive Serial Number - 21687
CrypKey Libraries - v7.1 ═════╝ ╠═ Account Number - 507
╠═ Application Id - 3
╠═ Company Number - 7956507
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 1:13 pm
what version of ckinfo are u using?
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 1:23 pm
Thank you Hasp ,okso i got that far, how do u know "key level" and "Key options"
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by BfoX Sat Jul 15, 2017 1:29 pm
digging software only or demo site key
all sweet in the ngn-file. you need attach and try to search it
all sweet in the ngn-file. you need attach and try to search it
Last edited by BfoX on Sat Jul 15, 2017 2:05 pm; edited 2 times in total
BfoX- Posts : 1218
Points : 1662
Reputation : 307
Join date : 2012-04-18
Location : Earth
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 1:53 pm
I am still digging, could it be in a DLL file?
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sat Jul 15, 2017 5:10 pm
Thanks Bfox, what am I looking for. I have attached to Ollydbg and only could fine the 3 keys but cant seem to locate any level keys??
Am I looking for ASCII code?
I will apreciate any help or hints
Am I looking for ASCII code?
I will apreciate any help or hints
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by sinbadon Sun Jul 16, 2017 3:38 am
Well i tried and i cant find any functions calls that says: GetAuthorization, GetLevel, GetOption
I have examined EXE files and DLL and no luck.
And last the user manual from thewd :
"Levels and options allow different features of the product to be authorised
and can be used to distinguish between product versions or editions. There are
a number of ways to obtain the correct levels and options, but they may not
work will all protected applications."
I have examined EXE files and DLL and no luck.
And last the user manual from thewd :
"Levels and options allow different features of the product to be authorised
and can be used to distinguish between product versions or editions. There are
a number of ways to obtain the correct levels and options, but they may not
work will all protected applications."
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
Re: Deobfuscated site code??
by hasp Sun Jul 16, 2017 4:20 am
read carefully as Bfox said all sweet data in side the ngn file.
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by hasp Sun Jul 16, 2017 4:45 am
- olly:
CPU Disasm
Address Hex dump Command Comments
0040CCA2 /> /55 PUSH EBP
0040CCA3 |. |8BEC MOV EBP,ESP
0040CCA5 |. |83EC 10 SUB ESP,10
0040CCA8 |. |8D45 FC LEA EAX,[EBP-4]
0040CCAB |. |50 PUSH EAX
0040CCAC |. |8D45 F8 LEA EAX,[EBP-8]
0040CCAF |. |50 PUSH EAX
0040CCB0 |. |8D45 F0 LEA EAX,[EBP-10]
0040CCB3 |. |50 PUSH EAX
0040CCB4 |. |8D45 F4 LEA EAX,[EBP-0C]
0040CCB7 |. |50 PUSH EAX
0040CCB8 |. |E8 B3E7FFFF CALL 0040B470
0040CCBD |. |83C4 10 ADD ESP,10
0040CCC0 |. |85C0 TEST EAX,EAX
0040CCC2 |. |75 1E JNZ SHORT 0040CCE2
0040CCC4 |. |8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040CCC7 |. |48 DEC EAX ; Switch (cases 1..3, 4 exits)
0040CCC8 |. |74 15 JZ SHORT 0040CCDF
0040CCCA |. |48 DEC EAX
0040CCCB |. |74 0D JZ SHORT 0040CCDA
0040CCCD |. |48 DEC EAX
0040CCCE |. |74 05 JZ SHORT 0040CCD5
0040CCD0 |. |83C8 FF OR EAX,FFFFFFFF ; Default case of switch CRP32002.40CCC7
0040CCD3 |. |C9 LEAVE
0040CCD4 |. |C3 RETN
0040CCD5 |> |8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; Case 3 of switch CRP32002.40CCC7
0040CCD8 |. |C9 LEAVE
0040CCD9 |. |C3 RETN
0040CCDA |> |8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; Case 2 of switch CRP32002.40CCC7
0040CCDD |. |C9 LEAVE
0040CCDE |. |C3 RETN
0040CCDF |> |8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0C] ; Case 1 of switch CRP32002.40CCC7
0040CCE2 |> |C9 LEAVE
0040CCE3 \. |C3 RETN
0040CCE4 /> |68 48DB4600 PUSH OFFSET 0046DB48 ; /Arg1 = ASCII "GetOption"
0040CCE9 |. |E8 39E7FFFF CALL 0040B427 ; \CRP32002.0040B427
0040CCEE |. |85C0 TEST EAX,EAX
0040CCF0 |. |59 POP ECX
0040CCF1 |. |75 38 JNZ SHORT 0040CD2B
0040CCF3 |. |8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8]
0040CCF7 |. |3B4424 04 CMP EAX,DWORD PTR SS:[ESP+4]
0040CCFB |. |7F 2B JG SHORT 0040CD28
0040CCFD |. |85C0 TEST EAX,EAX
0040CCFF |. |7E 27 JLE SHORT 0040CD28
0040CD01 |. |64:8B15 2C000 MOV EDX,DWORD PTR FS:[2C]
0040CD08 |. |6A 20 PUSH 20
0040CD0A |. |59 POP ECX
0040CD0B |. |2BC8 SUB ECX,EAX
0040CD0D |. |33C0 XOR EAX,EAX
0040CD0F |. |40 INC EAX
0040CD10 |. |D3E0 SHL EAX,CL
0040CD12 |. |8B0D 2C744800 MOV ECX,DWORD PTR DS:[]
0040CD18 |. |8B0C8A MOV ECX,DWORD PTR DS:[ECX*4+EDX]
0040CD1B |. |2381 6C020000 AND EAX,DWORD PTR DS:[ECX+26C]
0040CD21 |. |F7D8 NEG EAX ; Converts EAX to boolean
0040CD23 |. |1BC0 SBB EAX,EAX
0040CD25 |. |F7D8 NEG EAX
0040CD27 |. |C3 RETN
0040CD28 |> |83C8 FF OR EAX,FFFFFFFF
0040CD2B \> |C3 RETN
0040CD2C /$ |68 54DB4600 PUSH OFFSET 0046DB54 ; /Arg1 = ASCII "GetLevel"
0040CD31 |. |E8 F1E6FFFF CALL 0040B427 ; \CRP32002.0040B427
0040CD36 |. |85C0 TEST EAX,EAX
0040CD38 |. |59 POP ECX
0040CD39 |. |75 28 JNZ SHORT 0040CD63
0040CD3B |. |8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
0040CD3F |. |83F9 1F CMP ECX,1F
0040CD42 |. |77 1D JA SHORT 0040CD61
0040CD44 |. |64:8B15 2C000 MOV EDX,DWORD PTR FS:[2C]
0040CD4B |. |A1 2C744800 MOV EAX,DWORD PTR DS:[]
0040CD50 |. |8B0482 MOV EAX,DWORD PTR DS:[EAX*4+EDX]
0040CD53 |. |8B80 6C020000 MOV EAX,DWORD PTR DS:[EAX+26C]
0040CD59 |. |83CA FF OR EDX,FFFFFFFF
0040CD5C |. |D3EA SHR EDX,CL
0040CD5E |. |23C2 AND EAX,EDX
0040CD60 |. |C3 RETN
0040CD61 |> |33C0 XOR EAX,EAX
0040CD63 \> |C3 RETN
0040CD64 /$ |55 PUSH EBP ; CRP32002.0040CD64(guessed Arg1)
0040CD65 |. |8DAC24 9CFEFF LEA EBP,[ESP-164]
0040CD6C |. |81EC E0010000 SUB ESP,1E0
0040CD72 |. |A1 E4214800 MOV EAX,DWORD PTR DS:[4821E4]
0040CD77 |. |33C5 XOR EAX,EBP
0040CD79 |. |8985 60010000 MOV DWORD PTR SS:[EBP+160],EAX
0040CD7F |. |53 PUSH EBX
0040CD80 |. |8B9D 6C010000 MOV EBX,DWORD PTR SS:[EBP+16C]
0040CD86 |. |68 60DB4600 PUSH OFFSET 0046DB60 ; /Arg1 = ASCII "KillLicense"
0040CD8B |. |E8 97E6FFFF CALL 0040B427 ; \CRP32002.0040B427
0040CD90 |. |85C0 TEST EAX,EAX
0040CD92 |. |59 POP ECX
0040CD93 |. |75 1D JNZ SHORT 0040CDB2
0040CD95 |. |A1 2C744800 MOV EAX,DWORD PTR DS:[]
0040CD9A |. |64:8B0D 2C000 MOV ECX,DWORD PTR FS:[2C]
0040CDA1 |. |56 PUSH ESI
0040CDA2 |. |8B3481 MOV ESI,DWORD PTR DS:[EAX*4+ECX]
0040CDA5 |. |83BE 60100000 CMP DWORD PTR DS:[ESI+1060],0
0040CDAC |. |74 1A JE SHORT 0040CDC8
0040CDAE |. |6A FE PUSH -2
0040CDB0 |. |58 POP EAX
0040CDB1 |> |5E POP ESI
0040CDB2 |> |8B8D 60010000 MOV ECX,DWORD PTR SS:[EBP+160]
0040CDB8 |. |33CD XOR ECX,EBP
0040CDBA |. |5B POP EBX
0040CDBB |. |E8 0A020400 CALL 0044CFCA
0040CDC0 |. |81C5 64010000 ADD EBP,164
0040CDC6 |. |C9 LEAVE
0040CDC7 |. |C3 RETN
0040CDC8 |> |57 PUSH EDI
0040CDC9 |. |E8 C099FFFF CALL 0040678E
0040CDCE |. |8D45 5C LEA EAX,[EBP+5C]
0040CDD1 |. |50 PUSH EAX ; /Arg3
0040CDD2 |. |BF 34CD4600 MOV EDI,OFFSET 0046CD34 ; |ASCII "key"
0040CDD7 |. |57 PUSH EDI ; |Arg2 => ASCII "key"
0040CDD8 |. |FFB6 5C100000 PUSH DWORD PTR DS:[ESI+105C] ; |Arg1
0040CDDE |. |E8 5275FFFF CALL 00404335 ; \CRP32002.00404335
0040CDE3 |. |8D45 5C LEA EAX,[EBP+5C]
0040CDE6 |. |6A 06 PUSH 6 ; /Arg2 = 6
0040CDE8 |. |50 PUSH EAX ; |Arg1
0040CDE9 |. |E8 AA270400 CALL 0044F598 ; \CRP32002.0044F598
0040CDEE |. |83C4 14 ADD ESP,14
0040CDF1 |. |85C0 TEST EAX,EAX
hasp- Posts : 454
Points : 634
Reputation : 172
Join date : 2011-12-16
Re: Deobfuscated site code??
by sinbadon Sun Jul 16, 2017 11:10 am
Wow, Thanks. I am not sure how i missed that.
sinbadon- Posts : 40
Points : 53
Reputation : 2
Join date : 2013-10-29
BfoX- Posts : 1218
Points : 1662
Reputation : 307
Join date : 2012-04-18
Location : Earth
Page 1 of 2 • 1, 2
Similar topics» Help Please on Vendor & Customer Code
» Clarification on this Code
» Code 10 with HASP HL dongle
» Invitation-Code...exetools
» Matrix User code
» Clarification on this Code
» Code 10 with HASP HL dongle
» Invitation-Code...exetools
» Matrix User code
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum