DarkBlizz

Quote from: darkrei9n on July 19, 2010, 08:57:09 PM
The 256 bit key I believe is retrieved somehow by the Authentication code for sure than. The Authentication Code and the Decryption code are the one and the same. As proof I present that there is no storage space for authentication code, however when you change a jump address from jz to jnz it opens a screen where you manually enter the authentication code, this than goes directly down to a section of code containing hasValidDecryptionKey.

This means that the authentication key is also checked. Then there are 3 characters that are restricted. So that narrows down the decryption key further.

Yeah, it's the auth code. Now all you gotta do is guess a 10 - 20 digit & alphanumerical number.

It's amazing how many people just copied what i said about the key.

Anyways, since you guys are so into makin a crack, i'll post what i have found.

Salsa20 R(389) encryption for both mpqe files.
They corrupted the file header and run a crc32 check on file edit.

Memory dumps of the installer are NOT protected but still use a header corruption technique (I wasn't able to circumvent a hc on a memory dump, so this is all i got).

Modifying the authorization code isn't too difficult with the right tools, however, it still requires the 256 bit key for the tome decryption.

Useful tools:

Ollydbg
Phant0m
Peid with crc32 plugin
IDA PRO

IGNORE PEOPLE THAT SAY YOU NEED AN EMULATED SERVER - EVERYTHING EXCEPT THE 256-BIT KEY CAN BE FOUND LOCALLY.


Edit: You might wanna get Kerneldetective for dumping the sc2 installer.

Quote from: TehHawk on July 19, 2010, 02:47:10 PM

Quote from: Cybertox on July 19, 2010, 02:18:11 PM
I want to play this game so badly.It is horrible thinking that Vernam is now playing the game and wont share his crack.
Im sorry that i dont understood about the protection next time will read  carefully.

don't worry, he ain't playing it. Why do you think he won't release anything up to the release date? easy: he lacks the authentification key which blizzard sends to your computer once you try to install the game. (The authentification key is needed for the install, you can't bypass the protection without it).

The MPQE decryption is vital if you want to install the game, without it those files are nothing but incoherent data which has no direct relation to the real game data.

Now since we don't have the key, we must deduce it. Think of it like when you try to open a locker and you don't have the correct combination, you just go trying all possible combinations.

The same happens in this case, just that we have 2^256 combinations, the big problem is that a computer may at best try 1000000 combinations per second (I may be exagerating here, it may be way way less; haven't read Salsa20's algorithm yet) in other words in our best case we will be able to deduce 1 million combinations per second. Yet, we have 2^256 combinations, that means it takes 2^256/1000000 seconds to try all combinations, and that would be aprox 2^236 seconds which would be 2^224 hours pretty much. As you see, that's a lot of time, we may actually die before the computer could deduce the god damm key.

If you don't believe me and still think that everything is so easilly cracked, look for a .rar unlocking tool, you'll notice that all it will do is try all the possible passwords until it finds one.

Exactly - and Blizzard will release the above key when the game launches. They probably released it 2 weeks earlier just to fuck with the people who think they can crack it.

Ok, to the people who are trying to crack Blizzard's SC2 - read the following.


MPQ - MoPaQ file archive format in which the files are compressed to decrease space and enhance ease of use.
MPQE - MoPaQ files first used by Blizzard. These files are encrypted.

After playing around with PeID and several plugins I found MPQE files to be encrypted in two ways. One - is a simple crc & header corruption which is easily reversible.

The other, however is a Salsa20 or ChaCha encryption, BOTH of which are as hard to decrypt as Themida 2.x. This encryption requires a 256-bit key which Blizzard DID NOT RELEASE. It is possible to try to crack the key if you have enough knowledge on the subject, but cracking the key could take months or more.

The Sc2 installer WILL DEPROTECT the files WHEN it has the key. So basically, even if you do modify the program so that it will accept any authorization key, the decryption will still require the 256-bit key that BLIZZARD HAS.

Vernam claims he cracked the program in a maximum of 3 days. He also said that he used an emulator server to help him with the cracking.

Why the hell would you need an emulation server if everything except the encryption-key can be accessed locally?

Finally, Blizzard wouldn't release a game before the actual release date with such weak protection that it can be cracked in less then a week!

Also, Vernam, I have 8 years of experience in C mask and psuedo code, not to mention a doctorate in computer science. I am currently taking classes in electric engineering, so denying my argument by calling me a script kiddie (Which is what you say to all logical arguments) will just make you an idiot.
IN SHORT - SC2 CANNOT BE CRACKED BEFORE THE RELEASE DATE!