WindowsXPKg/src/BINK1998.cpp

284 lines
8.1 KiB
C++
Raw Normal View History

/**
2023-06-17 00:58:22 +03:00
* This file is a part of the UMSKT Project
*
2023-06-17 00:58:22 +03:00
* Copyleft (C) 2019-2023 UMSKT Contributors (et.al.)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @FileCreated by Andrew on 01/06/2023
* @Maintainer Andrew
*
* @History {
* Algorithm was initially written and open sourced by z22
* and uploaded to GitHub by TheMCHK in August of 2019
*
* Endermanch (Andrew) rewrote the algorithm in May of 2023
* }
*/
2019-08-21 18:29:48 +03:00
2023-06-07 22:23:59 +03:00
#include "BINK1998.h"
2023-06-01 16:09:22 +03:00
2023-06-14 15:00:12 +03:00
/* Unpacks a Windows XP-like Product Key. */
2023-06-07 22:23:59 +03:00
void BINK1998::Unpack(
2023-06-04 16:44:22 +03:00
QWORD (&pRaw)[2],
2023-06-10 19:38:22 +03:00
BOOL &pUpgrade,
2023-06-04 16:44:22 +03:00
DWORD &pSerial,
DWORD &pHash,
QWORD &pSignature
) {
2023-06-01 16:09:22 +03:00
// We're assuming that the quantity of information within the product key is at most 114 bits.
// log2(24^25) = 114.
2023-06-10 19:38:22 +03:00
// Upgrade = Bit 0
pUpgrade = FIRSTNBITS(pRaw[0], 1);
// Serial = Bits [1..30] -> 30 bits
pSerial = NEXTSNBITS(pRaw[0], 30, 1);
2023-06-01 16:09:22 +03:00
2023-06-04 16:44:22 +03:00
// Hash = Bits [31..58] -> 28 bits
pHash = NEXTSNBITS(pRaw[0], 28, 31);
2023-06-01 16:09:22 +03:00
2023-06-04 16:44:22 +03:00
// Signature = Bits [59..113] -> 56 bits
pSignature = FIRSTNBITS(pRaw[1], 51) << 5 | NEXTSNBITS(pRaw[0], 5, 59);
2019-08-21 18:29:48 +03:00
}
2023-06-14 15:00:12 +03:00
/* Packs a Windows XP-like Product Key. */
2023-06-07 22:23:59 +03:00
void BINK1998::Pack(
2023-06-04 16:44:22 +03:00
QWORD (&pRaw)[2],
2023-06-10 19:38:22 +03:00
BOOL pUpgrade,
2023-06-04 16:44:22 +03:00
DWORD pSerial,
DWORD pHash,
QWORD pSignature
) {
// The quantity of information the key provides is 114 bits.
// We're storing it in 2 64-bit quad-words with 14 trailing bits.
// 64 * 2 = 128
// Signature [114..59] <- Hash [58..31] <- Serial [30..1] <- Upgrade [0]
2023-06-10 19:38:22 +03:00
pRaw[0] = FIRSTNBITS(pSignature, 5) << 59 | FIRSTNBITS(pHash, 28) << 31 | pSerial << 1 | pUpgrade;
2023-06-04 16:44:22 +03:00
pRaw[1] = NEXTSNBITS(pSignature, 51, 5);
2019-08-21 18:29:48 +03:00
}
2023-06-14 15:00:12 +03:00
/* Verifies a Windows XP-like Product Key. */
2023-06-07 22:23:59 +03:00
bool BINK1998::Verify(
EC_GROUP *eCurve,
EC_POINT *basePoint,
EC_POINT *publicKey,
2023-06-09 21:07:29 +03:00
char (&pKey)[25]
) {
BN_CTX *numContext = BN_CTX_new();
2023-06-01 16:09:22 +03:00
QWORD pRaw[2]{},
2023-06-10 19:38:22 +03:00
pSignature;
DWORD pData,
pSerial,
pHash;
2023-06-01 16:09:22 +03:00
2023-06-10 19:38:22 +03:00
BOOL pUpgrade;
2023-06-01 16:09:22 +03:00
// Convert Base24 CD-key to bytecode.
2023-06-05 12:13:15 +03:00
unbase24((BYTE *)pRaw, pKey);
// Extract RPK, hash and signature from bytecode.
2023-06-10 19:38:22 +03:00
Unpack(pRaw, pUpgrade, pSerial, pHash, pSignature);
pData = pSerial << 1 | pUpgrade;
/*
*
* Scalars:
* e = Hash
* s = Schnorr Signature
*
* Points:
* G(x, y) = Generator (Base Point)
* K(x, y) = Public Key
*
* Equation:
* P = sG + eK
*
*/
BIGNUM *e = BN_lebin2bn((BYTE *)&pHash, sizeof(pHash), nullptr),
*s = BN_lebin2bn((BYTE *)&pSignature, sizeof(pSignature), nullptr),
*x = BN_new(),
*y = BN_new();
// Create 2 points on the elliptic curve.
EC_POINT *t = EC_POINT_new(eCurve);
EC_POINT *p = EC_POINT_new(eCurve);
// t = sG
EC_POINT_mul(eCurve, t, nullptr, basePoint, s, numContext);
2023-06-07 01:37:30 +03:00
// P = eK
EC_POINT_mul(eCurve, p, nullptr, publicKey, e, numContext);
2023-06-07 01:37:30 +03:00
// P += t
EC_POINT_add(eCurve, p, t, p, numContext);
2023-06-07 01:37:30 +03:00
// x = P.x; y = P.y;
EC_POINT_get_affine_coordinates(eCurve, p, x, y, numContext);
BYTE msgDigest[SHA_DIGEST_LENGTH]{},
msgBuffer[SHA_MSG_LENGTH_XP]{},
xBin[FIELD_BYTES]{},
yBin[FIELD_BYTES]{};
// Convert resulting point coordinates to bytes.
BN_bn2lebin(x, xBin, FIELD_BYTES);
BN_bn2lebin(y, yBin, FIELD_BYTES);
// Assemble the SHA message.
2023-06-10 19:38:22 +03:00
memcpy((void *)&msgBuffer[0], (void *)&pData, 4);
memcpy((void *)&msgBuffer[4], (void *)xBin, FIELD_BYTES);
memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
2023-06-07 02:22:36 +03:00
// compHash = SHA1(pSerial || P.x || P.y)
SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
// Translate the byte digest into a 32-bit integer - this is our computed hash.
// Truncate the hash to 28 bits.
2023-06-05 00:52:10 +03:00
DWORD compHash = BYDWORD(msgDigest) >> 4 & BITMASK(28);
2023-06-01 16:09:22 +03:00
BN_free(e);
BN_free(s);
BN_free(x);
BN_free(y);
BN_CTX_free(numContext);
2023-06-01 16:09:22 +03:00
EC_POINT_free(t);
EC_POINT_free(p);
2023-06-01 16:09:22 +03:00
// If the computed hash checks out, the key is valid.
return compHash == pHash;
2019-08-21 18:29:48 +03:00
}
2023-06-01 16:09:22 +03:00
2023-06-14 15:00:12 +03:00
/* Generates a Windows XP-like Product Key. */
2023-06-07 22:23:59 +03:00
void BINK1998::Generate(
EC_GROUP *eCurve,
EC_POINT *basePoint,
2023-06-09 21:07:29 +03:00
BIGNUM *genOrder,
BIGNUM *privateKey,
DWORD pSerial,
2023-06-10 19:38:22 +03:00
BOOL pUpgrade,
2023-06-09 21:07:29 +03:00
char (&pKey)[25]
) {
BN_CTX *numContext = BN_CTX_new();
2023-06-01 16:09:22 +03:00
2023-06-07 02:22:36 +03:00
BIGNUM *c = BN_new(),
*s = BN_new(),
*x = BN_new(),
*y = BN_new();
2023-06-01 16:09:22 +03:00
QWORD pRaw[2]{},
pSignature = 0;
2023-06-01 16:09:22 +03:00
2023-06-10 19:38:22 +03:00
// Data segment of the RPK.
DWORD pData = pSerial << 1 | pUpgrade;
2023-06-01 16:09:22 +03:00
do {
EC_POINT *r = EC_POINT_new(eCurve);
2023-06-01 16:09:22 +03:00
// Generate a random number c consisting of 384 bits without any constraints.
BN_rand(c, FIELD_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
// Pick a random derivative of the base point on the elliptic curve.
// R = cG;
EC_POINT_mul(eCurve, r, nullptr, basePoint, c, numContext);
// Acquire its coordinates.
// x = R.x; y = R.y;
EC_POINT_get_affine_coordinates(eCurve, r, x, y, numContext);
BYTE msgDigest[SHA_DIGEST_LENGTH]{},
msgBuffer[SHA_MSG_LENGTH_XP]{},
xBin[FIELD_BYTES]{},
yBin[FIELD_BYTES]{};
// Convert coordinates to bytes.
BN_bn2lebin(x, xBin, FIELD_BYTES);
BN_bn2lebin(y, yBin, FIELD_BYTES);
// Assemble the SHA message.
2023-06-10 19:38:22 +03:00
memcpy((void *)&msgBuffer[0], (void *)&pData, 4);
memcpy((void *)&msgBuffer[4], (void *)xBin, FIELD_BYTES);
memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
2023-06-07 02:22:36 +03:00
// pHash = SHA1(pSerial || R.x || R.y)
SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
// Translate the byte digest into a 32-bit integer - this is our computed pHash.
// Truncate the pHash to 28 bits.
DWORD pHash = BYDWORD(msgDigest) >> 4 & BITMASK(28);
/*
*
* Scalars:
* c = Random multiplier
* e = Hash
* s = Signature
* n = Order of G
* k = Private Key
*
* Points:
* G(x, y) = Generator (Base Point)
* R(x, y) = Random derivative of the generator
* K(x, y) = Public Key
*
* We need to find the signature s that satisfies the equation with a given hash:
* P = sG + eK
* s = ek + c (mod n) <- computation optimization
*/
// s = ek;
2023-06-01 16:09:22 +03:00
BN_copy(s, privateKey);
BN_mul_word(s, pHash);
2023-06-01 16:09:22 +03:00
// s += c (mod n)
BN_mod_add(s, s, c, genOrder, numContext);
2023-06-01 16:09:22 +03:00
// Translate resulting scalar into a 64-bit integer (the byte order is little-endian).
BN_bn2lebinpad(s, (BYTE *)&pSignature, BN_num_bytes(s));
2023-06-01 16:09:22 +03:00
// Pack product key.
2023-06-10 19:38:22 +03:00
Pack(pRaw, pUpgrade, pSerial, pHash, pSignature);
if (options.verbose) {
fmt::print("Generation results:\n");
2023-06-10 19:38:22 +03:00
fmt::print(" Upgrade: 0x{:08x}\n", pUpgrade);
fmt::print(" Serial: 0x{:08x}\n", pSerial);
fmt::print(" Hash: 0x{:08x}\n", pHash);
fmt::print(" Signature: 0x{:08x}\n", pSignature);
fmt::print("\n");
}
EC_POINT_free(r);
} while (pSignature > BITMASK(55));
2023-06-01 16:09:22 +03:00
// ↑ ↑ ↑
// The signature can't be longer than 55 bits, else it will
// make the CD-key longer than 25 characters.
2023-06-01 16:09:22 +03:00
// Convert bytecode to Base24 CD-key.
base24(pKey, (BYTE *)pRaw);
2023-06-01 16:09:22 +03:00
BN_free(c);
BN_free(s);
BN_free(x);
BN_free(y);
BN_CTX_free(numContext);
2023-06-01 16:09:22 +03:00
}