Upload
octavian-nicolae-maerean
View
475
Download
60
Embed Size (px)
Citation preview
8/12/2019 MSKey4in1 Read Me
1/3
MSKey Readme
Abstract
Microsoft Windows Server 2003 VLK requires a VLK key to install. Commonly for ille!al users
t"is key is a leaked key and t"ousands of #iracy users use t"e same key to install t"eir Windows.
$"e #ro%lem is t"at t"e #iracy users can use t"e #roduct now %ut not forever %ecause Microsoft
would #ro%a%ly include t"e leaked key list in t"e furt"er service #acks &e.!. Microsoft #ro"i%ited
several Windows '( VLK keys in service #ack )*. So it is necessary to install Windows wit"different keys for different ille!al users.
+y tracin! Windows #roduct key verification #ro!ram , successfully e-tracted t"e al!orit"m MS
uses &some (u%lic Key ,nfrastructure* and %roke t"e #rivate key uses to !enerate #roduct keys.
Validation Process
1. Decode
$"e followin! com#utations are %ased on t"is #roduct key
JCF8T-2MG8G-Q6BBK-MQKGT-X3GBB
$"e c"aracter / / does not contain any information so t"e MS #roduct key is com#osed of 21
di!it c"aracter. Microsoft only uses /+C 456KM(78$VW'923:;? to encode #roduct
key in order to avoid am%i!uous c"aracters &e.!. /,? and /)? /0? and /@?*. $"e quantity of
information t"at a #roduct key contain is at most bits)):2:lo! 212 . $o convert a 21 di!it key
to %inary data we need toa. convert / JCF8T2MG8GQ6BBKMQKGTX3GBB to /; ) 3 22 ....../ w"ere A+B 0 ACB )
A B 2 D we call t"e array /; ) 3 22D? base24[]
%. com#ute decoded =
2:
0
2: EF2:2:i
i ibase t"e result is 00 C5 31 !8 "D B! 3 2C
55 " 35 BD 8D 01 00 &little endian*
c. $"e decoded result can %e divided into )2%it G 3)%it G ;2%it G >%it and we call t"eses : #arts
)2%it OS Family 3)%it Hash ;2%it Signature and >%it Prefix .
8/12/2019 MSKey4in1 Read Me
2/3
2. #e$%&y
,f you want to understand w"at , am talkin! a%out in t"is section #lease refer to some Hlli#tic
Curve Cry#to!ra#"y materials.
+efore verifyin! a #roduct key we need to com#ute t"e : #arts mentioned a%ove OS Family
Hash Signature and Prefix .
Microsoft (roduct key ,dentification #ro!ram uses a #u%lic key stored in (, 4HI. LLBs +,IK
resource w"ic" is an Hlli#tic Curve Cry#to!ra#"y #u%lic key w"ic" is com#osed of
p a b construct an elli#tic curve *&mod32 pbax x y ++=
G x!y" re#resents a #oint on t"e curve and t"is #oint is so called /!enerator?
# x!y" re#resents a #oint on t"e curve and t"is #oint is t"e #roduct of inte!er $ and t"e !eneratorG.
Wit"out knowin! t"e #rivate key $ we cannot #roduce a valid key %ut we can validate a key usin!
#u%lic key J p a b G #
). com#ute H S5 )&1 OS Family!Hash prefix 00 00* t"e total len!t" is )) %yte. 5 is );0 %it
lon! and we only need t"e first 2 words. 8i!"t lift 5Bs second word %y 2 %its. H.!. if S5 )&*
returns H C + >= = ) >1 0C 0:.
2. com#ute % rx!ry" Signature &Signature G G H # * &mod #*
3. com#ute S5 )& OS Family rx ry* t"e total in#ut len!t" )G2G;: 2 )3) %ytes. nd
com#are Hash and result and if identical t"e key is valid.
Producing A Valid Key!
We assume t"e #rivate key $ is known &sure Microsoft wonBt #u%lic t"is value so we "ave to
%reak it %y ourselves*.
$"e equation in t"e #roduct key validation system is as %elow
Hash S5 & Signature &Signature GGS5 & Hash * # * &mod p**
W"at we need is to calculate a Signature w"ic" satisfies t"e a%ove equation.
). 8andomly c"oose an inte!er r and com#ute % rx!ry" r G
2. Com#ute Hash S5 )& OS Family rx ry* t"e total in#ut len!t" )G2G;: 2 )3) %ytes
and we !et t"e first ;2%it result.
3. com#ute H S5 )&1 OS Family!Hash prefix 00 00* t"e total len!t" is )) %yte and we
8/12/2019 MSKey4in1 Read Me
3/3
need first 2 words and ri!"t lift 5Bs second word %y 2 %its.
nd now we !et an equation as %elow
Signature &Signature GG H # * r G &mod p*
+y re#lacin! # wit" $ G we !et t"e ne-t equation
Signature &Signature GG H $&G* r G &mod p*
*&mod02 nr Signature$ H Signature =+ w"ere n is t"e order of #oint G on t"e curve
*&mod2
:*& 2n
r $ H $ H Signature
+=
Iote not every num%er "as a square root so may%e we need to !o %ack to ste# ) for several
times.
Get Private-key From Public Key
,Bve mentioned t"at t"e #rivate key $ is not included in t"e +,IK resource so we need to %reak it
out %y ourselves.
,n t"e #u%lic key
# x!y" $ G we only know t"e !enerator G and t"e #roduct # %ut it is "ard to !et $ .
$"e effective met"od of !ettin! $ from # x!y" $ G is (ollardBs 8"o &or its variation* met"od
w"ose com#le-ity is merely *& nO w"ere n is t"e order of G. &n is not included in #u%lic key
resource so we need to !et n %y Sc"oofBs al!orit"m*
+ecause a user cannot suffer a too lon! #roduct key t"e Signature must %e s"ort enou!" to %e
convenient. nd Microsoft c"ooses ;2 %it as t"e len!t" of signature "ence n is merely ;2 %it
lon!. $"erefore t"e com#le-ity of com#utin! t"e #rivate key $ is @&2N3)*.