[Server] Fixed validation mechanism, QWORD update

This commit is contained in:
Andrew 2023-06-05 18:25:46 +03:00
parent 11dedcbd5f
commit 29465ffb37

View File

@ -9,9 +9,9 @@ const std::string filename = "keys.json";
using json = nlohmann::json; using json = nlohmann::json;
/* Unpacks the Windows XP-like Product Key. */
void unpackServer( void unpackServer(
DWORD (&pRaw)[4], QWORD (&pRaw)[2],
DWORD &pChannelID, DWORD &pChannelID,
DWORD &pHash, DWORD &pHash,
QWORD &pSignature, QWORD &pSignature,
@ -20,30 +20,31 @@ void unpackServer(
// We're assuming that the quantity of information within the product key is at most 114 bits. // We're assuming that the quantity of information within the product key is at most 114 bits.
// log2(24^25) = 114. // log2(24^25) = 114.
// OS Family = Bits [0..10] -> 11 bits // Channel ID = Bits [0..10] -> 11 bits
pChannelID = pRaw[0] & BITMASK(11); pChannelID = FIRSTNBITS(pRaw[0], 11);
// Hash = Bits [11..41] -> 31 bits // Hash = Bits [11..41] -> 31 bits
pHash = (pRaw[1] << 21 | pRaw[0] >> 11) & BITMASK(31); pHash = NEXTSNBITS(pRaw[0], 31, 11);
// Signature = Bits [42..103] -> 62 bits // Signature = Bits [42..103] -> 62 bits
pSignature = (((QWORD)pRaw[3] << 22 | (QWORD)pRaw[2] >> 10) & BITMASK(30)) << 32 | pRaw[2] << 22 | pRaw[1] >> 10; // The quad-word signature overlaps AuthInfo in bits 104 and 105,
// hence Microsoft employs a secret technique called: Signature = HIDWORD(Signature) >> 2 | LODWORD(Signature)
pSignature = NEXTSNBITS(pRaw[1], 30, 10) << 32 | FIRSTNBITS(pRaw[1], 10) << 22 | NEXTSNBITS(pRaw[0], 22, 42);
// Prefix = Bits [104..113] -> 10 bits // AuthInfo = Bits [104..113] -> 10 bits
pAuthInfo = pRaw[3] >> 8 & BITMASK(10); pAuthInfo = NEXTSNBITS(pRaw[1], 10, 40);
} }
void packServer( void packServer(
DWORD (&pRaw)[4], QWORD (&pRaw)[2],
DWORD pChannelID, DWORD pChannelID,
DWORD pHash, DWORD pHash,
QWORD &pSignature, QWORD &pSignature,
DWORD pAuthInfo DWORD pAuthInfo
) { ) {
pRaw[0] = pHash << 11 | pChannelID; // AuthInfo [113..104] <- Signature [103..42] <- Hash [41..11] <- Channel ID [10..1] <- Upgrade [0]
pRaw[1] = pSignature << 10 | pHash >> 21; pRaw[0] = FIRSTNBITS(pSignature, 22) << 42 | (QWORD)pHash << 11 | pChannelID;
pRaw[2] = (DWORD)(pSignature >> 22); pRaw[1] = FIRSTNBITS(pAuthInfo, 10) << 40 | NEXTSNBITS(pSignature, 40, 22);
pRaw[3] = pAuthInfo << 8 | pSignature >> 54;
} }
@ -57,7 +58,7 @@ bool verifyServerKey(
// Convert Base24 CD-key to bytecode. // Convert Base24 CD-key to bytecode.
DWORD pChannelID, pHash, pAuthInfo; DWORD pChannelID, pHash, pAuthInfo;
DWORD bKey[4]{}; QWORD bKey[2]{};
QWORD pSignature = 0; QWORD pSignature = 0;
@ -66,6 +67,12 @@ bool verifyServerKey(
// Extract segments from the bytecode and reverse the signature. // Extract segments from the bytecode and reverse the signature.
unpackServer(bKey, pChannelID, pHash, pSignature, pAuthInfo); unpackServer(bKey, pChannelID, pHash, pSignature, pAuthInfo);
std::cout << "Validation results:\n Serial: 0x" << std::hex << std::setw(8) << std::setfill('0') << pChannelID << std::endl
<< " Hash: 0x" << std::hex << std::setw(8) << std::setfill('0') << pHash << std::endl
<< " Signature: 0x" << std::hex << std::setw(8) << std::setfill('0') << pSignature << std::endl
<< " AuthInfo: 0x" << std::hex << std::setw(8) << std::setfill('0') << pAuthInfo << std::endl
<< std::endl;
BYTE msgDigest[SHA_DIGEST_LENGTH]{}, BYTE msgDigest[SHA_DIGEST_LENGTH]{},
msgBuffer[SHA_MSG_LENGTH_2003]{}, msgBuffer[SHA_MSG_LENGTH_2003]{},
xBin[FIELD_BYTES_2003]{}, xBin[FIELD_BYTES_2003]{},
@ -86,7 +93,7 @@ bool verifyServerKey(
SHA1(msgBuffer, 11, msgDigest); SHA1(msgBuffer, 11, msgDigest);
QWORD newHash = (BYDWORD(&msgDigest[4]) >> 2 & BITMASK(30)) << 32 | BYDWORD(msgDigest); QWORD newHash = NEXTSNBITS(BYDWORD(&msgDigest[4]), 30, 2) << 32 | BYDWORD(msgDigest);
BIGNUM *x = BN_new(); BIGNUM *x = BN_new();
BIGNUM *y = BN_new(); BIGNUM *y = BN_new();
@ -166,7 +173,7 @@ void generateServerKey(
BIGNUM *y = BN_new(); BIGNUM *y = BN_new();
BIGNUM *e = BN_new(); BIGNUM *e = BN_new();
DWORD pRaw[4]{}; QWORD pRaw[2]{};
BOOL wrong = false; BOOL wrong = false;
QWORD pSignature = 0; QWORD pSignature = 0;
@ -175,8 +182,7 @@ void generateServerKey(
wrong = false; wrong = false;
DWORD hash = 0; QWORD sig = 0;
QWORD h = 0;
// Generate a random number c consisting of 512 bits without any constraints. // Generate a random number c consisting of 512 bits without any constraints.
BN_rand(c, FIELD_BITS_2003, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY); BN_rand(c, FIELD_BITS_2003, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
@ -208,7 +214,7 @@ void generateServerKey(
// Retrieve the message digest. // Retrieve the message digest.
SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest); SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
hash = BYDWORD(msgDigest) & BITMASK(31); DWORD hash = BYDWORD(msgDigest) & BITMASK(31);
// H = SHA-1(5D || OS Family || Hash || Prefix || 00 00) // H = SHA-1(5D || OS Family || Hash || Prefix || 00 00)
msgBuffer[0x00] = 0x5D; msgBuffer[0x00] = 0x5D;
@ -226,9 +232,9 @@ void generateServerKey(
SHA1(msgBuffer, 11, msgDigest); SHA1(msgBuffer, 11, msgDigest);
// First word. // First word.
h = (BYDWORD(&msgDigest[4]) >> 2 & BITMASK(30)) << 32 | BYDWORD(msgDigest); sig = NEXTSNBITS(BYDWORD(&msgDigest[4]), 30, 2) << 32 | BYDWORD(msgDigest);
BN_lebin2bn((BYTE *)&h, sizeof(h), e); BN_lebin2bn((BYTE *)&sig, sizeof(sig), e);
/* /*
* Signature * (Signature * G + H * K) = rG (mod p) * Signature * (Signature * G + H * K) = rG (mod p)
@ -288,6 +294,12 @@ void generateServerKey(
// Pack product key. // Pack product key.
packServer(pRaw, pChannelID, hash, pSignature, pAuthInfo); packServer(pRaw, pChannelID, hash, pSignature, pAuthInfo);
std::cout << "Generation results:\n Serial: 0x" << std::hex << std::setw(8) << std::setfill('0') << pChannelID << std::endl
<< " Hash: 0x" << std::hex << std::setw(8) << std::setfill('0') << hash << std::endl
<< " Signature: 0x" << std::hex << std::setw(8) << std::setfill('0') << pSignature << std::endl
<< " AuthInfo: 0x" << std::hex << std::setw(8) << std::setfill('0') << pAuthInfo << std::endl
<< std::endl;
EC_POINT_free(r); EC_POINT_free(r);
} while (HIBYTES(pSignature, sizeof(DWORD)) >= 0x40000000); } while (HIBYTES(pSignature, sizeof(DWORD)) >= 0x40000000);
@ -341,6 +353,8 @@ int main()
RAND_bytes((BYTE *)&pAuthInfo, 4); RAND_bytes((BYTE *)&pAuthInfo, 4);
pAuthInfo &= 0x3ff; pAuthInfo &= 0x3ff;
printf("AuthInfo: %d\n", pAuthInfo);
do { do {
generateServerKey(eCurve, genPoint, genOrder, privateKey, pChannelID, pAuthInfo, pKey); generateServerKey(eCurve, genPoint, genOrder, privateKey, pChannelID, pAuthInfo, pKey);
} while (!verifyServerKey(eCurve, genPoint, pubPoint, pKey)); } while (!verifyServerKey(eCurve, genPoint, pubPoint, pKey));