Prechecks, postchecks.. Thus your unencrypted file contains a little bit check stuff, then the TRIAL days left, that's '1Eh' (=30days) then the Trial key. That's all. Some people revoke ownership from everything for the file, so the program doesn't descend trials anymore. The encryption method on 'zllictbl.dat' is called BlowFish. It was an algorithm invented by Bruce Schneier, and it's symmetric. All you need is the encryption/decryption secret which is 10h bytes long You can decrypt back and forth. Tools used on VSDATA.DLL: Ida Pro/PEiD Kanal Plugin/IDA code ripper & MASM32 grtz x7a - apologies but I'm having a hard time removing the attachment.
Shouldn't this be posted on another forum section or has this something specific to do with windows 10?
I believe this is reverse engineering. If that's a crack, it might be enough for a DMCA takedown. A MOD should look at this, just to be sure.
I've no idea what he's unpacked or it's purpose. Is it really that different to decrypting ESD's or UEFI?
MS uses blowfish for the SDC encrypted files for MSDNAA. unpacksdc worked until they changed over to blowfish. IF this does anything, it would be interesting and academic to see if it can be used on the sdc files. I smell challenge and knowledge in one plate? This should be moved to scripting or something other than Win10 section though.
I have to agree with EFA11 at least for now...it can change depending on the final purpose, though... decrypt SDC proof of concept yes.....remove trial periods and the like no...
Sorry to hear. I felt kind of boring that's why I made up this piece of code. I have two EXEs, one decrypts, one encrypts. But it's uselesss.... If anyone can delete my attachment, please do. I don't intend making any harm and was just local, ZoneAlarm Trial was sent to me as a gift. Move along, nothing to see here.
@kattekop: Please don't be discouraged by this. We've already had a DMCA takedown, so we're extremely cautious. By all means continue to post your work, but check with a mod or staff before posting any attachments.
Yen, EFA11, I think it's not possible to decrypt SDC files anymore. And because of this, correct me if I'm wrong: The .SDX file, is a text file containing an URL to a webstore, together with some stuff like it seems to me as hashed credentials.. When you get past that, the Securse Download Manager (ehe), reads the downloaded SDC file and CRC checks it, no prob, then decrypts it using the algo BFCool (BlowFish yes), taking it's symmetric private key. But..To get that symmetric key, that part must have come from the server and is different for files.. You get it, they aren't dumb over there. So far story of SDM_EN.msi Edit, I could be wrong here.. One key Could be obfuscated in the EXE, but it would harm their whole cryptosystem... I don't get it why they're out for SDC files, I mean they aren't many such files around anymore and.. If you like software, we buy it. Thanks for the appreciation, ppl.