arminomoradio/umskt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor, improved readability

Browse Source
This commit is contained in:
Andrew
2023-06-01 16:09:22 +03:00
parent 3999ed0996
commit f5423a8eb0
12 changed files with 548 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
xp_algorithm.cpp
View File

@@ -15,265 +15,234 @@
*/
#include "shared.h"
#include "bink.h"
#include "header.h"
#define FIELD_BITS 384
#define FIELD_BYTES 48
/* Unpacks the Windows XP Product Key. */
void unpackXP(ul32 *serial, ul32 *hash, ul32 *sig, ul32 *raw) {
// We're assuming that the quantity of information within the product key is at most 114 bits.
// log2(24^25) = 114.
static void unpack(uint32_t *pid, uint32_t *hash, uint32_t *sig, uint32_t *raw)
{
// pid = Bit 0..30
pid[0] = raw[0] & 0x7fffffff;
// hash(s) = Bit 31..58
hash[0] = ((raw[0] >> 31) | (raw[1] << 1)) & 0xfffffff;
// sig(e) = bit 58..113
sig[0] = (raw[1] >> 27) | (raw[2] << 5);
sig[1] = (raw[2] >> 27) | (raw[3] << 5);
// Serial = Bits [0..30] -> 31 bits
if (serial)
serial[0] = raw[0] & 0x7fffffff;
// Hash (e) = Bits [31..58] -> 28 bits
if (hash)
hash[0] = ((raw[0] >> 31) | (raw[1] << 1)) & 0xfffffff;
// Signature (s) = Bits [59..113] -> 55 bits
if (sig) {
sig[0] = (raw[1] >> 27) | (raw[2] << 5);
sig[1] = (raw[2] >> 27) | (raw[3] << 5);
}
}
static void pack(uint32_t *raw, uint32_t *pid, uint32_t *hash, uint32_t *sig)
{
raw[0] = pid[0] | ((hash[0] & 1) << 31);
raw[1] = (hash[0] >> 1) | ((sig[0] & 0x1f) << 27);
raw[2] = (sig[0] >> 5) | (sig[1] << 27);
raw[3] = sig[1] >> 5;
/* Packs the Windows XP Product Key. */
void packXP(ul32 *raw, const ul32 *serial, const ul32 *hash, const ul32 *sig) {
raw[0] = serial[0] | ((hash[0] & 1) << 31);
raw[1] = (hash[0] >> 1) | ((sig[0] & 0x1f) << 27);
raw[2] = (sig[0] >> 5) | (sig[1] << 27);
raw[3] = sig[1] >> 5;
}
void verify(EC_GROUP *ec, EC_POINT *generator, EC_POINT *public_key, char *cdkey)
{
uint8_t key[25];
int i, j, k;
/* Verify Product Key */
bool verifyXPKey(EC_GROUP *eCurve, EC_POINT *generator, EC_POINT *publicKey, char *cdKey) {
BN_CTX *context = BN_CTX_new();
BN_CTX *ctx = BN_CTX_new();
// remove Dashs from CDKEY
for (i = 0, k = 0; i < strlen(cdkey); i++) {
for (j = 0; j < 24; j++) {
if (cdkey[i] != '-' && cdkey[i] == cset[j]) {
key[k++] = j;
break;
}
assert(j < 24);
}
if (k >= 25) break;
}
// Base24_CDKEY -> Bin_CDKEY
uint32_t bkey[4] = {0};
uint32_t pid[1], hash[1], sig[2];
unbase24(bkey, key);
// Output Bin_CDKEY
printf("%.8x %.8x %.8x %.8x\n", bkey[3], bkey[2], bkey[1], bkey[0]);
// Convert Base24 CD-key to bytecode.
ul32 bKey[4]{};
ul32 pID, checkHash, sig[2];
// Divide/Extract pid_data, hash, sig from Bin_CDKEY
unpack(pid, hash, sig, bkey);
print_product_id(pid);
printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
unbase24(bKey, cdKey);
BIGNUM *e, *s;
/* e = hash, s = sig */
e = BN_new();
BN_set_word(e, hash[0]);
endian((uint8_t *)sig, sizeof(sig));
s = BN_bin2bn((uint8_t *)sig, sizeof(sig), NULL);
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
EC_POINT *u = EC_POINT_new(ec);
EC_POINT *v = EC_POINT_new(ec);
/* v = s*generator + e*(-public_key) */
EC_POINT_mul(ec, u, NULL, generator, s, ctx);
EC_POINT_mul(ec, v, NULL, public_key, e, ctx);
EC_POINT_add(ec, v, u, v, ctx);
EC_POINT_get_affine_coordinates_GFp(ec, v, x, y, ctx);
uint8_t buf[FIELD_BYTES], md[20];
uint32_t h;
uint8_t t[4];
SHA_CTX h_ctx;
/* h = (fist 32 bits of SHA1(pid || v.x, v.y)) >> 4 */
SHA1_Init(&h_ctx);
t[0] = pid[0] & 0xff;
t[1] = (pid[0] & 0xff00) >> 8;
t[2] = (pid[0] & 0xff0000) >> 16;
t[3] = (pid[0] & 0xff000000) >> 24;
SHA1_Update(&h_ctx, t, sizeof(t));
memset(buf, 0, sizeof(buf));
BN_bn2bin(x, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
BN_bn2bin(y, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
SHA1_Final(md, &h_ctx);
h = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
h &= 0xfffffff;
printf("Calculated hash: %.8x\n", h);
if (h == hash[0]) printf("Key valid\n");
else printf("Key invalid\n");
putchar('\n');
BN_free(e);
BN_free(s);
BN_free(x);
BN_free(y);
EC_POINT_free(u);
EC_POINT_free(v);
// Extract data, hash and signature from the bytecode.
unpackXP(&pID, &checkHash, sig, bKey);
BN_CTX_free(ctx);
// e = Hash
// s = Signature
BIGNUM *e, *s;
// Put hash word into BigNum e.
e = BN_new();
BN_set_word(e, checkHash);
// Reverse signature and create a new BigNum s.
endian((byte *)sig, sizeof(sig));
s = BN_bin2bn((byte *)sig, sizeof(sig), nullptr);
// Create x and y.
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
// Create 2 new points on the existing elliptic curve.
EC_POINT *u = EC_POINT_new(eCurve);
EC_POINT *v = EC_POINT_new(eCurve);
// EC_POINT_mul calculates r = generator * n + q * m.
// v = s * generator + e * (-publicKey)
// u = generator * s
EC_POINT_mul(eCurve, u, nullptr, generator, s, context);
// v = publicKey * e
EC_POINT_mul(eCurve, v, nullptr, publicKey, e, context);
// v += u
EC_POINT_add(eCurve, v, u, v, context);
// EC_POINT_get_affine_coordinates() sets x and y, either of which may be nullptr, to the corresponding coordinates of p.
// x = v.x; y = v.y;
EC_POINT_get_affine_coordinates(eCurve, v, x, y, context);
byte buf[FIELD_BYTES], md[SHA_DIGEST_LENGTH], t[4];
ul32 newHash;
SHA_CTX hContext;
// h = First32(SHA-1(pID || v.x || v.y)) >> 4
SHA1_Init(&hContext);
// Chop Product ID into 4 bytes.
t[0] = (pID & 0xff); // First 8 bits
t[1] = (pID & 0xff00) >> 8; // Second 8 bits
t[2] = (pID & 0xff0000) >> 16; // Third 8 bits
t[3] = (pID & 0xff000000) >> 24; // Fourth 8 bits
// Hash chunk of data.
SHA1_Update(&hContext, t, sizeof(t));
// Empty buffer, place v.x in little-endian.
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(x, buf);
endian(buf, FIELD_BYTES);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Empty buffer, place v.y in little-endian.
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(y, buf);
endian(buf, FIELD_BYTES);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Store the final message from hContext in md.
SHA1_Final(md, &hContext);
// h = First32(SHA-1(pID || v.x || v.y)) >> 4
newHash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
newHash &= 0xfffffff;
BN_free(e);
BN_free(s);
BN_free(x);
BN_free(y);
BN_CTX_free(context);
EC_POINT_free(u);
EC_POINT_free(v);
// If we managed to generate a key with the same hash, the key is correct.
return newHash == checkHash;
}
void generate(uint8_t *pkey, EC_GROUP *ec, EC_POINT *generator, BIGNUM *order, BIGNUM *priv, uint32_t *pid)
{
BN_CTX *ctx = BN_CTX_new();
/* Generate a valid Product Key. */
void generateXPKey(char *pKey, EC_GROUP *eCurve, EC_POINT *generator, BIGNUM *order, BIGNUM *privateKey, ul32 *pRaw) {
EC_POINT *r = EC_POINT_new(eCurve);
BN_CTX *ctx = BN_CTX_new();
BIGNUM *k = BN_new();
BIGNUM *s = BN_new();
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
EC_POINT *r = EC_POINT_new(ec);
uint32_t bkey[4];
BIGNUM *c = BN_new();
BIGNUM *s = BN_new();
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
// Loop in case signaturepart will make cdkey(base-24 "digits") longer than 25
do {
BN_pseudo_rand(k, FIELD_BITS, -1, 0);
EC_POINT_mul(ec, r, NULL, generator, k, ctx);
EC_POINT_get_affine_coordinates_GFp(ec, r, x, y, ctx);
SHA_CTX h_ctx;
uint8_t t[4], md[20], buf[FIELD_BYTES];
uint32_t hash[1];
/* h = (fist 32 bits of SHA1(pid || r.x, r.y)) >> 4 */
SHA1_Init(&h_ctx);
t[0] = pid[0] & 0xff;
t[1] = (pid[0] & 0xff00) >> 8;
t[2] = (pid[0] & 0xff0000) >> 16;
t[3] = (pid[0] & 0xff000000) >> 24;
SHA1_Update(&h_ctx, t, sizeof(t));
memset(buf, 0, sizeof(buf));
BN_bn2bin(x, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
BN_bn2bin(y, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
SHA1_Final(md, &h_ctx);
hash[0] = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
hash[0] &= 0xfffffff;
/* s = priv*h + k */
BN_copy(s, priv);
BN_mul_word(s, hash[0]);
BN_mod_add(s, s, k, order, ctx);
uint32_t sig[2] = {0};
BN_bn2bin(s, (uint8_t *)sig);
endian((uint8_t *)sig, BN_num_bytes(s));
pack(bkey, pid, hash, sig);
printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
} while (bkey[3] >= 0x40000);
ul32 bKey[4]{};
base24(pkey, bkey);
BN_free(k);
BN_free(s);
BN_free(x);
BN_free(y);
EC_POINT_free(r);
do {
ul32 hash = 0, sig[2]{};
BN_CTX_free(ctx);
}
memset(bKey, 0, 4);
int main()
{
initBink();
// Generate a random number c consisting of 384 bits without any constraints.
BN_rand(c, FIELD_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
rand();
srand(time(nullptr));
rand();
// r = generator * c;
EC_POINT_mul(eCurve, r, nullptr, generator, c, ctx);
// Init
BIGNUM *a, *b, *p, *gx, *gy, *pubx, *puby, *n, *priv;
BN_CTX *ctx = BN_CTX_new();
// make BigNumbers
a = BN_new();
b = BN_new();
p = BN_new();
gx = BN_new();
gy = BN_new();
pubx = BN_new();
puby = BN_new();
n = BN_new();
priv = BN_new();
// x = r.x; y = r.y;
EC_POINT_get_affine_coordinates(eCurve, r, x, y, ctx);
char* BINKID = "2E";
SHA_CTX hContext;
byte md[SHA_DIGEST_LENGTH]{}, buf[FIELD_BYTES]{}, t[4]{};
// Data from pidgen-Bink-resources
/* Elliptic curve parameters: y^2 = x^3 + ax + b mod p */
BN_dec2bn(&p, std::get<0>(BINKData[BINKID].E).c_str());
BN_dec2bn(&a, std::get<1>(BINKData[BINKID].E).c_str());
BN_dec2bn(&b, std::get<2>(BINKData[BINKID].E).c_str());
// h = (First-32(SHA1(pRaw, r.x, r.y)) >> 4
SHA1_Init(&hContext);
/* base point (generator) G */
BN_dec2bn(&gx, std::get<0>(BINKData[BINKID].G).c_str());
BN_dec2bn(&gy, std::get<1>(BINKData[BINKID].G).c_str());
// Chop Raw Product Key into 4 bytes.
t[0] = (*pRaw & 0xff);
t[1] = (*pRaw & 0xff00) >> 8;
t[2] = (*pRaw & 0xff0000) >> 16;
t[3] = (*pRaw & 0xff000000) >> 24;
/* inverse of public key */
BN_dec2bn(&pubx, std::get<0>(BINKData[BINKID].K).c_str());
BN_dec2bn(&puby, std::get<1>(BINKData[BINKID].K).c_str());
// Hash chunk of data.
SHA1_Update(&hContext, t, sizeof(t));
// Computed data
/* order of G - computed in 18 hours using a P3-450 */
BN_dec2bn(&n, BINKData[BINKID].n.c_str());
// Empty buffer, place r.x in little-endian
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(x, buf);
endian(buf, FIELD_BYTES);
/* THE private key - computed in 10 hours using a P3-450 */
BN_dec2bn(&priv, BINKData[BINKID].k.c_str());
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Calculation
EC_GROUP *ec = EC_GROUP_new_curve_GFp(p, a, b, ctx);
EC_POINT *g = EC_POINT_new(ec);
EC_POINT_set_affine_coordinates_GFp(ec, g, gx, gy, ctx);
EC_POINT *pub = EC_POINT_new(ec);
EC_POINT_set_affine_coordinates_GFp(ec, pub, pubx, puby, ctx);
uint8_t pkey[26];
uint32_t pid[1];
pid[0] = 640 * 1000000 ; /* <- change */
pid[0] += rand() & 999999;
// Empty buffer, place r.y in little-endian.
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(y, buf);
endian(buf, FIELD_BYTES);
printf("> PID: %d\n", pid[0]);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// generate a key
BN_sub(priv, n, priv);
generate(pkey, ec, g, n, priv, pid);
print_product_key(pkey);
printf("\n\n");
// Store the final message from hContext in md.
SHA1_Final(md, &hContext);
// verify the key
verify(ec, g, pub, (char*)pkey);
// Cleanup
BN_CTX_free(ctx);
return 0;
}
// h = (First-32(SHA1(pRaw, r.x, r.y)) >> 4
hash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
hash &= 0xfffffff;
/* s = privateKey * hash + c; */
// s = privateKey;
BN_copy(s, privateKey);
// s *= hash;
BN_mul_word(s, hash);
// BN_mod_add() adds a to b % m and places the non-negative result in r.
// s = |s + c % order|;
BN_mod_add(s, s, c, order, ctx);
// Convert s from BigNum back to bytecode and reverse the endianness.
BN_bn2bin(s, (byte *)sig);
endian((byte *)sig, BN_num_bytes(s));
// Pack product key.
packXP(bKey, pRaw, &hash, sig);
} while (bKey[3] >= 0x40000);
// ↑ ↑ ↑
// bKey[3] can't be longer than 18 bits, else the signature part will make
// the CD-key longer than 25 characters.
// Convert the key to Base24.
base24(pKey, bKey);
BN_free(c);
BN_free(s);
BN_free(x);
BN_free(y);
BN_CTX_free(ctx);
EC_POINT_free(r);
}