2

I have a bunch of serial numbers and their corresponding activation keys for some old software. Since installing them originally I have lost a number of the activation keys (but still have the serial number). I still have a data set of about 20 keys and even eyeballing it I can tell there is a method to the madness in determining the the activation keys. Given my large data set is there a way I can backsolve to figure out the activation keys for the information I lost.

example of serial #: 14051 Activation Key: E9E9F-9993432-45543

tomlogic
  • 11,489
  • 3
  • 33
  • 59
user1601597
  • 21
  • 1
  • 2

2 Answers2

1

What you're trying to do is come up with a function that maps serial numbers to activation keys. Without knowing more about the nature of the function, this could be anywhere from very easy (a polynomial with only a few terms) to very hard (a multi-tiered function involving lots of block XORs, substitution tables, complicated key schedules, ...).

If you have access to the key verifier routine (e.g. by disassembly - which is almost always against the EULAs of commercial software), then you have a routine that returns whether or not a given activation key is correct for a given serial number. If this was done by computing an activation key for a serial number, then you are practically done. If this was done by computing the inverse function on the key, then your task is a little harder: you need to invert that function to retrieve the key derivation algorithm, which may not be so easy. If you end up having to solve some hard mathematical problems (e.g. the discrete logarithm problem) because the scheme depends on public-key cryptography, then you're hoping that the values you're dealing with are small enough that you can brute-force or use a known algorithm (e.g. Pollard's rho algorithm) in computationally feasible time.

In any case, you'll need to get comfortable with disassembly and debugging, and hope that there are no anti-debugger measures in place.

Otherwise, the problem is much harder - you'd need to make some educated guesses and try them (e.g. by trying to do a polynomial fit), and hope for the best. Because of the very large variety of different possible functions that can fit any set of inputs and outputs (mathematically uncountable, though in practice limited by source code size), trying to do a known-plaintext attack on the algorithm itself is generally infeasible.

atomicinf
  • 3,596
  • 19
  • 17
0

It depends on how dumb the scheme was in the first place, but my guess would be that it's not likely. There's no fixed methodology, but the general domain is the same as codebreaking.

ddyer
  • 1,792
  • 19
  • 26
  • Its pretty dumb. For example all the keys have 999 as the first 3 digits of the second section of the activation key. Also theactivation keys have the same first 5 numbers/letters as the last 5 of the previous activation key. Finally in the second group in the key the letters/numbers have to be a combination of abcdef689 – user1601597 Aug 15 '12 at 20:33
  • In the example you gave the second group has 2, 3 and 4 in it, not just [abcdef689]. – Jesus is Lord Aug 15 '12 at 20:34
  • Sorry i didnt want to put out an actual code to avoid legal concerns if you want the actual set of data I can set it to you – user1601597 Aug 15 '12 at 20:43