endermanch
/
XPKeygen
1
0
Fork 0
Code Issues 11 Pull Requests 1 Packages Projects Releases 8 Wiki Activity

v3 milestone

This commit is contained in:
Andrew 2023-06-14 16:27:22 +03:00
parent 3d29ee31b5
commit df687c198e
14 changed files with 991 additions and 624 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

8
.idea/XPKeygen.iml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="CPP_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

8
.idea/modules.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/XPKeygen.iml" filepath="$PROJECT_DIR$/.idea/XPKeygen.iml" />
</modules>
</component>
</project>

6
.idea/vcs.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="" vcs="Git" />
</component>
</project>

1
Keygen.vcxproj
View File

@ -272,6 +272,7 @@
</ProjectReference> </ProjectReference>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="bink.cpp" />
<ClCompile Include="D:\Software\Development\XPKeygen\main.cpp" /> <ClCompile Include="D:\Software\Development\XPKeygen\main.cpp" />
<ClCompile Include="D:\Software\Development\XPKeygen\xp.cpp" /> <ClCompile Include="D:\Software\Development\XPKeygen\xp.cpp" />
<ClCompile Include="D:\Software\Development\XPKeygen\server.cpp" /> <ClCompile Include="D:\Software\Development\XPKeygen\server.cpp" />

42
Keygen.vcxproj.filters
View File

@ -19,12 +19,17 @@
<ClCompile Include="windows.cpp"> <ClCompile Include="windows.cpp">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="bink.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="D:\Software\Development\XPKeygen\header.h"> <ClInclude Include="D:\Software\Development\XPKeygen\header.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="resource.h" /> <ClInclude Include="resource.h">
<Filter>Resources</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Filter Include="Header Files"> <Filter Include="Header Files">
@ -33,19 +38,38 @@
<Filter Include="Source Files"> <Filter Include="Source Files">
<UniqueIdentifier>{DD359385-3E10-39A8-BDBE-E651CB1745C6}</UniqueIdentifier> <UniqueIdentifier>{DD359385-3E10-39A8-BDBE-E651CB1745C6}</UniqueIdentifier>
</Filter> </Filter>
<Filter Include="Resources">
<UniqueIdentifier>{8c8a7e56-fe48-4168-8eb0-0715690de23e}</UniqueIdentifier>
</Filter>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ResourceCompile Include="resource.rc" /> <Media Include="resources\neon.wav">
<Filter>Resources</Filter>
</Media>
<Media Include="resources\pxiii.wav">
<Filter>Resources</Filter>
</Media>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Media Include="resources\neon.wav" /> <Image Include="resources\ender.bmp">
<Media Include="resources\pxiii.wav" /> <Filter>Resources</Filter>
</Image>
<Image Include="resources\icon.ico">
<Filter>Resources</Filter>
</Image>
<Image Include="resources\logo.bmp">
<Filter>Resources</Filter>
</Image>
<Image Include="resources\musicoff.bmp">
<Filter>Resources</Filter>
</Image>
<Image Include="resources\musicon.bmp">
<Filter>Resources</Filter>
</Image>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Image Include="resources\icon.ico" /> <ResourceCompile Include="resource.rc">
<Image Include="resources\ender.bmp" /> <Filter>Resources</Filter>
<Image Include="resources\logo.bmp" /> </ResourceCompile>
<Image Include="resources\musicon.bmp" />
<Image Include="resources\musicoff.bmp" />
</ItemGroup> </ItemGroup>
</Project> </Project>

138
bink.cpp Normal file
View File

@ -0,0 +1,138 @@
//
// Created by Andrew on 24/05/2023.
//
#include "header.h"
#define BINK_RETAIL MAKEINTRESOURCEW(1)
#define BINK_OEM MAKEINTRESOURCEW(2)
#define RT_BINK L"BINK"
/*
Bink resource doesn't exist
The file you selected isn't a library
Bink resource is invalid
*/
typedef struct _EC_BYTE_POINT {
CHAR x[256]; // x-coordinate of the point on the elliptic curve.
CHAR y[256]; // y-coordinate of the point on the elliptic curve.
} EC_BYTE_POINT;
typedef struct _BINKHDR {
// BINK version - not stored in the resource.
ULONG32 dwVersion;
// Original BINK header.
ULONG32 dwID;
ULONG32 dwSize;
ULONG32 dwHeaderLength;
ULONG32 dwChecksum;
ULONG32 dwDate;
ULONG32 dwKeySizeInDWORDs;
ULONG32 dwHashLength;
ULONG32 dwSignatureLength;
// Extended BINK header. (Windows Server 2003+)
ULONG32 dwAuthCodeLength;
ULONG32 dwProductIDLength;
} BINKHDR;
typedef struct _BINKDATA {
CHAR p[256]; // Finite Field order p.
CHAR a[256]; // Elliptic Curve parameter a.
CHAR b[256]; // Elliptic Curve parameter b.
EC_BYTE_POINT G; // Base point (Generator) G.
EC_BYTE_POINT K; // Public key K.
EC_BYTE_POINT I; // Inverse of the public key K.
} BINKDATA;
typedef struct _BINKEY {
BINKHDR header;
BINKDATA data;
} BINKEY;
DWORD extractBINKResource(HMODULE hLibrary, BYTE **pData) {
HRSRC hRes = FindResourceW(hLibrary, BINK_OEM, RT_BINK);
DWORD dwSize = 0;
if (hRes != NULL) {
dwSize = SizeofResource(hLibrary, hRes);
*pData = (BYTE *)LoadResource(hLibrary, hRes);
}
return dwSize;
}
BYTE hexToDecDigit(CHAR nDigit) {
nDigit = toupper(nDigit);
if (nDigit >= '0' && nDigit <= '9')
return nDigit - '0';
else
return nDigit - 'A' + 10;
}
ULONG32 byteToInteger(BYTE *pByte) {
return hexToDecDigit(pByte[0]) << 4 + hexToDecDigit(pByte[1]);
}
void reverseBytes(CONST BYTE *pBytes, ULONG32 nBytes, BYTE *pReversed) {
for (int i = nBytes - 1; i >= 0; i--) {
memcpy((BYTE *)&pBytes[i * 2], (BYTE *)&pReversed[(nBytes - i + 1) * 2], 2 * sizeof(BYTE));
}
}
ULONG32 ulToInteger(BYTE *pUL, BOOL bLittleEndian) {
BYTE pULCopy[8] = { 0 };
ULONG32 nUL = 0;
if (pUL == NULL)
return 0;
if (bLittleEndian)
reverseBytes(pUL, 4, pULCopy);
for (int i = 0; i < 4; i++) {
nUL += byteToInteger(&pULCopy[i * 2]);
}
return nUL;
}
void decodeBINKResource(BYTE *pData, ULONG32 nLength, BINKEY *pBINK) {
ULONG32 nBlockBytes = 4;
// If BINK is incomplete, return.
if (nLength < 0x170) return;
ulToInteger(pData, TRUE);
/*/ Read BINK header.
for (ULONG32 nOffset = 0; nOffset < sizeof(BINKHDR); nOffset += nBlockBytes) {
pBINK[nOffset] =
}*/
}
void base(WCHAR *pPath) {
HMODULE pIDgen = LoadLibraryExW(pPath, NULL, LOAD_LIBRARY_AS_DATAFILE);
if (pIDgen == NULL)
return;
BYTE *pBuffer = NULL;
ULONG32 nLength = extractBINKResource(pIDgen, &pBuffer);
if (nLength == 0) {
return;
}
BINKEY pBINK = { 0 };
decodeBINKResource(pBuffer, nLength, &pBINK);
FreeLibrary(pIDgen);
}

151
header.h
View File

@ -16,14 +16,26 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#define PK_LENGTH 25
#define NULL_TERMINATOR 1
#define FIELD_BITS 384 #define FIELD_BITS 384
#define FIELD_BYTES (FIELD_BITS / 8) #define FIELD_BYTES (FIELD_BITS / 8)
#define FIELD_BITS_2003 512 #define FIELD_BITS_2003 512
#define FIELD_BYTES_2003 (FIELD_BITS_2003 / 8) #define FIELD_BYTES_2003 (FIELD_BITS_2003 / 8)
#define PK_LENGTH 25 #define SHA_MSG_LENGTH_XP (4 + 2 * FIELD_BYTES)
#define NULL_TERMINATOR 1 #define SHA_MSG_LENGTH_2003 (3 + 2 * FIELD_BYTES_2003)
#define NEXTSNBITS(field, n, offset) (((QWORD)(field) >> (offset)) & ((1ULL << (n)) - 1))
#define FIRSTNBITS(field, n) NEXTSNBITS((field), (n), 0)
#define HIBYTES(field, bytes) NEXTSNBITS((QWORD)(field), ((bytes) * 8), ((bytes) * 8))
#define LOBYTES(field, bytes) FIRSTNBITS((QWORD)(field), ((bytes) * 8))
#define BYDWORD(n) (DWORD)(*((n) + 0) | *((n) + 1) << 8 | *((n) + 2) << 16 | *((n) + 3) << 24)
#define BITMASK(n) ((1ULL << (n)) - 1)
#define IDC_BUTTON1 1000 #define IDC_BUTTON1 1000
#define IDC_BUTTON2 1001 #define IDC_BUTTON2 1001
@ -47,91 +59,106 @@
#define IDC_LABEL4 1058 #define IDC_LABEL4 1058
#define IDC_LABEL5 1059 #define IDC_LABEL5 1059
typedef unsigned long ul32; typedef uint64_t QWORD;
extern byte charset[]; extern char pCharset[];
extern const char pXP[]; extern const char pXP[];
extern const long aXP; extern const long aXP;
extern const long bXP; extern const long bXP;
// xp.cpp // xp.cpp
bool keyXP( VOID unpackXP(
char *pKey, QWORD (&pRaw)[2],
ul32 nRaw BOOL &pUpgrade,
DWORD &pSerial,
DWORD &pHash,
QWORD &pSignature
); );
void unpackXP( VOID packXP(
ul32 *serial, QWORD (&pRaw)[2],
ul32 *hash, BOOL pUpgrade,
ul32 *sig, DWORD pSerial,
ul32 *raw DWORD pHash,
QWORD pSignature
); );
void packXP( BOOL verifyXPKey(
ul32 *raw,
ul32 *serial,
ul32 *hash,
ul32 *sig
);
bool verifyXPKey(
EC_GROUP *eCurve, EC_GROUP *eCurve,
EC_POINT *generator, EC_POINT *basePoint,
EC_POINT *publicKey, EC_POINT *publicKey,
char *cdKey CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
); );
void generateXPKey( VOID generateXPKey(
char *pKey,
EC_GROUP *eCurve, EC_GROUP *eCurve,
EC_POINT *generator, EC_POINT *basePoint,
BIGNUM *order, BIGNUM *genOrder,
BIGNUM *privateKey, BIGNUM *privateKey,
ul32 *pRaw DWORD pChannelID,
DWORD pSequence,
BOOL pUpgrade,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
); );
BOOL keyXP(
CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR],
DWORD nChannelID,
DWORD nSequence,
BOOL bUpgrade
);
// server.cpp // server.cpp
bool keyServer( VOID unpackServer(
char *pKey QWORD (&pRaw)[2],
BOOL &pUpgrade,
DWORD &pChannelID,
DWORD &pHash,
QWORD &pSignature,
DWORD &pAuthInfo
); );
void unpackServer( VOID packServer(
ul32 *osFamily, QWORD (&pRaw)[2],
ul32 *hash, BOOL pUpgrade,
ul32 *sig, DWORD pChannelID,
ul32 *prefix, DWORD pHash,
ul32 *raw QWORD pSignature,
DWORD pAuthInfo
); );
void packServer( BOOL verifyServerKey(
ul32 *raw,
ul32 *osFamily,
ul32 *hash,
ul32 *sig,
ul32 *prefix
);
bool verifyServerKey(
EC_GROUP *eCurve, EC_GROUP *eCurve,
EC_POINT *generator, EC_POINT *basePoint,
EC_POINT *public_key, EC_POINT *publicKey,
char *cdKey CHAR (&cdKey)[PK_LENGTH + NULL_TERMINATOR]
); );
void generateServerKey( VOID generateServerKey(
char *pKey,
EC_GROUP *eCurve, EC_GROUP *eCurve,
EC_POINT *generator, EC_POINT *basePoint,
BIGNUM *order, BIGNUM *genOrder,
BIGNUM *privateKey, BIGNUM *privateKey,
ul32 *osFamily, DWORD pChannelID,
ul32 *prefix DWORD pAuthInfo,
BOOL pUpgrade,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
); );
BOOL keyServer(
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR],
DWORD nChannelID,
DWORD nAuthInfo,
BOOL bUpgrade
);
// utilities.cpp // utilities.cpp
void endiannessConvert(byte *data, int length); void endian(byte *data, int length);
ul32 randomRange(ul32 dwLow, ul32 dwHigh); DWORD randomRange(DWORD dwLow, DWORD dwHigh);
void stopAudio(); void stopAudio();
bool playAudio(HINSTANCE hInstance, WCHAR *lpName, UINT bFlags); bool playAudio(HINSTANCE hInstance, WCHAR *lpName, UINT bFlags);
@ -148,16 +175,24 @@ EC_GROUP *initializeEllipticCurve(
BIGNUM *privateKeySel, BIGNUM *privateKeySel,
EC_POINT **genPoint, EC_POINT **genPoint,
EC_POINT **pubPoint EC_POINT **pubPoint
); );
int BN_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen);
// key.cpp // key.cpp
void unbase24(ul32 *byteSeq, const char *cdKey); bool unbase24(BYTE *byteSeq, CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]);
void base24(char *cdKey, ul32 *byteSeq); void base24(BYTE *byteSeq, CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR]);
void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText); void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText);
void formatServer(WCHAR *pText); void formatServer(WCHAR *pText);
// windows.cpp // windows.cpp
bool InitializeWindow(HINSTANCE hInstance); bool InitializeWindow(HINSTANCE hInstance);
// bink.cpp
void base(WCHAR *pPath);
#endif //KEYGEN_HEADER_H #endif //KEYGEN_HEADER_H

153
key.cpp
View File

@ -4,47 +4,24 @@
#include "header.h" #include "header.h"
/* Converts from byte sequence to the CD-key. */
void base24(char *cdKey, ul32 *byteSeq) {
byte rbs[16];
BIGNUM *z;
// Copy byte sequence to the reversed byte sequence.
memcpy(rbs, byteSeq, sizeof(rbs));
// Skip trailing zeroes and reverse y.
int length;
for (length = 15; rbs[length] == 0; length--);
endiannessConvert(rbs, ++length);
// Convert reversed byte sequence to BigNum z.
z = BN_bin2bn(rbs, length, nullptr);
// Divide z by 24 and convert the remainder to a CD-key char.
cdKey[25] = 0;
for (int i = 24; i >= 0; i--)
cdKey[i] = charset[BN_div_word(z, 24)];
BN_free(z);
}
/* Converts from CD-key to a byte sequence. */ /* Converts from CD-key to a byte sequence. */
void unbase24(ul32 *byteSeq, const char *cdKey) { bool unbase24(BYTE *byteSeq, CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR]) {
byte pDecodedKey[PK_LENGTH + NULL_TERMINATOR]{}; BYTE pDecodedKey[PK_LENGTH + NULL_TERMINATOR]{};
BIGNUM *y = BN_new(); BIGNUM *y = BN_new();
BN_zero(y); BN_zero(y);
// Remove dashes from the CD-key and put it into a Base24 byte array. // Remove dashes from the CD-key and put it into a Base24 byte array.
for (int i = 0, k = 0; i < strlen(cdKey) && k < PK_LENGTH; i++) { for (int i = 0, k = 0; i < strlen(pKey) && k < PK_LENGTH; i++) {
for (int j = 0; j < 24; j++) { for (int j = 0; j < strlen(pCharset); j++) {
if (cdKey[i] != '-' && cdKey[i] == charset[j]) { if (pKey[i] == pCharset[j]) {
pDecodedKey[k++] = j; pDecodedKey[k++] = j;
break; break;
} }
} }
// If the k-index hasn't been incremented, and it's due to the key being garbage, quit.
if (pKey[i] != '-' && k == i) return false;
} }
// Empty byte sequence. // Empty byte sequence.
@ -52,7 +29,7 @@ void unbase24(ul32 *byteSeq, const char *cdKey) {
// Calculate the weighed sum of byte array elements. // Calculate the weighed sum of byte array elements.
for (int i = 0; i < PK_LENGTH; i++) { for (int i = 0; i < PK_LENGTH; i++) {
BN_mul_word(y, PK_LENGTH - 1); BN_mul_word(y, strlen(pCharset));
BN_add_word(y, pDecodedKey[i]); BN_add_word(y, pDecodedKey[i]);
} }
@ -60,16 +37,44 @@ void unbase24(ul32 *byteSeq, const char *cdKey) {
int n = BN_num_bytes(y); int n = BN_num_bytes(y);
// Place the generated code into the byte sequence. // Place the generated code into the byte sequence.
BN_bn2bin(y, (byte *)byteSeq); BN_bn2bin(y, byteSeq);
BN_free(y); BN_free(y);
// Reverse the byte sequence. // Reverse the byte sequence.
endiannessConvert((byte *) byteSeq, n); endian(byteSeq, n);
return true;
}
/* Converts from byte sequence to the CD-key. */
void base24(BYTE *byteSeq, CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR]) {
BYTE rbyteSeq[16];
BIGNUM *z;
// Copy byte sequence to the reversed byte sequence.
memcpy(rbyteSeq, byteSeq, sizeof(rbyteSeq));
// Skip trailing zeroes and reverse y.
int length;
for (length = 15; rbyteSeq[length] == 0; length--);
endian(rbyteSeq, ++length);
// Convert reversed byte sequence to BigNum z.
z = BN_bin2bn(rbyteSeq, length, nullptr);
// Divide z by 24 and convert the remainder to a CD-key char.
pKey[PK_LENGTH] = '\0';
for (int i = PK_LENGTH - 1; i >= 0; i--)
pKey[i] = pCharset[BN_div_word(z, 24)];
BN_free(z);
} }
/* Formats Windows XP key output. */ /* Formats Windows XP key output. */
void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) { void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) {
WCHAR pFPK[32]{}; WCHAR pDashedKey[PK_LENGTH + 4 + NULL_TERMINATOR]{};
int pSSection = 0; int pSSection = 0;
@ -79,65 +84,69 @@ void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) {
while (pSSection < 0) while (pSSection < 0)
pSSection += 7; pSSection += 7;
char pKey[PK_LENGTH + NULL_TERMINATOR]{}; CHAR pKey[PK_LENGTH + NULL_TERMINATOR]{};
ul32 msDigits = _wtoi(pBSection), DWORD pChannelID = _wtoi(pBSection),
lsDigits = _wtoi(pCSection); pSequence = _wtoi(pCSection);
ul32 nRPK = msDigits * 1'000'000 + lsDigits, DWORD pHash;
hash = 0, QWORD pRaw[2]{},
bKey[4]{}, pSignature;
bSig[2]{};
bool bValid = keyXP(pKey, nRPK); bool bValid = keyXP(pKey, pChannelID, pSequence, false);
unbase24(bKey, pKey); DWORD pSerial;
unpackXP(nullptr, &hash, bSig, bKey); BOOL pUpgrade = false;
unbase24((BYTE *)pRaw, pKey);
unpackXP(pRaw, pUpgrade, pSerial, pHash, pSignature);
for (int i = 0; i < 5; i++) for (int i = 0; i < 5; i++)
wsprintfW(pFPK, L"%s%s%.5S", pFPK, i != 0 ? L"-" : L"", &pKey[5 * i]); wsprintfW(pDashedKey, L"%s%s%.5S", pDashedKey, i != 0 ? L"-" : L"", &pKey[5 * i]);
wsprintfW( swprintf(
pText, pText,
L"Product ID:\tPPPPP-%03d-%06d%d-23XXX\r\n\r\nBytecode:\t%08lX %08lX %08lX %08lX\r\nHash:\t\t%08lX\r\nSignature:\t%08lX %08lX\r\nCurve Point:\t%s\r\n\r\n%s\r\n", L"Product ID:\tPPPPP-%03d-%06d%d-23XXX\r\n\r\nBytecode:\t%016llX %016llX\r\nHash:\t\t%lX\r\nSignature:\t%llX\r\nCurve Point:\t%s\r\n\r\n%s\r\n",
nRPK / 1'000'000, pSerial / 1'000'000,
nRPK % 1'000'000, pSerial % 1'000'000,
pSSection, pSSection,
bKey[3], bKey[2], bKey[1], bKey[0], pRaw[1], pRaw[0],
hash, pHash,
bSig[1], bSig[0], pSignature,
bValid ? L"True" : L"False", bValid ? L"True" : L"False",
pFPK pDashedKey
); );
} }
/* Formats Windows Server 2003 key output. */ /* Formats Windows Server 2003 key output. */
void formatServer(WCHAR *pText) { void formatServer(WCHAR *pText) {
WCHAR pFPK[32]{}; WCHAR pDashedKey[32]{};
char pKey[PK_LENGTH + NULL_TERMINATOR]{}; char pKey[PK_LENGTH + NULL_TERMINATOR]{};
ul32 hash = 0, DWORD pHash = 0,
osFamily = 0, pChannelID = 0,
prefix = 0, pAuthInfo = 0;
bKey[4]{},
bSig[2]{};
bool bValid = keyServer(pKey); QWORD pRaw[2]{},
pSignature;
unbase24(bKey, pKey); BOOL pUpgrade = false;
unpackServer(&osFamily, &hash, bSig, &prefix, bKey); bool bValid = keyServer(pKey, 640, 0, pUpgrade);
unbase24((BYTE *)pRaw, pKey);
unpackServer(pRaw, pUpgrade, pChannelID, pHash, pSignature, pAuthInfo);
for (int i = 0; i < 5; i++) for (int i = 0; i < 5; i++)
wsprintfW(pFPK, L"%s%s%.5S", pFPK, i != 0 ? L"-" : L"", &pKey[5 * i]); wsprintfW(pDashedKey, L"%s%s%.5S", pDashedKey, i != 0 ? L"-" : L"", &pKey[5 * i]);
wsprintfW( swprintf(
pText, pText,
L"Bytecode:\t%08lX %08lX %08lX %08lX\r\nOS Family:\t%d\r\nHash:\t\t%08lX\r\nSignature:\t%08lX %08lX\r\nPrefix:\t\t%04lX\r\nCurve Point:\t%s\r\n\r\n%s\r\n", L"Bytecode:\t%016llX %016llX\r\nChannel ID:\t%d\r\nHash:\t\t%lX\r\nSignature:\t%llX\r\nAuthInfo:\t%d\r\nCurve Point:\t%s\r\n\r\n%s\r\n",
bKey[3], bKey[2], bKey[1], bKey[0], pRaw[1], pRaw[0],
osFamily, pChannelID,
hash, pHash,
bSig[1], bSig[0], pSignature,
prefix, pAuthInfo,
bValid ? L"True" : L"False", bValid ? L"True" : L"False",
pFPK pDashedKey
); );
} }

4
main.cpp
View File

@ -61,10 +61,12 @@
#include "header.h" #include "header.h"
byte charset[] = "BCDFGHJKMPQRTVWXY2346789"; char pCharset[] = "BCDFGHJKMPQRTVWXY2346789";
INT wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ WCHAR *pCmdLine, _In_ INT nCmdShow) { INT wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ WCHAR *pCmdLine, _In_ INT nCmdShow) {
srand(GetTickCount64()); srand(GetTickCount64());
//base(L"D:\\Desktop\\ECC Research\\pIDgen\\pidgenxp.dll");
return InitializeWindow(hInstance); return InitializeWindow(hInstance);
} }

527
server.cpp
View File

@ -4,6 +4,7 @@
#include "header.h" #include "header.h"
/* Windows Server 2003 */
const char pSv[] = "C9AE7AED19F6A7E100AADE98134111AD8118E59B8264734327940064BC675A0C682E19C89695FBFA3A4653E47D47FD7592258C7E3C3C61BBEA07FE5A7E842379"; const char pSv[] = "C9AE7AED19F6A7E100AADE98134111AD8118E59B8264734327940064BC675A0C682E19C89695FBFA3A4653E47D47FD7592258C7E3C3C61BBEA07FE5A7E842379";
const long aSv = 1; const long aSv = 1;
const long bSv = 0; const long bSv = 0;
@ -22,135 +23,201 @@ const char genOrderSv[] = "4CC5C56529F0237D";
// Computed private key // Computed private key
const char privateKeySv[] = "2606120F59C05118"; const char privateKeySv[] = "2606120F59C05118";
void unpackServer(ul32 *osFamily, ul32 *hash, ul32 *sig, ul32 *prefix, ul32 *raw) { /* Windows XP x64
Public key (-K) = (1989960177638374390878377737764297057685259206834686428253479199374616869742150776410973898745805799780071536831208959469038333664656928533078897351495263; 2680493145252003995204016438404731303203625133293449171132691660710342616258476835192643732221910418645447349019141673820306444587247165566828458285756618)
Order of base point G (n) = 4710798293276956193
Private key (k) = 4699066967014190092 for INVERSE. 11731326262766101
const char pSv[] = "D4B49D04A01EF209121C370DCF0D6292569EC65B8F147A8C62319B6B90DEA2D1CD45199B93582732BFEE27F40BF62D7EB2559BCD08041E301E0D14037A25D989";
const long aSv = 1;
const long bSv = 0;
const char genXSv[] = "828A23E65A03F2CE12342DC2B3AA4089C1447DD5C4DC36C0470885A4662F10187037F72B2216C3F671B434267A329BD3363BB27055F0EBBA8A0ABEF451D3F6A3";
const char genYSv[] = "23B0823295C9CB669E1643B298624083F68C58F14FEEC55D0B247EF37B353A1066F502D7BC71050056C7D006156A26CC9222F5135FB8B255D7773AE0CDCA31E2";
const char pubXSv[] = "25FEB90513F63C0833F1096369149E65C9359F4BCC8DE9A8F647030F96485BC71929594FF369DB967910B8F0A59BC7C30CF0D38311486293BA0B2952EE648E5F";
const char pubYSv[] = "A186A2C2913E5584F05E97D3CD49E354E6C41BE329877D7FCC7B2BF877A0B00C9298901D305D7FF012FF7902B4202D4ED64D6A90C6AD05960253BAB8F69D68BF";
// Order of G <- CALCULATED ON MY i7-12700K in 20 seconds
const char genOrderSv[] = "41601E16BF4A1621";
// Computed private key <- CALCULATED ON MY i7-12700K in 5 minutes 40 seconds
const char privateKeySv[] = "4136708280A72C0C";*/
/* Windows XP x64 OEM
const char pSv[] = "A6FEDE9568C7863685F783F864A5943D34DED45EC460EEB2EC0455B01BC3C4D21FE081E479F2338BAAF7B10903AC89D23774938F41FDBFB6F16A615ECE5A04A1";
const long aSv = 1;
const long bSv = 0;
const char genXSv[] = "3CCFE20244697894A5CF8F8A57F335462C8C7C4935E171A373C2C1BA85C304D121A48931A99E4DD911945B410E10DEF21C00B2ED33FEF4E8F6FCBE16014E0AA8";
const char genYSv[] = "7D3F4583D6A45EF6547532B2AE6AC83281317A212223A47ADA92FB48DF055A225DD3E8DF17850EBFAD744780C8166B14F0A39C96B3D216E2247A89518985F6F8";
const char pubXSv[] = "19D3C8A75DACEAB3CE42970BCF3097F712FD3F6D3B171BE55D7AEF6210C48194480E998AFAC181935DCB9E66BD23769AF5E7ABB8ED2A7E5FAABD4FD1F8D24F7C";
const char pubYSv[] = "47A138CDB3C51BEB5443A00FD24734C6DE5DCE6DBA3B2EC337984C09B1CB108E45E8B50F78AEE5FBCA068C0B285576AC26099BD4D52AE2AF9F32A30A340705AF";
// Order of G <- CALCULATED ON MY i7-12700K in 2 hours (single threaded).
const char genOrderSv[] = "4782F84242B0A5E1";
// Computed private key <- CALCULATED ON MY i7-12700K in 5 minutes 40 seconds
const char privateKeySv[] = "15F9B7336005CB82";// or "3189410EE2AADA5F";
*/
/* Unpacks the Windows Server 2003-like Product Key. */
VOID unpackServer(
QWORD (&pRaw)[2],
BOOL &pUpgrade,
DWORD &pChannelID,
DWORD &pHash,
QWORD &pSignature,
DWORD &pAuthInfo
) {
// We're assuming that the quantity of information within the product key is at most 114 bits. // We're assuming that the quantity of information within the product key is at most 114 bits.
// log2(24^25) = 114. // log2(24^25) = 114.
// OS Family = Bits [0..10] -> 11 bits // Upgrade = Bit 0
osFamily[0] = raw[0] & 0x7ff; pUpgrade = FIRSTNBITS(pRaw[0], 1);
// Channel ID = Bits [1..10] -> 10 bits
pChannelID = NEXTSNBITS(pRaw[0], 10, 1);
// Hash = Bits [11..41] -> 31 bits // Hash = Bits [11..41] -> 31 bits
hash[0] = ((raw[0] >> 11) | (raw[1] << 21)) & 0x7fffffff; pHash = NEXTSNBITS(pRaw[0], 31, 11);
// Signature = Bits [42..103] -> 62 bits // Signature = Bits [42..103] -> 62 bits
sig[0] = (raw[1] >> 10) | (raw[2] << 22); // The quad-word signature overlaps AuthInfo in bits 104 and 105,
sig[1] = ((raw[2] >> 10) | (raw[3] << 22)) & 0x3fffffff; // hence Microsoft employs a secret technique called: Signature = HIDWORD(Signature) >> 2 | LODWORD(Signature)
pSignature = NEXTSNBITS(pRaw[1], 30, 10) << 32 | FIRSTNBITS(pRaw[1], 10) << 22 | NEXTSNBITS(pRaw[0], 22, 42);
// Prefix = Bits [104..113] -> 10 bits // AuthInfo = Bits [104..113] -> 10 bits
prefix[0] = (raw[3] >> 8) & 0x3ff; pAuthInfo = NEXTSNBITS(pRaw[1], 10, 40);
} }
void packServer(ul32 *raw, ul32 *osFamily, ul32 *hash, ul32 *sig, ul32 *prefix) { /* Packs the Windows Server 2003-like Product Key. */
raw[0] = osFamily[0] | (hash[0] << 11); VOID packServer(
raw[1] = (hash[0] >> 21) | (sig[0] << 10); QWORD (&pRaw)[2],
raw[2] = (sig[0] >> 22) | (sig[1] << 10); BOOL pUpgrade,
raw[3] = (sig[1] >> 22) | (prefix[0] << 8); DWORD pChannelID,
DWORD pHash,
QWORD pSignature,
DWORD pAuthInfo
) {
// AuthInfo [113..104] <- Signature [103..42] <- Hash [41..11] <- Channel ID [10..1] <- Upgrade [0]
pRaw[0] = FIRSTNBITS(pSignature, 22) << 42 | (QWORD)pHash << 11 | (QWORD)pChannelID << 1 | pUpgrade;
pRaw[1] = FIRSTNBITS(pAuthInfo, 10) << 40 | NEXTSNBITS(pSignature, 40, 22);
} }
bool verifyServerKey(EC_GROUP *eCurve, EC_POINT *generator, EC_POINT *publicKey, char *cdKey) {
/* Verifies the Windows Server 2003-like Product Key. */
BOOL verifyServerKey(
EC_GROUP *eCurve,
EC_POINT *basePoint,
EC_POINT *publicKey,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
) {
BN_CTX *context = BN_CTX_new(); BN_CTX *context = BN_CTX_new();
QWORD bKey[2]{},
pSignature = 0;
DWORD pData,
pChannelID,
pHash,
pAuthInfo;
BOOL pUpgrade;
// Convert Base24 CD-key to bytecode. // Convert Base24 CD-key to bytecode.
ul32 osFamily, hash, sig[2], prefix; unbase24((BYTE *)bKey, pKey);
ul32 bKey[4]{};
unbase24(bKey, cdKey); // Extract product key segments from bytecode.
unpackServer(bKey, pUpgrade, pChannelID, pHash, pSignature, pAuthInfo);
// Extract segments from the bytecode and reverse the signature. pData = pChannelID << 1 | pUpgrade;
unpackServer(&osFamily, &hash, sig, &prefix, bKey);
endiannessConvert((byte *)sig, 8);
byte t[FIELD_BYTES_2003]{}, md[SHA_DIGEST_LENGTH]{}; BYTE msgDigest[SHA_DIGEST_LENGTH]{},
ul32 checkHash, newHash[2]{}; msgBuffer[SHA_MSG_LENGTH_2003]{},
xBin[FIELD_BYTES_2003]{},
yBin[FIELD_BYTES_2003]{};
SHA_CTX hContext; // Assemble the first SHA message.
msgBuffer[0x00] = 0x5D;
msgBuffer[0x01] = (pData & 0x00FF);
msgBuffer[0x02] = (pData & 0xFF00) >> 8;
msgBuffer[0x03] = (pHash & 0x000000FF);
msgBuffer[0x04] = (pHash & 0x0000FF00) >> 8;
msgBuffer[0x05] = (pHash & 0x00FF0000) >> 16;
msgBuffer[0x06] = (pHash & 0xFF000000) >> 24;
msgBuffer[0x07] = (pAuthInfo & 0x00FF);
msgBuffer[0x08] = (pAuthInfo & 0xFF00) >> 8;
msgBuffer[0x09] = 0x00;
msgBuffer[0x0A] = 0x00;
// H = SHA-1(5D || OS Family || Hash || Prefix || 00 00) // newSignature = SHA1(5D || Channel ID || Hash || AuthInfo || 00 00)
SHA1_Init(&hContext); SHA1(msgBuffer, 11, msgDigest);
t[0] = 0x5D; // Translate the byte digest into a 64-bit integer - this is our computed intermediate signature.
t[1] = (osFamily & 0xff); // As the signature is only 62 bits long at most, we have to truncate it by shifting the high DWORD right 2 bits (per spec).
t[2] = (osFamily & 0xff00) >> 8; QWORD iSignature = NEXTSNBITS(BYDWORD(&msgDigest[4]), 30, 2) << 32 | BYDWORD(msgDigest);
t[3] = (hash & 0xff);
t[4] = (hash & 0xff00) >> 8;
t[5] = (hash & 0xff0000) >> 16;
t[6] = (hash & 0xff000000) >> 24;
t[7] = (prefix & 0xff);
t[8] = (prefix & 0xff00) >> 8;
t[9] = 0x00;
t[10] = 0x00;
SHA1_Update(&hContext, t, 11); /*
SHA1_Final(md, &hContext); *
* Scalars:
* e = Hash
* s = Schnorr Signature
*
* Points:
* G(x, y) = Generator (Base Point)
* K(x, y) = Public Key
*
* Equation:
* P = s(sG + eK)
*
*/
// First word. BIGNUM *e = BN_lebin2bn((BYTE *)&iSignature, sizeof(iSignature), nullptr),
newHash[0] = md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24); *s = BN_lebin2bn((BYTE *)&pSignature, sizeof(pSignature), nullptr),
*x = BN_new(),
*y = BN_new();
// Second word, right shift 2 bits. // Create 2 points on the elliptic curve.
newHash[1] = (md[4] | (md[5] << 8) | (md[6] << 16) | (md[7] << 24)) >> 2; EC_POINT *p = EC_POINT_new(eCurve);
newHash[1] &= 0x3FFFFFFF; EC_POINT *t = EC_POINT_new(eCurve);
endiannessConvert((byte *)newHash, 8); // t = sG
EC_POINT_mul(eCurve, t, nullptr, basePoint, s, context);
BIGNUM *x = BN_new(); // p = eK
BIGNUM *y = BN_new(); EC_POINT_mul(eCurve, p, nullptr, publicKey, e, context);
BIGNUM *s = BN_bin2bn((byte *)sig, 8, nullptr);
BIGNUM *e = BN_bin2bn((byte *)newHash, 8, nullptr);
EC_POINT *u = EC_POINT_new(eCurve); // p += t
EC_POINT *v = EC_POINT_new(eCurve); EC_POINT_add(eCurve, p, t, p, context);
// EC_POINT_mul calculates r = generator * n + q * m. // p *= s
// v = s * (s * generator + e * publicKey) EC_POINT_mul(eCurve, p, nullptr, p, s, context);
// u = generator * s // x = p.x; y = p.y;
EC_POINT_mul(eCurve, u, nullptr, generator, s, context); EC_POINT_get_affine_coordinates(eCurve, p, x, y, context);
// v = publicKey * e // Convert resulting point coordinates to bytes.
EC_POINT_mul(eCurve, v, nullptr, publicKey, e, context); BN_bn2lebin(x, xBin, FIELD_BYTES_2003);
BN_bn2lebin(y, yBin, FIELD_BYTES_2003);
// v += u // Assemble the second SHA message.
EC_POINT_add(eCurve, v, u, v, context); msgBuffer[0x00] = 0x79;
msgBuffer[0x01] = (pData & 0x00FF);
msgBuffer[0x02] = (pData & 0xFF00) >> 8;
// v *= s memcpy((void *)&msgBuffer[3], (void *)xBin, FIELD_BYTES_2003);
EC_POINT_mul(eCurve, v, nullptr, v, s, context); memcpy((void *)&msgBuffer[3 + FIELD_BYTES_2003], (void *)yBin, FIELD_BYTES_2003);
// EC_POINT_get_affine_coordinates() sets x and y, either of which may be nullptr, to the corresponding coordinates of p. // compHash = SHA1(79 || Channel ID || p.x || p.y)
// x = v.x; y = v.y; SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
EC_POINT_get_affine_coordinates_GFp(eCurve, v, x, y, context);
// Hash = First31(SHA-1(79 || OS Family || v.x || v.y)) // Translate the byte digest into a 32-bit integer - this is our computed hash.
SHA1_Init(&hContext); // Truncate the hash to 31 bits.
DWORD compHash = BYDWORD(msgDigest) & BITMASK(31);
t[0] = 0x79;
t[1] = (osFamily & 0xff);
t[2] = (osFamily & 0xff00) >> 8;
// Hash chunk of data.
SHA1_Update(&hContext, t, 3);
// Empty buffer, place v.y in little-endian.
memset(t, 0, FIELD_BYTES_2003);
BN_bn2bin(x, t);
endiannessConvert(t, FIELD_BYTES_2003);
// Hash chunk of data.
SHA1_Update(&hContext, t, FIELD_BYTES_2003);
// Empty buffer, place v.y in little-endian.
memset(t, 0, FIELD_BYTES_2003);
BN_bn2bin(y, t);
endiannessConvert(t, FIELD_BYTES_2003);
// Hash chunk of data.
SHA1_Update(&hContext, t, FIELD_BYTES_2003);
// Store the final message from hContext in md.
SHA1_Final(md, &hContext);
// Hash = First31(SHA-1(79 || OS Family || v.x || v.y))
checkHash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) & 0x7fffffff;
BN_free(s); BN_free(s);
BN_free(e); BN_free(e);
@ -159,187 +226,199 @@ bool verifyServerKey(EC_GROUP *eCurve, EC_POINT *generator, EC_POINT *publicKey,
BN_CTX_free(context); BN_CTX_free(context);
EC_POINT_free(v); EC_POINT_free(p);
EC_POINT_free(u); EC_POINT_free(t);
// If we managed to generate a key with the same hash, the key is correct. // If the computed hash checks out, the key is valid.
return checkHash == hash; return compHash == pHash;
} }
void generateServerKey(char *pKey, EC_GROUP *eCurve, EC_POINT *generator, BIGNUM *order, BIGNUM *privateKey, ul32 *osFamily, ul32 *prefix) { /* Generates the Windows Server 2003-like Product Key. */
EC_POINT *r = EC_POINT_new(eCurve); VOID generateServerKey(
BN_CTX *ctx = BN_CTX_new(); EC_GROUP *eCurve,
EC_POINT *basePoint,
BIGNUM *genOrder,
BIGNUM *privateKey,
DWORD pChannelID,
DWORD pAuthInfo,
BOOL pUpgrade,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
) {
BN_CTX *numContext = BN_CTX_new();
ul32 bKey[4]{}, BIGNUM *c = BN_new(),
bSig[2]{}; *e = BN_new(),
*s = BN_new(),
*x = BN_new(),
*y = BN_new();
QWORD pRaw[2]{},
pSignature = 0;
// Data segment of the RPK.
DWORD pData = pChannelID << 1 | pUpgrade;
BOOL noSquare;
do { do {
BIGNUM *c = BN_new(); EC_POINT *r = EC_POINT_new(eCurve);
BIGNUM *s = BN_new();
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
BIGNUM *b = BN_new();
ul32 hash = 0, h[2]{};
memset(bKey, 0, 4);
memset(bSig, 0, 2);
// Generate a random number c consisting of 512 bits without any constraints. // Generate a random number c consisting of 512 bits without any constraints.
BN_rand(c, FIELD_BITS_2003, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY); BN_rand(c, FIELD_BITS_2003, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
// r = generator * c // R = cG
EC_POINT_mul(eCurve, r, nullptr, generator, c, ctx); EC_POINT_mul(eCurve, r, nullptr, basePoint, c, numContext);
// x = r.x; y = r.y; // Acquire its coordinates.
EC_POINT_get_affine_coordinates(eCurve, r, x, y, ctx); // x = R.x; y = R.y;
EC_POINT_get_affine_coordinates(eCurve, r, x, y, numContext);
SHA_CTX hContext; BYTE msgDigest[SHA_DIGEST_LENGTH]{},
byte md[SHA_DIGEST_LENGTH]{}, buf[FIELD_BYTES_2003]{}; msgBuffer[SHA_MSG_LENGTH_2003]{},
xBin[FIELD_BYTES_2003]{},
yBin[FIELD_BYTES_2003]{};
// Hash = SHA-1(79 || OS Family || r.x || r.y) // Convert resulting point coordinates to bytes.
SHA1_Init(&hContext); BN_bn2lebin(x, xBin, FIELD_BYTES_2003);
BN_bn2lebin(y, yBin, FIELD_BYTES_2003);
buf[0] = 0x79; // Assemble the first SHA message.
msgBuffer[0x00] = 0x79;
msgBuffer[0x01] = (pData & 0x00FF);
msgBuffer[0x02] = (pData & 0xFF00) >> 8;
buf[1] = (*osFamily & 0xff); memcpy((void *)&msgBuffer[3], (void *)xBin, FIELD_BYTES_2003);
buf[2] = (*osFamily & 0xff00) >> 8; memcpy((void *)&msgBuffer[3 + FIELD_BYTES_2003], (void *)yBin, FIELD_BYTES_2003);
SHA1_Update(&hContext, buf, 3); // pHash = SHA1(79 || Channel ID || R.x || R.y)
SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
memset(buf, 0, FIELD_BYTES_2003); // Translate the byte digest into a 32-bit integer - this is our computed hash.
// Truncate the hash to 31 bits.
DWORD pHash = BYDWORD(msgDigest) & BITMASK(31);
BN_bn2bin(x, buf); // Assemble the second SHA message.
endiannessConvert((byte *) buf, FIELD_BYTES_2003); msgBuffer[0x00] = 0x5D;
SHA1_Update(&hContext, buf, FIELD_BYTES_2003); msgBuffer[0x01] = (pData & 0x00FF);
msgBuffer[0x02] = (pData & 0xFF00) >> 8;
msgBuffer[0x03] = (pHash & 0x000000FF);
msgBuffer[0x04] = (pHash & 0x0000FF00) >> 8;
msgBuffer[0x05] = (pHash & 0x00FF0000) >> 16;
msgBuffer[0x06] = (pHash & 0xFF000000) >> 24;
msgBuffer[0x07] = (pAuthInfo & 0x00FF);
msgBuffer[0x08] = (pAuthInfo & 0xFF00) >> 8;
msgBuffer[0x09] = 0x00;
msgBuffer[0x0A] = 0x00;
memset(buf, 0, FIELD_BYTES_2003); // newSignature = SHA1(5D || Channel ID || Hash || AuthInfo || 00 00)
SHA1(msgBuffer, 11, msgDigest);
BN_bn2bin(y, buf); // Translate the byte digest into a 64-bit integer - this is our computed intermediate signature.
endiannessConvert((byte *) buf, FIELD_BYTES_2003); // As the signature is only 62 bits long at most, we have to truncate it by shifting the high DWORD right 2 bits (per spec).
QWORD iSignature = NEXTSNBITS(BYDWORD(&msgDigest[4]), 30, 2) << 32 | BYDWORD(msgDigest);
SHA1_Update(&hContext, buf, FIELD_BYTES_2003); BN_lebin2bn((BYTE *)&iSignature, sizeof(iSignature), e);
SHA1_Final(md, &hContext);
hash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) & 0x7fffffff;
// H = SHA-1(5D || OS Family || Hash || Prefix || 00 00)
SHA1_Init(&hContext);
buf[0] = 0x5D;
buf[1] = (*osFamily & 0xff);
buf[2] = (*osFamily & 0xff00) >> 8;
buf[3] = (hash & 0xff);
buf[4] = (hash & 0xff00) >> 8;
buf[5] = (hash & 0xff0000) >> 16;
buf[6] = (hash & 0xff000000) >> 24;
buf[7] = prefix[0] & 0xff;
buf[8] = (prefix[0] & 0xff00) >> 8;
buf[9] = 0x00;
buf[10] = 0x00;
// Input length is 11 bytes.
SHA1_Update(&hContext, buf, 11);
SHA1_Final(md, &hContext);
// First word.
h[0] = md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24);
// Second word, right shift 2 bits.
h[1] = (md[4] | (md[5] << 8) | (md[6] << 16) | (md[7] << 24)) >> 2;
h[1] &= 0x3FFFFFFF;
endiannessConvert((byte *)h, 8);
BN_bin2bn((byte *)h, 8, b);
/* /*
* Signature * (Signature * G + H * K) = rG (mod p)
* K = kG
* *
* Signature * (Signature * G + H * k * G) = rG (mod p) * Scalars:
* Signature^2 * G + Signature * HkG = rG (mod p) * c = Random multiplier
* G(Signature^2 + Signature * HkG) = G (mod p) * r * e = Intermediate Signature
* G^(-1)(G (mod p)) = (mod n), n = order of G * s = Signature
* n = Order of G
* k = Private Key
* *
* Signature^2 + Hk * Signature = r (mod n) * Points:
* Signature = -(b +- sqrt(D)) / 2a Signature = (-Hk +- sqrt((Hk)^2 + 4r)) / 2 * G(x, y) = Generator (Base Point)
* R(x, y) = Random derivative of the generator
* K(x, y) = Public Key
* *
* S = (-Hk +- sqrt((Hk)^2 + 4r)) (mod n) / 2 * Equation:
* s(sG + eK) = R (mod p)
* K = kG; R = cG
* *
* S = s * s(sG + ekG) = cG (mod p)
* H = b * s(s + ek)G = cG (mod p)
* k = privateKey * G cancels out, the scalar arithmetic shrinks to order n
* n = order
* r = c
* *
* s = ( ( -b * privateKey +- sqrt( (b * privateKey)^2 + 4c ) ) / 2 ) % order * s(s + ek) = c (mod n)
* s² + (ek)s - c = 0 (mod n)
* This is a quadratic equation in respect to the signature
*
* s = (-ek ± ((ek)² + 4c)) / 2 (mod n)
*/ */
// b = (b * privateKey) % order // e = ek (mod n)
BN_mod_mul(b, b, privateKey, order, ctx); BN_mod_mul(e, e, privateKey, genOrder, numContext);
// s = b // s = e
BN_copy(s, b); BN_copy(s, e);
// s = (s % order)^2 // s = (ek (mod n))²
BN_mod_sqr(s, s, order, ctx); BN_mod_sqr(s, s, genOrder, numContext);
// c <<= 2 (c = 4c) // c *= 4 (c <<= 2)
BN_lshift(c, c, 2); BN_lshift(c, c, 2);
// s = s + c // s += c
BN_add(s, s, c); BN_add(s, s, c);
// s^2 = s % order (order must be prime) // Around half of numbers modulo a prime are not squares -> BN_sqrt_mod fails about half of the times,
BN_mod_sqrt(s, s, order, ctx); // hence if BN_sqrt_mod returns NULL, we need to restart with a different seed.
// s = √((ek)² + 4c (mod n))
noSquare = BN_mod_sqrt(s, s, genOrder, numContext) == nullptr;
// s = s - b // s = -ek + √((ek)² + 4c) (mod n)
BN_mod_sub(s, s, b, order, ctx); BN_mod_sub(s, s, e, genOrder, numContext);
// if s is odd, s = s + order // If s is odd, add order to it.
if (BN_is_odd(s)) { // The order is a prime, so it can't be even.
BN_add(s, s, order); if (BN_is_odd(s))
}
// s >>= 1 (s = s / 2) // s = -ek + √((ek)² + 4c) + n
BN_add(s, s, genOrder);
// s /= 2 (s >>= 1)
BN_rshift1(s, s); BN_rshift1(s, s);
// Convert s from BigNum back to bytecode and reverse the endianness. // Translate resulting scalar into a 64-bit integer (the byte order is little-endian).
BN_bn2bin(s, (byte *)bSig); BN_bn2lebinpad(s, (BYTE *)&pSignature, BN_num_bytes(s));
endiannessConvert((byte *)bSig, BN_num_bytes(s));
// Pack product key. // Pack product key.
packServer(bKey, osFamily, &hash, bSig, prefix); packServer(pRaw, pUpgrade, pChannelID, pHash, pSignature, pAuthInfo);
EC_POINT_free(r);
} while (pSignature > BITMASK(62) || noSquare);
// ↑ ↑ ↑
// The signature can't be longer than 62 bits, else it will
// overlap with the AuthInfo segment next to it.
// Convert bytecode to Base24 CD-key.
base24((BYTE *)pRaw, pKey);
BN_free(c); BN_free(c);
BN_free(s); BN_free(s);
BN_free(x); BN_free(x);
BN_free(y); BN_free(y);
BN_free(b); BN_free(e);
} while (bSig[1] >= 0x40000000);
base24(pKey, bKey); BN_CTX_free(numContext);
BN_CTX_free(ctx);
EC_POINT_free(r);
} }
bool keyServer(char *pKey) { BOOL keyServer(
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR],
DWORD nChannelID,
DWORD nAuthInfo,
BOOL bUpgrade
) {
// If the Channel ID isn't valid, quit.
if (nChannelID >= 1'000)
return false;
// We cannot produce a valid key without knowing the private key k. The reason for this is that
// we need the result of the function K(x; y) = kG(x; y).
BIGNUM *privateKey = BN_new(); BIGNUM *privateKey = BN_new();
// We can, however, validate any given key using the available public key: {p, a, b, G, K}.
// genOrder the order of the generator G, a value we have to reverse -> Schoof's Algorithm.
BIGNUM *genOrder = BN_new(); BIGNUM *genOrder = BN_new();
/* Computed data */
BN_hex2bn(&genOrder, genOrderSv);
BN_hex2bn(&privateKey, privateKeySv); BN_hex2bn(&privateKey, privateKeySv);
BN_hex2bn(&genOrder, genOrderSv);
EC_POINT *genPoint, *pubPoint; EC_POINT *genPoint, *pubPoint;
EC_GROUP *eCurve = initializeEllipticCurve( EC_GROUP *eCurve = initializeEllipticCurve(
@ -356,14 +435,14 @@ bool keyServer(char *pKey) {
&pubPoint &pubPoint
); );
ul32 osFamily = 1280, prefix = 0; // Generate a stub 10-bit AuthInfo segment if none is specified.
if (nAuthInfo == 0) {
// Generate a 30-bit prefix. RAND_bytes((byte *)&nAuthInfo, 4);
RAND_bytes((byte *)&prefix, 4); nAuthInfo &= 0x3FF;
prefix &= 0x3FF; }
do { do {
generateServerKey(pKey, eCurve, genPoint, genOrder, privateKey, &osFamily, &prefix); generateServerKey(eCurve, genPoint, genOrder, privateKey, nChannelID, nAuthInfo, bUpgrade, pKey);
} while (!verifyServerKey(eCurve, genPoint, pubPoint, pKey)); } while (!verifyServerKey(eCurve, genPoint, pubPoint, pKey));
return true; return true;

19
utilities.cpp
View File

@ -5,7 +5,7 @@
#include "header.h" #include "header.h"
/* Convert data between endianness types. */ /* Convert data between endianness types. */
void endiannessConvert(byte *data, int length) { void endian(byte *data, int length) {
for (int i = 0; i < length / 2; i++) { for (int i = 0; i < length / 2; i++) {
byte temp = data[i]; byte temp = data[i];
data[i] = data[length - i - 1]; data[i] = data[length - i - 1];
@ -14,7 +14,7 @@ void endiannessConvert(byte *data, int length) {
} }
/* Generates a random 32-bit integer in range. */ /* Generates a random 32-bit integer in range. */
ul32 randomRange(ul32 dwLow, ul32 dwHigh) { DWORD randomRange(DWORD dwLow, DWORD dwHigh) {
return rand() % (dwHigh - dwLow) + dwLow; return rand() % (dwHigh - dwLow) + dwLow;
} }
@ -113,3 +113,18 @@ EC_GROUP *initializeEllipticCurve(
return eCurve; return eCurve;
} }
int BN_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen) {
if (a == nullptr || to == nullptr)
return 0;
int len = BN_bn2bin(a, to);
if (len > tolen)
return -1;
// Choke point inside BN_bn2lebinpad: OpenSSL uses len instead of tolen.
endian(to, tolen);
return len;
}

2
windows.cpp
View File

@ -463,7 +463,7 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar
} }
case IDC_BUTTON4: { case IDC_BUTTON4: {
ul32 msDigits = randomRange(0, 999), DWORD msDigits = randomRange(0, 999),
lsDigits = randomRange(0, 999'999); lsDigits = randomRange(0, 999'999);
WCHAR pBSection[4]{}, pCSection[8]{}; WCHAR pBSection[4]{}, pCSection[8]{};

394
xp.cpp
View File

@ -4,6 +4,7 @@
#include "header.h" #include "header.h"
/* Windows XP */
const char pXP[] = "92ddcf14cb9e71f4489a2e9ba350ae29454d98cb93bdbcc07d62b502ea12238ee904a8b20d017197aae0c103b32713a9"; const char pXP[] = "92ddcf14cb9e71f4489a2e9ba350ae29454d98cb93bdbcc07d62b502ea12238ee904a8b20d017197aae0c103b32713a9";
const long aXP = 1; const long aXP = 1;
const long bXP = 0; const long bXP = 0;
@ -12,7 +13,7 @@ const long bXP = 0;
const char genXXP[] = "46E3775ECE21B0898D39BEA57050D422A0AF989E497962BAEE2CB17E0A28D5360D5476B8DC966443E37A14F1AEF37742"; const char genXXP[] = "46E3775ECE21B0898D39BEA57050D422A0AF989E497962BAEE2CB17E0A28D5360D5476B8DC966443E37A14F1AEF37742";
const char genYXP[] = "7C8E741D2C34F4478E325469CD491603D807222C9C4AC09DDB2B31B3CE3F7CC191B3580079932BC6BEF70BE27604F65E"; const char genYXP[] = "7C8E741D2C34F4478E325469CD491603D807222C9C4AC09DDB2B31B3CE3F7CC191B3580079932BC6BEF70BE27604F65E";
// Inverse of the public key // The public key
const char pubXXP[] = "5D8DBE75198015EC41C45AAB6143542EB098F6A5CC9CE4178A1B8A1E7ABBB5BC64DF64FAF6177DC1B0988AB00BA94BF8"; const char pubXXP[] = "5D8DBE75198015EC41C45AAB6143542EB098F6A5CC9CE4178A1B8A1E7ABBB5BC64DF64FAF6177DC1B0988AB00BA94BF8";
const char pubYXP[] = "23A2909A0B4803C89F910C7191758B48746CEA4D5FF07667444ACDB9512080DBCA55E6EBF30433672B894F44ACE92BFA"; const char pubYXP[] = "23A2909A0B4803C89F910C7191758B48746CEA4D5FF07667444ACDB9512080DBCA55E6EBF30433672B894F44ACE92BFA";
@ -22,251 +23,288 @@ const char genOrderXP[] = "DB6B4C58EFBAFD";
// The private key was computed in 10 hours using a Pentium III 450 // The private key was computed in 10 hours using a Pentium III 450
const char privateKeyXP[] = "565B0DFF8496C8"; const char privateKeyXP[] = "565B0DFF8496C8";
/* Unpacks the Product Key. */
void unpackXP(ul32 *serial, ul32 *hash, ul32 *sig, ul32 *raw) {
/* Windows 98
const char pXP[] = "ec224ff2613a9fe1411b51e89634643f79a272402ee146b012a3f71098c7e75df4bf8b3713c4f0ce56691ce56b9b5029";
const long aXP = 1;
const long bXP = 0;
// Base point G (Generator)
const char genXXP[] = "b5e1957b19951b5523204a62fd83ab22056f59a13bf8aaaf16ac10b7540f8ea92ba28dbfa68996fa12510c024f912340";
const char genYXP[] = "a84fbc02f311b1fd4521773e01821bd047f067c496ad54ce1504315cb88667d69130caa25efb2cb1e479ed50efb40d6b";
// The public key
const char pubXXP[] = "26ea9efe57ab6da485225a13ed66533c143f81b7b9528e38c8568bb726a8f0f5607da0e8d85aebf2e1425758b409e811";
const char pubYXP[] = "1a7c4cebe5f3919e96876a447a813efcd920979e9610d2b2146a04fab1041b31ae65e24efa3e0b0d61622483655716c2";
// The order of G was computed in 18 hours using a Pentium III 450
const char genOrderXP[] = "E778E33AEE6B3D";
// The private key was computed in 10 hours using a Pentium III 450
const char privateKeyXP[] = "B9E99B9BB9812E"; // "677A485D4BE4A0";*/
/* Unpacks a Windows XP-like Product Key. */
VOID unpackXP(
QWORD (&pRaw)[2],
BOOL &pUpgrade,
DWORD &pSerial,
DWORD &pHash,
QWORD &pSignature
) {
// We're assuming that the quantity of information within the product key is at most 114 bits. // We're assuming that the quantity of information within the product key is at most 114 bits.
// log2(24^25) = 114. // log2(24^25) = 114.
// Serial = Bits [0..30] -> 31 bits // Upgrade = Bit 0
if (serial) pUpgrade = FIRSTNBITS(pRaw[0], 1);
serial[0] = raw[0] & 0x7fffffff;
// Hash (e) = Bits [31..58] -> 28 bits // Serial = Bits [1..30] -> 30 bits
if (hash) pSerial = NEXTSNBITS(pRaw[0], 30, 1);
hash[0] = ((raw[0] >> 31) | (raw[1] << 1)) & 0xfffffff;
// Signature (s) = Bits [59..113] -> 55 bits // Hash = Bits [31..58] -> 28 bits
if (sig) { pHash = NEXTSNBITS(pRaw[0], 28, 31);
sig[0] = (raw[1] >> 27) | (raw[2] << 5);
sig[1] = (raw[2] >> 27) | (raw[3] << 5); // Signature = Bits [59..113] -> 56 bits
} pSignature = FIRSTNBITS(pRaw[1], 51) << 5 | NEXTSNBITS(pRaw[0], 5, 59);
} }
/* Repacks the Product Key. */ /* Packs a Windows XP-like Product Key. */
void packXP(ul32 *raw, ul32 *serial, ul32 *hash, ul32 *sig) { VOID packXP(
raw[0] = serial[0] | ((hash[0] & 1) << 31); QWORD (&pRaw)[2],
raw[1] = (hash[0] >> 1) | ((sig[0] & 0x1f) << 27); BOOL pUpgrade,
raw[2] = (sig[0] >> 5) | (sig[1] << 27); DWORD pSerial,
raw[3] = sig[1] >> 5; DWORD pHash,
QWORD pSignature
) {
// The quantity of information the key provides is 114 bits.
// We're storing it in 2 64-bit quad-words with 14 trailing bits.
// 64 * 2 = 128
// Signature [114..59] <- Hash [58..31] <- Serial [30..1] <- Upgrade [0]
pRaw[0] = FIRSTNBITS(pSignature, 5) << 59 | FIRSTNBITS(pHash, 28) << 31 | (QWORD)pSerial << 1 | pUpgrade;
pRaw[1] = NEXTSNBITS(pSignature, 51, 5);
} }
/* Verify Product Key */ /* Verifies a Windows XP-like Product Key. */
bool verifyXPKey(EC_GROUP *eCurve, EC_POINT *generator, EC_POINT *publicKey, char *cdKey) { BOOL verifyXPKey(
BN_CTX *context = BN_CTX_new(); EC_GROUP *eCurve,
EC_POINT *basePoint,
EC_POINT *publicKey,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
) {
BN_CTX *numContext = BN_CTX_new();
QWORD pRaw[2]{},
pSignature;
DWORD pData,
pSerial,
pHash;
BOOL pUpgrade;
// Convert Base24 CD-key to bytecode. // Convert Base24 CD-key to bytecode.
ul32 bKey[4]{}; unbase24((BYTE *)pRaw, pKey);
ul32 pID, checkHash, sig[2];
unbase24(bKey, cdKey); // Extract RPK, hash and signature from bytecode.
unpackXP(pRaw, pUpgrade, pSerial, pHash, pSignature);
// Extract data, hash and signature from the bytecode. pData = pSerial << 1 | pUpgrade;
unpackXP(&pID, &checkHash, sig, bKey);
// e = Hash /*
// s = Signature *
BIGNUM *e, *s; * Scalars:
* e = Hash
* s = Schnorr Signature
*
* Points:
* G(x, y) = Generator (Base Point)
* K(x, y) = Public Key
*
* Equation:
* P = sG + eK
*
*/
// Put hash word into BigNum e. BIGNUM *e = BN_lebin2bn((BYTE *)&pHash, sizeof(pHash), nullptr),
e = BN_new(); *s = BN_lebin2bn((BYTE *)&pSignature, sizeof(pSignature), nullptr),
BN_set_word(e, checkHash); *x = BN_new(),
*y = BN_new();
// Reverse signature and create a new BigNum s. // Create 2 points on the elliptic curve.
endiannessConvert((byte *) sig, sizeof(sig)); EC_POINT *t = EC_POINT_new(eCurve);
s = BN_bin2bn((byte *)sig, sizeof(sig), nullptr); EC_POINT *p = EC_POINT_new(eCurve);
// Create x and y. // t = sG
BIGNUM *x = BN_new(); EC_POINT_mul(eCurve, t, nullptr, basePoint, s, numContext);
BIGNUM *y = BN_new();
// Create 2 new points on the existing elliptic curve. // P = eK
EC_POINT *u = EC_POINT_new(eCurve); EC_POINT_mul(eCurve, p, nullptr, publicKey, e, numContext);
EC_POINT *v = EC_POINT_new(eCurve);
// EC_POINT_mul calculates r = generator * n + q * m. // P += t
// v = s * generator + e * (-publicKey) EC_POINT_add(eCurve, p, t, p, numContext);
// u = generator * s // x = P.x; y = P.y;
EC_POINT_mul(eCurve, u, nullptr, generator, s, context); EC_POINT_get_affine_coordinates(eCurve, p, x, y, numContext);
// v = publicKey * e BYTE msgDigest[SHA_DIGEST_LENGTH]{},
EC_POINT_mul(eCurve, v, nullptr, publicKey, e, context); msgBuffer[SHA_MSG_LENGTH_XP]{},
xBin[FIELD_BYTES]{},
yBin[FIELD_BYTES]{};
// v += u // Convert resulting point coordinates to bytes.
EC_POINT_add(eCurve, v, u, v, context); BN_bn2lebin(x, xBin, FIELD_BYTES);
BN_bn2lebin(y, yBin, FIELD_BYTES);
// EC_POINT_get_affine_coordinates() sets x and y, either of which may be nullptr, to the corresponding coordinates of p. // Assemble the SHA message.
// x = v.x; y = v.y; memcpy((void *)&msgBuffer[0], (void *)&pData, 4);
EC_POINT_get_affine_coordinates(eCurve, v, x, y, context); memcpy((void *)&msgBuffer[4], (void *)xBin, FIELD_BYTES);
memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
// compHash = SHA1(pSerial || P.x || P.y)
SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
byte buf[FIELD_BYTES], md[SHA_DIGEST_LENGTH], t[4]; // Translate the byte digest into a 32-bit integer - this is our computed hash.
ul32 newHash; // Truncate the hash to 28 bits.
DWORD compHash = BYDWORD(msgDigest) >> 4 & BITMASK(28);
SHA_CTX hContext;
// h = First32(SHA-1(pID || v.x || v.y)) >> 4
SHA1_Init(&hContext);
// Chop Product ID into 4 bytes.
t[0] = (pID & 0xff); // First 8 bits
t[1] = (pID & 0xff00) >> 8; // Second 8 bits
t[2] = (pID & 0xff0000) >> 16; // Third 8 bits
t[3] = (pID & 0xff000000) >> 24; // Fourth 8 bits
// Hash chunk of data.
SHA1_Update(&hContext, t, sizeof(t));
// Empty buffer, place v.x in little-endian.
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(x, buf);
endiannessConvert(buf, FIELD_BYTES);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Empty buffer, place v.y in little-endian.
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(y, buf);
endiannessConvert(buf, FIELD_BYTES);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Store the final message from hContext in md.
SHA1_Final(md, &hContext);
// h = First32(SHA-1(pID || v.x || v.y)) >> 4
newHash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
newHash &= 0xfffffff;
BN_free(e); BN_free(e);
BN_free(s); BN_free(s);
BN_free(x); BN_free(x);
BN_free(y); BN_free(y);
BN_CTX_free(context); BN_CTX_free(numContext);
EC_POINT_free(u); EC_POINT_free(t);
EC_POINT_free(v); EC_POINT_free(p);
// If we managed to generate a key with the same hash, the key is correct. // If the computed hash checks out, the key is valid.
return newHash == checkHash; return compHash == pHash;
} }
/* Generate a valid Product Key. */ /* Generates a Windows XP-like Product Key. */
void generateXPKey(char *pKey, EC_GROUP *eCurve, EC_POINT *generator, BIGNUM *order, BIGNUM *privateKey, ul32 *pRaw) { VOID generateXPKey(
EC_POINT *r = EC_POINT_new(eCurve); EC_GROUP *eCurve,
BN_CTX *ctx = BN_CTX_new(); EC_POINT *basePoint,
BIGNUM *genOrder,
BIGNUM *privateKey,
DWORD pChannelID,
DWORD pSequence,
BOOL pUpgrade,
CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]
) {
BN_CTX *numContext = BN_CTX_new();
BIGNUM *c = BN_new(); BIGNUM *c = BN_new(),
BIGNUM *s = BN_new(); *s = BN_new(),
BIGNUM *x = BN_new(); *x = BN_new(),
BIGNUM *y = BN_new(); *y = BN_new();
ul32 bKey[4]{}; QWORD pRaw[2]{},
pSignature = 0;
// Data segment of the RPK.
DWORD pData = (pChannelID * 1'000'000 + pSequence) << 1 | pUpgrade;
do { do {
ul32 hash = 0, sig[2]{}; EC_POINT *r = EC_POINT_new(eCurve);
memset(bKey, 0, 4);
// Generate a random number c consisting of 384 bits without any constraints. // Generate a random number c consisting of 384 bits without any constraints.
BN_rand(c, FIELD_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY); BN_rand(c, FIELD_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
// r = generator * c; // Pick a random derivative of the base point on the elliptic curve.
EC_POINT_mul(eCurve, r, nullptr, generator, c, ctx); // R = cG;
EC_POINT_mul(eCurve, r, nullptr, basePoint, c, numContext);
// x = r.x; y = r.y; // Acquire its coordinates.
EC_POINT_get_affine_coordinates(eCurve, r, x, y, ctx); // x = R.x; y = R.y;
EC_POINT_get_affine_coordinates(eCurve, r, x, y, numContext);
SHA_CTX hContext; BYTE msgDigest[SHA_DIGEST_LENGTH]{},
byte md[SHA_DIGEST_LENGTH]{}, buf[FIELD_BYTES]{}, t[4]{}; msgBuffer[SHA_MSG_LENGTH_XP]{},
xBin[FIELD_BYTES]{},
yBin[FIELD_BYTES]{};
// h = (First-32(SHA1(pRaw, r.x, r.y)) >> 4 // Convert coordinates to bytes.
SHA1_Init(&hContext); BN_bn2lebin(x, xBin, FIELD_BYTES);
BN_bn2lebin(y, yBin, FIELD_BYTES);
// Chop Raw Product Key into 4 bytes. // Assemble the SHA message.
t[0] = (*pRaw & 0xff); memcpy((void *)&msgBuffer[0], (void *)&pData, 4);
t[1] = (*pRaw & 0xff00) >> 8; memcpy((void *)&msgBuffer[4], (void *)xBin, FIELD_BYTES);
t[2] = (*pRaw & 0xff0000) >> 16; memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
t[3] = (*pRaw & 0xff000000) >> 24;
// Hash chunk of data. // pHash = SHA1(pSerial || R.x || R.y)
SHA1_Update(&hContext, t, sizeof(t)); SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
// Empty buffer, place r.x in little-endiannessConvert. // Translate the byte digest into a 32-bit integer - this is our computed pHash.
memset(buf, 0, FIELD_BYTES); // Truncate the pHash to 28 bits.
BN_bn2bin(x, buf); DWORD pHash = BYDWORD(msgDigest) >> 4 & BITMASK(28);
endiannessConvert(buf, FIELD_BYTES);
// Hash chunk of data. /*
SHA1_Update(&hContext, buf, FIELD_BYTES); *
* Scalars:
* c = Random multiplier
* e = Hash
* s = Signature
* n = Order of G
* k = Private Key
*
* Points:
* G(x, y) = Generator (Base Point)
* R(x, y) = Random derivative of the generator
* K(x, y) = Public Key
*
* We need to find the signature s that satisfies the equation with a given hash:
* P = sG + eK
* s = ek + c (mod n) <- computation optimization
*/
// Empty buffer, place r.y in little-endiannessConvert. // s = ek;
memset(buf, 0, FIELD_BYTES);
BN_bn2bin(y, buf);
endiannessConvert(buf, FIELD_BYTES);
// Hash chunk of data.
SHA1_Update(&hContext, buf, FIELD_BYTES);
// Store the final message from hContext in md.
SHA1_Final(md, &hContext);
// h = (First-32(SHA1(pRaw, r.x, r.y)) >> 4
hash = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
hash &= 0xfffffff;
/* s = privateKey * hash + c; */
// s = privateKey;
BN_copy(s, privateKey); BN_copy(s, privateKey);
BN_mul_word(s, pHash);
// s *= hash; // s += c (mod n)
BN_mul_word(s, hash); BN_mod_add(s, s, c, genOrder, numContext);
// BN_mod_add() adds a to b % m and places the non-negative result in r. // Translate resulting scalar into a 64-bit integer (the byte order is little-endian).
// s = |s + c % order|; BN_bn2lebinpad(s, (BYTE *)&pSignature, BN_num_bytes(s));
BN_mod_add(s, s, c, order, ctx);
// Convert s from BigNum back to bytecode and reverse the endianness.
BN_bn2bin(s, (byte *)sig);
endiannessConvert((byte *)sig, BN_num_bytes(s));
// Pack product key. // Pack product key.
packXP(bKey, pRaw, &hash, sig); packXP(pRaw, pUpgrade, pChannelID * 1'000'000 + pSequence, pHash, pSignature);
} while (bKey[3] >= 0x40000);
// ↑ ↑ ↑
// bKey[3] can't be longer than 18 bits, else the signature part will make
// the CD-key longer than 25 characters.
// Convert the key to Base24. EC_POINT_free(r);
base24(pKey, bKey); } while (pSignature > BITMASK(55));
// ↑ ↑ ↑
// The signature can't be longer than 55 bits, else it will
// make the CD-key longer than 25 characters.
// Convert bytecode to Base24 CD-key.
base24((BYTE *)pRaw, pKey);
BN_free(c); BN_free(c);
BN_free(s); BN_free(s);
BN_free(x); BN_free(x);
BN_free(y); BN_free(y);
BN_CTX_free(ctx); BN_CTX_free(numContext);
EC_POINT_free(r);
} }
bool keyXP(char *pKey, ul32 nRaw) { BOOL keyXP(
assert(nRaw <= 1'000'000'000); CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR],
DWORD nChannelID,
DWORD nSequence,
BOOL bUpgrade
) {
// If the Channel ID or the random sequence aren't valid, quit.
if (nChannelID >= 1'000 || nSequence >= 1'000'000)
return false;
// We cannot produce a valid key without knowing the private key k. The reason for this is that
// we need the result of the function K(x; y) = kG(x; y).
BIGNUM *privateKey = BN_new(); BIGNUM *privateKey = BN_new();
// We can, however, validate any given key using the available public key: {p, a, b, G, K}.
// genOrder the order of the generator G, a value we have to reverse -> Schoof's Algorithm.
BIGNUM *genOrder = BN_new(); BIGNUM *genOrder = BN_new();
/* Computed data */
BN_hex2bn(&genOrder, genOrderXP);
BN_hex2bn(&privateKey, privateKeyXP); BN_hex2bn(&privateKey, privateKeyXP);
BN_hex2bn(&genOrder, genOrderXP);
EC_POINT *genPoint, *pubPoint; EC_POINT *genPoint, *pubPoint;
EC_GROUP *eCurve = initializeEllipticCurve( EC_GROUP *eCurve = initializeEllipticCurve(
@ -283,12 +321,8 @@ bool keyXP(char *pKey, ul32 nRaw) {
&pubPoint &pubPoint
); );
// Shift left once.
nRaw <<= 1;
// Generate the key until it's valid. (In XP it's valid 100% of the times)
do { do {
generateXPKey(pKey, eCurve, genPoint, genOrder, privateKey, &nRaw); generateXPKey(eCurve, genPoint, genOrder, privateKey, nChannelID, nSequence, bUpgrade, pKey);
} while (!verifyXPKey(eCurve, genPoint, pubPoint, pKey)); } while (!verifyXPKey(eCurve, genPoint, pubPoint, pKey));
return true; return true;