RingEdge_NoKey_softmod icon indicating copy to clipboard operation
RingEdge_NoKey_softmod copied to clipboard

Published 20 hours ago verified publisher icon ArcadeHustle

Share dump key

Open revengemanx opened this issue 4 years ago • 7 comments

Hi every one , I have some game without keychip and i wanted to rekey them To use them . If someone can share them thx . Keys are : sddy and sdcu .

revengemanx avatar May 27 '20 12:05 revengemanx

Have you considered simply using the TrueCrypt key dumper that we provided? https://github.com/ArcadeHustle/RingEdge_NoKey_softmod/tree/master/TrueCrypt-win32_keydump

ArcadeHustle avatar May 27 '20 13:05 ArcadeHustle

This key dumper works without keychip plug on the ring ?

revengemanx avatar May 27 '20 13:05 revengemanx

Truecrypt is still used by the underlying system, and TrueCrypt keys are still passed, even though the physical keychip is not queried.

ArcadeHustle avatar May 27 '20 15:05 ArcadeHustle

Don't forget the EWF is active, and you need to grab the keys before powering down the drive. Hot Swap works fine. Make sure you've replaced the original truecrypt executables with the dumper. Then #Profit.

ArcadeHustle avatar May 27 '20 15:05 ArcadeHustle

it doesnt work for me sure im doing something wrong . i replaced all truecrypt files in windows system32 and minint /system32 truecrypt files i put the keydump.patch with theses i unplug the sata cable and plug it in my computer i see files drive is unlocked but no key files in c:

maybe i unplug to late or something else

revengemanx avatar May 27 '20 19:05 revengemanx

The patched TrueCrypt is confusing somehow. When reading the patch file you can see

snprintf(filepath, sizeof(filepath), "C:\\keyfile_%d.bin\0 EDIT PATH HERE", asd);

On the binary patched exe, the "EDIT PATH HERE" is D:\keyfile_%d. So the files are dumped on D drive root. I was also confused, but a quick disassembly let me find out. I made a patch or the patch to dump on C: F.

francky06l avatar Jul 17 '20 17:07 francky06l

On the binary patched exe, the "EDIT PATH HERE" is D:\keyfile_%d. So the files are dumped on D drive root. I was also confused, but a quick disassembly let me find out. I made a patch or the patch to dump on C: F.

Thank you very much for this. I was using the patched truecrypt with RE2 and was wondering why I wasn't getting keyfiles at all - (I had to resort to the other method of disabling mxprestartup and accessing windows through systemuser). From Windows I could see that there was not always a D: drive, partition 2 would sometimes mount as Z: and sometimes it wouldn't mount at all!

Suggest patching truecrypt so it dumps to root of C.

Cheers.

alcohime avatar Aug 24 '20 05:08 alcohime