VisualAssist-keygen-demo
VisualAssist-keygen-demo copied to clipboard
How to use a custom private BasePointGenerator?
struct Custom { static inline const uint32_t BasePointGenerator[] = { 2127088620, // Armadillo Encrypt Template = "3" 2127088620 // Armadillo Encrypt Template = "3" }; static inline const BigInteger PrivateKey[] = { "0x2def66c7f63c047c2e7af50b55e6", // 0x2def66c7f63c047c2e7aad777e6e + 0x000000004793d778 "0x2def66c7f63c047c2e7ca2948191" // 0x2def66c7f63c047c2e7aad777e6e + 0x00000001f51d0323 }; }; when I modify BasePointGenerator,The Keygen Result No match VAX code,I confirm that I have successfully replaced the corresponding public key string.What should I do after modifying the seed? Looking forward to your answer.
I hope chage Custom BasePointGenerator to Offine BasePointGenerator and reduce the replacement scope.
If you want to use different BasePointGenerator, that would be a little hard.
There are two official public key string in VA_X.dll which are
static inline const std::string PublicKeyString[] = {
"1329115615,9626603984703850283064885442292035,3463780848057510008753765087591958",
"4065234961,2221233238252903594850812155620126,3175203956977476891557515669668792"
};
You said you had found it, good! However, there exists a check in VA_X.dll that verifies public key string. It checks that
VisualAssistCryptoConfig::GeneratePublicKeyStringMd5(PublicKeyString[i]) == PublicKeyStringMd5[i];
for both of two official public key string where PublicKeyStringMd5[i]
is also verified by other complicated functions that I am tired to analysing.
So I made a cuda program to find a collision that can help me bypass this check. That is why the private keys I selected have such a form
0x2def66c7f63c047c2e7af50b55e6 = 0x2def66c7f63c047c2e7aad777e6e + 0x000000004793d778
where 0x000000004793d778
is collision shift.
If you debug my keygen, you can find that
VisualAssistCryptoConfig::Official::PublicKeyStringMd5
and VisualAssistCryptoConfig::Custom::PublicKeyStringMd5
are the same which indicates the private/public keys I selected can bypass VA_X.dll's check.
So, for you, I'm sorry that I can't do much help. You have to find a new collision if you select different BasePointGenerator which won't be a easy work. I suggest you abandon such idea.
First of all, thank you very much for answering me and letting me know what the problem is.The cause of the incident is that I found a set of replacement public keys in a hijacking patch. The Custom::BasePointGenerator and official::BasePointGenerator parts are the same. Of course, I don't know what the corresponding private key is. There is only a set of The keycode, after modifying the BasePointGenerator, I found that it is not feasible, and I am curious how the original author did it. I already know the problem from your answer, thank you very much.