April 11th, 2004, 01:29 PM
I have a couple of hashed CD keys. Is it possible to translate them? If yes, what program would allow a user to do that?
April 11th, 2004, 09:20 PM
Hi Cyber.................happy Easter
We have a saying over here: "curiosity killed the cat"
The serious answer to your question is "yes", this is the problem that games and applications vendors face on a day-to day-basis?. Given the intent and enough time and resources, any security system can be circumvented.
The situation is similar to the "malware" v's "anti malware" conflict, it is a running battle?
If I were managing a games software project, I would want to evaluate my development costs, my potential market penetration, and the amount of time my revenue could be sustained before pirate copies hit the streets. OK I reckon that a lot of people are pretty honest and would buy a legit copy, because they would want it "now" rather than waiting for a pirate version which may not work, contain trojans etc? After a few months the price drops so people don't want to take the risk anyway.........a sort of "shelf life" consideration?
I must admit that I have never tried to do what you are asking about, as I have always thought about it the other way round (it is better to work for the guys who can afford to pay you?). I do know that it is a two-stage process in which you first remove the hash, then decrypt the underlying data................I think that you have to assume that if it is hashed it will also have been encrypted?
A word of personal advice for those who handle a lot of CDs with CD/product codes............get one of those special felt tip pens and write the info on the top of the CD, then if you lose the box or the manual, it will still work (and if you have more than one copy of Nero, do the same, but with the PC details......it is a real pain going through loads of CDs to find the version that actually matches your burner?)
I am sorry that I cannot suggest any specific software...............as I said, I have never actually done it myself, and it is a moving target anyway. I would be very interested in an up to date, state of the art solution though..................interesting thread.
BTW I think I will have to fix my system clock.........I am sure it is telling me the wrong date?
April 11th, 2004, 09:38 PM
Why? What? Are these legal? Do I care? I don't know.
There HASHES dude... By definition that means irreversible.
You could brute force them of course, but you've gotta have an algorithm... do you have one. It's probably different for each key.
Now, that's not to say you can't 'pass the hash.' I don't even know what software is on those CD's, and I'm pretty sure each piece of software on those CD's will handle the key/hash differently. More info may help. But if the info leads to illegal crud, it probably won't.
April 11th, 2004, 10:04 PM
funny you say that Nihil , I actually purchased 7 copies of Counter-STrike for my Internet Caffe, trying to do the legal thing and own a copy for each system. Little did I know that in order to use Steam, which is a Valve product, to have enough accounts for each computer, they want me to buy an Internet Caffe licence, which would cost me 10 dollars a month per computer. Now, I wouldn't have a problem with that, but the Internet Caffe is not bringing me enough revenue Yet, to add that bill to my $8000 rent. LOL, the PCs cost me $3500, and the games, altogether cost me around $2000 and now I cannot use some of them. I've asked the customers to use their own CD keys since steam is doing that....perhaps I'll just take it out of the computers.
The CD Key hashes are for Battlefield 1942. They're actually not my own, but were aquired by my BF1942 clan. I tried BruteForce using Cain, but I really dont have the time to leave my PC running on full power for days on end. I was wondering for an easier alternative. The reason behind this: Some of the members in my clan (actually the founders) left another clan to start their own. After continouous bitching, the other clan actually threatened us that they would crash our server over and over (Also revealed to us that they have actually successfully done so once). Those hashes belong to two of their members. We have the email that they sent us, and are forwarding it to the Ladder they belong to, but wanted to add some assurance to ourselves by getting a hold of their CD keys and disabling them if we had to, say for revenge, since we do pay over $100 a month from our own pockets to keep everything running.
its fine if it cannot be done, Its not a big deal, but reverse engineering is quite interesting and I cannot get enough of it . Thnx for your help everyone and have a wonderful easter.
April 11th, 2004, 11:08 PM
Please understand my ignorance..................I know nothing about your particular field........Cyber Cafe online Gaming, that is
By "hash" do you mean a "hash protected, encrypted, authorisation code"? If so, are we talking about authorisation to the CD itself, the local PC or a remote server?
How many characters?
Any "illegal characters" that you are aware of?
Upper case & lower case allowed?...........and respected!????????????
In other words is it :
"How do I get this compact disc to work?" OR
"How do I get the hash protected, encrypted access code to this account?"..........like any old compact disc would work to run it, I just need the answer when I get there...........wherever "there" is?
My answer is still "yes" but I am now a little confused as to what the requirement is. Like is it really a hash masked encrypted code, or just a strong encrypted code?
How is one allocated these authorisation codes.............why are they "irreversible"
A bit more guidance would let me assess the vulnerability, and so the time/resource.
There may be shortcuts?, as it is specific games software you are talking about?
April 12th, 2004, 12:28 AM
Hmm, wasn't counterstrike originally handed out as an unofficial mod? As such, can't you say you've got one of those versions? (I know you'd then have problems about the license for Half-Life, but, it's a thought...)
Just thinking the other way about , what if you were to hash their cd key to get their globally
unique identifier (GUID) (which is used in the punkbuster system), and then circulate that to their commonly visited servers, along with a copy of the email they sent you? Looks like you'd get it by connecting/getting them to connect to a game server, and then typing the appropriate command (afaik you need to be admin for this to work). I found some info on this on this site:
and here Punksbusted
I'm not too sure about how the system works, but I'm wondering if you actually could disable their cd key... it would still work (I guess, never tried it/played it) on a LAN, as there's no way of connecting/sending a disable signal to it from a central server.
\"Death is more universal than life; everyone dies but not everyone lives.\"
April 12th, 2004, 12:30 AM
there was a company that had a site up promoting their ware's.. a prog that was able to crack the XP password hash.. You had a limited number of tries with your own stuff.. but the demo worked endlessly with their hashes (gee i wonder Why?)
just cant find the link..
reminder to Self\ Clean out my bookmarks..
Still cant find it.. this is all I could find..:
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
April 12th, 2004, 01:21 AM
Nihil, the CD key of the game battlefield has been hashed (I guess encrypted). Here's one of them:
No illegal or unicode characters IMHO....i dont know much about encryptions.
CDKey Hash: 85a2a4c5430e658b43eacb93f3d83dc6
While coppying and pasting this...perhaps..... 8524-5430-6584-3933-836....Nah
Counter-strike is a standalone mod which you need to purchase today to get the appropriate CD key.
Any information we could find...would be great. We do have admin and they connected onto our server, which is how we got the cd key hashes. One of the other members was able to get them. We also have their IP adresses which we're banning.
Teamwarfare should have received the letter by now and taking care of the sittuation.(Dont know if one of the other members sent the letter yet)