Brute forcing cd keys?

hacking

(blink) #1

So Im looking for some direction in learning about brute forcing cd keys. I was installing an operating system and had the thought of trying such a thing. I was thinking along the lines of something like virtual hardware. Like a flash drive emulating a keyboard, then set the cd key size and let it roll, then save the last key it tried.

Maybe there are already tools out there?
I wasnt able to find much out there.

Networking and Sec are just my everyday hobbies. Starting to get into programming, so my skills are limited.


(fxbg) #2

Brute forcing the keys might get you one, some day in the future. It might be easier to reverse engineer the algorithm used. For example, the Starcraft key algo was revealed here: http://takingsoftwareapart.blogspot.com/2008/01/starcraft-cd-key-algorithm-explained.html

//Algorithm found by TAKINGSOFTWAREAPART
//javascript code by Snoopyhack
var x = 3;
var c = 0;
var keyString = '';
while (c < 12) {
    var ran = Math.floor(Math.random() * 10);
    x += (2 * x) ^ ran;
    if ((c == 4) || (c == 9)) {
        keyString += '-';
    }
    keyString += ran;
    c++;
}
x = x % 10;
keyString += x;
document.write(keyString);

but if you wanna waste a few years for a few keys, brute force away :stuck_out_tongue:


#3

I’d look into the math behind what the character-space of a key is and the key-space so you can get some insight on how possible or realistic a brute-force is.

If you have a 25-character key, and each character can be an uppercase letter.
That’s len("ABCDEFGHIJKLMNOPQRSTUVWXYZ")25 = 236,773,830,007,967,588,876,795,164,938,469,376 possible keys you have to try.

If you have a 25-character key and characters with numbers 0-9 and uppercase letters:
That’s len("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")25 = 808,281,277,464,764,060,643,139,600,456,536,293,376

If you have a 25-character key and characters with numbers 0-9 and uppercase letters and lowercase letters:
That’s len('0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')25 = 645,345,427,773,512,447,880,377,451,634,304,602,899,218,432

It’s better to just reverse engineer and outwit the algorithm.


#4

That is pretty damn interesting. Do you happen to know any other good resources that further explain RE’ing keys?


(blink) #5

ah yes, thanks for kick starting my brain. Not sure what I was thinking. Also if Im not mistaken doesnt windows not let you enter certain characters?

and Thanks @fxbg for the resource!


#6

Yes. Many CD or serial inputs expect only a-z0-9 and even not necessarily distinguish between upper and lower case (e.g.: lower case input is casted to upper case automatically). That obviously reduces the possible key space by quite a bit, but as @Wunkolo already pointed out the possible combinations for a valid key of length 25 is quite ‘big’ :wink:

Edit: not sure about windows activation routine but just had the mentioned above experience with vmware: 5x4 characters from range A-Z0-9 with no distinction between upper or lower case


(pico) #7

Regarding your specific question about virtual hardware (which may not be the best solution as pointed out in the comments above), you may take a look to this old post:


(system) #8

This topic was automatically closed after 30 days. New replies are no longer allowed.