crypkey
 

Hello guys

Can someone tell me plz why a very cheap program like armadillo gets cracked and stripped all the time while the very expensive crypkey doesn't? Why is it that these talented crackers don't target the hardest and more sophisticated if they want to prove themselves in the scene?

Perhaps you should go over to the RCE Messageboard and do a search for discussion of crypkey, or crapkey as it was called. There is alot of material there.

Regards.

Like JMI basically says, Crypkey does get hacked and stripped all the time. However, Armadillo is a far more challenging target than Crypkey.

Unpacking Crypkey "Stealth" targets is pretty much childs play, so although unpackers exist, there's not much use in distributing them.

As for the authorisation keys, these can be calculated quite easily with the right tools which are already out there in the wild (or just by hacking up the sitekey generator in the development kit)

Nope
 

Guys, let's face it, crypkey is much harder than armadillo, everything on the net about it is old very old, (version 5.7 SDk by PGC) nothing for current versions ...

I guess the fact that they don't post free trials of their current versions is the reason...

Please explain to me why you think Crypkey is much harder than Armadillo. I have experience in both protections and I believe Armadillo is certainly better, protection wise.

To unpack a Crypkey 6.0 app requires nothing more than simple debugger and 5 minutes of your time. Look for one jump and dump the app there. Not even the import table is messed around with.

Crypkey 7.0 is better, with an armadillo-like encrypt/decrypt on demand, but still takes no more than 30 minutes to unpack.

The authorisation keys for app's protection with Crypkey 6 and 7 are very difficult to break or copy. However, the demonstration version of the sitekey generator is very easy to break and allows you to generate these keys with ease. I'll estimate it didn't take me 45 minutes to change the demo sitekey generator into the full version.

Oh, and BTW, you can find current trial versions of there software if you know where to look...

Your turn :)

squidge, the latest version is 6.0, there is no 7.0 yet, maybe you are talking about another software, and btw, I know where to look, and I already "fixed" the trial version on their website....

If it's so easy for you, give us a simple proof, unlock the current trial version...then we will talk.

Ok, no problem.

However, because this board is pretty much open to anyone, I've protected my unpacked/unlocked version slightly by (1) making it expire on the 14th June and (2) making it self-terminate after 5 minutes use, (3) adding nag boxes.

I'll remove these files about 1 week from now, if they are not removed before by someone else.

<< Attachment removed >>

I have nothing to say but this:

A job well done...

unfortunately, the skw is useless since you still need to solve the master/user password that Kenonic.inc should provide to "protect your software, yes friend, what You did proves your point...

Am I fair or what? :)

thank you for your time

The passwords are easy to get, as every protected program I've seen either relies on Crypkey Stealth, or simply places the hex data for the master / user keys in the program as plaintext. There are many programs which will extra this data from the dumped files (for Stealthed applications) or from the program directly.

Eg.

G:\Hacking\Crypkey60> ckuserkey \CrypKey.60\SiteKey.Generator\skw.exe

User Key : DAA7 6B07 0237 5AF5 24
Decryption - Seed : 0x0C
Decryption - Stage 1 : 0C08 36F5 21B9 BEB9 BE
Decryption - Stage 2 : 0C09 0A09 0809 0909 09
Encrypted Password : 090A090809090909
Plaintext Password : OWOGOOOO
Password Number : 1621952091
Key Value - v1.00+ : 0x48
Key Value - v6.00+ : 0x9805

Putting this information into the skw ini file, you can easily generate the authorisation keys for the product.

Hehe nice one Squidge!!

paul333

Well, unless I've gone completely daft (which isn't impossible), the usual place where you could grab the current SDK of CrypKey has apparently caught on and only has the old version available for download. So... as a courtesy to all other reversers interested in exploring this delightful scam^h^hheme, I've upped the CrypKey SDK v6.0 and CrypKey Instant v6.0.311 to the ftp. If any of you have questions about how CrypKey works as far as authentication (I'm into cryptography, not unpacking), feel free to PM me.

Cheers!

PS: We should chat again some time Squidge. There's much research to be done yet! ;)

Any good tutorials / targets to practice it on ???

Practice what? Unpacking or Authentication? In any case, the SDK itself is good for both things.

Though i have read abt I havent worked with crypkey till now, So what do u suggest ??? I have downloaded the sdk's from Aarons ftp. what next ???

As you mentioned i would like to do both, unpacking and authentication.

After downloading the SDK, the next step would be to get past the password protection :)

Next would be to get out Ollydbg/IDA and start unpacking. There's no tuts for this so your on your own, but it's pretty easy.

Done, finished with the passwd thing. Did a small brute force.

Cool. The way I got past the password protection was to use Winrar on the file which seemed to completely ignore the password and extract all the files anyway. Don't know if this still works however.

What do i do next ???

BTW that method of using winrar doesnt work with the newer versions of Instalsheild.

any tuts here

Install the SDK and start unpacking using your favourite debugger and disassembler. I used Ollydbg / IDA, but you may have your own favourites.

Hi

Just lately putting more post's here than RCE for obvious reason!

The last version of this had a password, I don't suppose I should post it here but to give you a clue it has 8 characters and means something like "don't make any copies of this":cool:

/hobferret

Like Squidge Suggested earlier, use winrar toextract. This new version can be extracted using winzip v8.1:)

How?
 

Soft_ice, how did u do that in winzip 8.1? is there any tutorial about that?

just right click!

.
 

Hey squidge, do u always take others for fools or is it just a symptom affecting you these days?

If anyone can help me extracting files from installshield (not those of crypkey) manually, if there is any tutorial about it, I'll be thankfull.

I know about thewd tool... it doesn't work

Ahemmm, is your brain functioning correctly or has it malfunctioned again?

Right click on the installshield exe like myself and Soft_Ice have already said, or do you need that explained to you in simpler terms?!

I tried that using winrar 3.2 and winzip 9 beta and it doesn't work, or am I talking chinese here? it doesn't work. have u really tried it yourself? I don't think so...

As for my brain, well replying to someone as stupid as u doesn't really need a brain it just need a bad tongue like yours which is not very hard to find...

I tried it with Winrar which worked fine, but as your too stupid to be able to read this entire thread before flaming me, your not going to realise that...

From this thread, it also looks like it worked for Soft_Ice...

I said before and I'm saying it again, I'm not referring to the crypkey installer u mentioned (though it wont work with that too, at least the one in exetools ftp, yes I know that the passwords are already there too), it seems that you're too stupid to see that...
here, see for urself:



What I'm asking for is a tutorial/tool to bypass installshield passwords, that's all...

Depending on the version of installshield, Winrar/Winzip will/won't work. Also, Thewd's password cracker sometimes works, sometimes doesn't. Other times it's a simple matter of finding the correct crc (as most Installshield versions generate the crc of your password and if it matches, they continue. The crc is embedded into the file, so easy to get after 10-15 minutes.

Anyway, I'm not playing flame wars anymore (bored now), so unsubscribing from this thread.

Thank you for an informative reply.

InstallShield
 

Send me this InstallShield file and I'll resend it unpacked within 1-2 days. If I find more time I'll attach small tutorial how to do it...

Greetings.

Decompiling
 

Here's the file we're talking about - decompiled. Hope that helped.

(I understand You're interested in mirrorcheck.dll?)

Thx a lot
 

Thank u very much, it's the first real help I get in this forum...

I appreciate what u did, and i wish to help u back one day :)

Well... I'm VERY pleased when I can help and someone (like You) appreciate it... Hope to hear soon from You...

By the way...The delay is the result of my lack of time - besides assembler and c++ I'm also doing gfx (Adobe Photoshop and 3D Studio v4 mainly) and more seriously making music.... Uff... not to say I'm learning very hard on the last Year... :(

See You...

Hi,

Shit, i missed out all the fun on the board, while i was busy with my exams. :((. well ne ways here are my tips on it.

If you happen to use AVP on the exe files, it almost tell you that its a password protected zipped executable (example Protel DXP)??? now how does the antivirus knows it was an zip file ??? Refer wxw.wotsit.org. Read up. That will slove most of ur problem.

hi, dynio
how to find the warez masterkey&useerkey? which protected by crypkey!

Long: I would like to help You, but I'm affraid I don't understand what You mean. Please be more precious. (Maybe I forgot something... I'm working simulatenously with few systems :()

Regards.