Brute forcing cd keys?

blink · April 19, 2018, 10:12pm

So Im looking for some direction in learning about brute forcing cd keys. I was installing an operating system and had the thought of trying such a thing. I was thinking along the lines of something like virtual hardware. Like a flash drive emulating a keyboard, then set the cd key size and let it roll, then save the last key it tried.

Maybe there are already tools out there?
I wasnt able to find much out there.

Networking and Sec are just my everyday hobbies. Starting to get into programming, so my skills are limited.

fxbg · April 19, 2018, 11:38pm

Brute forcing the keys might get you one, some day in the future. It might be easier to reverse engineer the algorithm used. For example, the Starcraft key algo was revealed here: http://takingsoftwareapart.blogspot.com/2008/01/starcraft-cd-key-algorithm-explained.html

//Algorithm found by TAKINGSOFTWAREAPART
//javascript code by Snoopyhack
var x = 3;
var c = 0;
var keyString = '';
while (c < 12) {
    var ran = Math.floor(Math.random() * 10);
    x += (2 * x) ^ ran;
    if ((c == 4) || (c == 9)) {
        keyString += '-';
    }
    keyString += ran;
    c++;
}
x = x % 10;
keyString += x;
document.write(keyString);

but if you wanna waste a few years for a few keys, brute force away

Wunkolo · April 20, 2018, 1:24am

I’d look into the math behind what the character-space of a key is and the key-space so you can get some insight on how possible or realistic a brute-force is.

If you have a 25-character key, and each character can be an uppercase letter.
That’s len("ABCDEFGHIJKLMNOPQRSTUVWXYZ")²⁵ = 236,773,830,007,967,588,876,795,164,938,469,376 possible keys you have to try.

If you have a 25-character key and characters with numbers 0-9 and uppercase letters:
That’s len("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")²⁵ = 808,281,277,464,764,060,643,139,600,456,536,293,376

If you have a 25-character key and characters with numbers 0-9 and uppercase letters and lowercase letters:
That’s len('0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')²⁵ = 645,345,427,773,512,447,880,377,451,634,304,602,899,218,432

It’s better to just reverse engineer and outwit the algorithm.

number28 · April 20, 2018, 11:33am

That is pretty damn interesting. Do you happen to know any other good resources that further explain RE’ing keys?

blink · April 20, 2018, 1:59pm

ah yes, thanks for kick starting my brain. Not sure what I was thinking. Also if Im not mistaken doesnt windows not let you enter certain characters?

and Thanks @fxbg for the resource!

ricksanchez · April 20, 2018, 2:18pm

Yes. Many CD or serial inputs expect only a-z0-9 and even not necessarily distinguish between upper and lower case (e.g.: lower case input is casted to upper case automatically). That obviously reduces the possible key space by quite a bit, but as @Wunkolo already pointed out the possible combinations for a valid key of length 25 is quite ‘big’

Edit: not sure about windows activation routine but just had the mentioned above experience with vmware: 5x4 characters from range A-Z0-9 with no distinction between upper or lower case

0x00pf · April 20, 2018, 2:54pm

Regarding your specific question about virtual hardware (which may not be the best solution as pointed out in the comments above), you may take a look to this old post:

system · May 19, 2018, 10:12pm

This topic was automatically closed after 30 days. New replies are no longer allowed.