Starcraft II Crack

2g4u · July 21, 2010, 01:37:13 AM

The latest news from the Chinese sites are that they are still looking for the key to decrypt the files, BUT they claim that they didn't find anything in the Installer.exe and I dunno if they would be able to find it anywhere else in the install files...

P.S. Check this block scheme it should explain to everyone what is going on with the Installer atm(sry for the crappy look, but I made it in 10 mins, I am at work after all):

berrykerry789 · July 21, 2010, 04:49:33 AM

maybe the key needs to be place in several places?

tomsons26 · July 21, 2010, 06:03:07 AM

anyone tried to disassemble the Mac installator?

miguelgalit · July 21, 2010, 06:13:27 AM

Quote from: berrykerry789 on July 21, 2010, 04:49:33 AM
maybe the key needs to be place in several places?

that's right, the key must be in a place that the crackers must know... but if it doenst accept the fake keys then it is the doom of the sc2 crack...

berrykerry789 · July 21, 2010, 06:33:35 AM

cracking seems so complicated

tomsons26 · July 21, 2010, 08:20:22 AM

Wait darkrei9n sad

QuoteUpdate. After some careful hex editing we have no bypassed the first error achieved, FAILURE TO OPEN <EULA>, it now opens the eula window properly and goes onto install WITHOUT any XML editing. We need to get it to decrypt however still.

but the EULA is in the Installer UI 2.MPQE so the installer is should be able to open MPQE's

or did it open just the window not the EULA?

berrykerry789 · July 21, 2010, 07:23:36 PM

looks like blue won... wont get to play before the 27...

Kremnari · July 22, 2010, 12:48:41 AM

I've been paying attention to this since the first thread opened up, and here's something I'm not getting. The authentication key is supposedly 30 characters (assuming blizz didn't add useless characters to the string); is alphanumeric (sans 0,o,1, and i; leaving a 32 character set); salsa20 uses a 256-bit key (again assuming standard implementation). This means that the mpqe's should only be (truly) protected by an 8 character code (from their 32-bit character set).

From what I'm reading, the authentication code should either go through some kind of conversion to become the mpqe key, or the mpqe key should be stored somewhere. It seems that most people get this.

Hopefully atleast one person who can follow assembly is working on this, so my question is: What does the installer do when you manually type in the code? A 30 character string can't just disappear.

I'll try looking at it again myself, see if inspiration hits.
Kremnari

Doix · July 22, 2010, 04:17:09 AM

Blackcode- confirmed that the authentication key is actually 32 characters. A bunch of people were confusing me as well and saying it was 30. The fact that it is 32 makes it a lot more simple now :p.

The thing is, blizzards implementation of the system is very far from perfect. Like you said the key is limited to alphanumeric characters. Plus the installer preforms a validation check. Someone could potentially reverse engineer the validation algorithm, generate all the possible keys and then try brute forcing. There probably would be a lot, but it would be a lot less than 2^256 options (which is more than a fucktonne). Blizzard is kinda defeating the purpose of using a 256 bit key, if they are just going to limit it to alphanumeric characters + supply us with an algorithm which will exclude a bunch of options.

That said, I don't think it'll get cracked :p.

Kremnari · July 22, 2010, 05:22:07 AM

If anyone has source for bruteforcing*, I have over two teraflops at my disposal. The standard 2^256 would still take a significant amount of time, but a reduced set may be within the realm of possibility.

Actually, limiting the character set to 32 allows them to express a 2^5 sequence as a unique character with no leftovers.

It's odd, 32 char set with a 32 char key... this is well above the 256-bit salsa key (4x). It just seems to me that Blizzard could have this with irony...

Anyways, somebody want's to drop me some code, I can run it.
Kremnari

P.S, has anybody checked for differences in the enGB vs enUS installers?

*Either direct bruteforcing the mpqe, or generating a list of potentially valid keys would work.

zfeet · July 22, 2010, 06:48:07 AM

Just my two cents: if Blizzard has allowed this to be installed off-line with authentication key then it should be possible to crack the installation without resorting to brute-forcing decryption keys. In other words: it is a matter of simple serial cracking, lots of tutorials are available, for example:

http://www.reversing.be/article.php?story=20060630073513417&query=serial

I used to do this back in the day when Soft-Ice was the king but haven't touched any debuggers since then

trancedspirit · July 22, 2010, 12:02:04 PM

just a thought mabee your looking at this the wrong way its quite possible that the intall exe is scripted to check for a valid code by opening the mpqe and reading a file inside it aswell as doing all the other shit i know nothing about cracking i just thought id put my two cents in in an effort to get peaple thinking outside the box XD good luck guys/girls

Kremnari · July 22, 2010, 04:33:43 PM

I just thought I'd post, the installers (bootstrapped) for enUS, enGB and zhTW are all identical. This leads me to believe that there still may by separate keys for/as each version points to it's on web address for the authentication key.

berrykerry789 · July 22, 2010, 07:19:25 PM

seems like the installer must decrypt the mpqe file in order to get the bootstrap installer...

tomsons26 · July 23, 2010, 03:40:17 AM

The SC2WOL DVD has 2 keys??? http://picasaweb.google.com/drivex.info/Starcraft2?feat=directlink#5496762898265175202