 |
|
| Science Forum Index » Cryptography Forum » One-way license number... |
|
Page 1 of 3 Goto page 1, 2, 3 Next |
|
| Author |
Message |
| Robert Scott... |
 Posted: Fri Oct 16, 2009 9:02 am |
|
|
|
Guest
|
This is sort of a digital signature problem. However I needed a signature (license number) that was
suitable for manual transcription - i.e. less than 30 characters. I think this leaves out RSA. The target
is a smartphone application license activation. I have a smartphone application that is a free
download, but needs activation to convert it from limited features to full-featured.
I am considering the following approach: The owner name, or device ID, is hashed to 54 bits.
This hash need not be secret, or even cryptographically secure. Then the customer tells me these
54 bits (as a list of 9 numbers ranging up to 63). I apply my secret algorithm and give him a 66-bit
activation code (as a list of 11 numbers ranging up to 63). He enters these 11 numbers into his
smartphone, where my application calls MyName54Gen(), shown below. If MyName54 matches
the original hash of the device ID, then the application enables the paid features. The application
itself it protected from modification by the smartphone OS digital signature, so the
only thing a pirate can try to do is to find an inverse to MyName54Gen(). So that is why I am posting
it here. I would like to see if anyone can reverse MyName54Gen(). The code is only slightly obfuscated
because this is the form a disassembler might produce. That is why variable names are not descriptive.
The code is standard C that will run under any C compiler. For example, try to find a 66-bit In66[] that
will produce MyName54[] = {1,2,3,4,5,6,7,8,9}.
By the way, if anyone knows of an alternative to this system, perhaps using some kind of public key
digital signature with signatures no bigger than 66 bits, I would like to hear about it. Anyway, here
is the code:
(-Bob Scott, Michigan)
extern char za[4096],zb[4096];
char ze[99] = {
7,49,10,33,59,27,45, 0,62,12,15,
45,22, 5,51, 8,27,62,19,34,24,30,
37,58,55,26,34,60,58,41,47,56, 5,
4, 3,37,47,10,44,58,61, 6,30,35,
27,22,61,51, 9, 3,16,26,17,30,45,
25,54,35,23,57, 8,11, 1,62,61,12,
55,15,45, 7, 4, 2, 7,56,25, 1,57,
26,47, 9, 2,50,33,16,35, 5,56,44,
20,51,22,55,54, 7,38,33, 7, 2,61};
char ua[64] = {35,12,13,26, 0,28,16,39,57,42,58,53,20,25,48,
8,34,49,18,59, 7,30,36,63,56,27,33, 5, 4, 6, 9,10,22,19, 1,24,14,41,29, 2,31,
21,46,61,44,15,43,17,11,52,62,23,55,50,60, 3,54,51,38,40,47,37,32,45};
char ub[64] = {58,17,26, 2,10,40,54,55,63,14, 0,43,49,33,42,23,60,12,
44,27,52,22,30, 8,29,19,13,59,31,56,36, 4,21,25,47,38, 9,62,24, 3,28,32,48,
53,18,51,11, 1,46,20,37,15, 7,61,16,39, 6,45,35, 5,34,50,41,57};
char In66[11];
char MyName54[9];
void MyName54Gen(void)
{
char *bp = ze;
for(int i=0; i<9; i++)
{
int x = ua[ zb[(In66[0]<<6) + *bp] ];
bp++;
for(int j=1; j<11; j++)
{
x = za[ (x<<6) + zb[(In66[j]<<6) + *bp] ];
bp++;
}
MyName54[i] = ub[x];
}
}
char za[4096] = {
40,46,19, 7,10,50,56,63,15, 4,33,52, 9,62,49,59,32,48,21, 8,26,22,45,39,16,47,58,44,42,17,20, 5,30,13,11,55,54, 2, 3,41,37,18,12,23, 5,57,51, 6, 1,53,25,61,24,28,38,29,14,43,60,35,27,31,34,36,
7,41,42,40,11, 9,57,44,16,13,61,18,50, 3, 8,48,37,59,53,49,35,43,38, 5,15,14,23,63,19,55,28, 6,51, 4,10,17,27,12,62,46,32,52, 2,58,39,56,30,24, 0,21,29,33, 6,20,45,25,47,22,36,26,54,34,31,60,
16,11,27,15,41,59,35,33, 7,14,63,55,48,36,20,50,43, 9, 6,28,57,37,25,58,40,13,39,61,54,18,49,20,31,47,46,52,42, 0,60,10,22,17, 1, 5,23,26,34,21,12,24,45,44,53, 8,29,38, 4,32, 3,56,19,30,51,62,
30,45,58,51,29,24,37,47,34,61,13, 8, 6, 1,18,53,57,21,48,52,43,35,46,27,31,63,19,14,23,20,17,49,40,33,25,28, 5,60, 0,38,56,49,36,42,54,32, 7, 9,62,59,11, 4,50,55,41,10,44,26, 2,22,39,16,15,12,
18,27,11,52,42,32, 6,36,55, 0,62, 7,37,33,30,43,50,22,35,51,53,48,39,45,17,12,25,60,10,16,31,27,49, 1,19,15,41,14,61,54, 9,40,47,29,38,24, 8,56,13,26,58, 3,57,34, 5,23, 2,59,44,21,46,20,28,63,
9,33,36,50,44, 7,49,11,59,38,46,32,40,27,56,15,52,16,31,57,28,17,13, 1,48,25,12,10,60,22,35,13, 6,45,63,43, 3,23,54,61,18,37,58, 2, 0, 8,24,30,39,34,47,41,51,26, 4,14,29,55,42,20,62,21,53,19,
54,52,15,27,17,62, 4,43,19,56,32,46, 3,50,38,36,33,60, 2,45,47,44, 8,51,42,26,34,22,16,10,29,58, 5,57,55,11,40,21, 9,18,61,41,53,31,30,13,39, 0,24,12,28,37, 1,25,49,20,35,63,48,14, 7,23,58,59,
1,56,21, 0,26, 5,46,20, 2,52,49, 4,39,30,33,23,38,58,19,61,10,25,37, 9,12,17,48,28,53,47,63, 1,62,18,35,14,24,15,51,57,45,13,16,59,50,41, 3,27,40,42,22, 8,54,44,32,43,55,29,34,11, 6,36,60,31,
33, 9,22,61,59,41,39,16,44,51,40, 3,46,18, 1,10,54,11,25, 0,23,19, 6,56,63,31,35,15,43,36,12,63,13,30,48,60,32,28,52,50,27,62,20,26,57, 5, 4,45,49,29,21, 7,38, 2,24,53,34,42,55,58,37,47,14,17,
5, 8,34,39,20, 1,61,26,58,37,57,45, 0,24,41,12,13, 2,60,46,63,14,52, 7,23,43,15,35,31,29,10,41,54,32,28,25,30,48, 6,49, 4,38,59,16,40,33,27, 3,50,36,55,56,62,11,18,17,22,47,21,44,51,42,19,53,
28,16, 7,52, 5,25,38,12,45,21,40,14,34,39,22,63,29,60,18,26, 1,37,62,57, 0, 2,55,13,27,58,41,59,50, 3, 6, 4,32,43,10,20,19,61,30,42,44,23, 9,54,36,47,11, 8,17,48,24,49,35,15,31,33,56,46,53,51,
26, 2, 4,35, 1,20,15, 5,56,19,23,21,28,29,59,49,31, 8,52,48,40,51,60,44,57,54,61,39,13,24,50,36,43,42, 0, 6,47,46,25,12,34,53,41,33,63,16,22,55,10,18, 3,58,17, 9,36,62,27,30,45, 7,14,32,37,38,
15,10,54,16,46,48,26,61,40,47,44,17,59,60,28, 9,22,50,24,20,56,32,29,23, 7, 4, 5,33,27,52, 8,16,34,14,41,18,19, 1,36,11,43,55, 0,39,58,35,31,53, 2, 6,38,63,21,49,25,45,13,37,62,57,42,51,30, 3,
52,54,10,18,19,37,24,60,17, 1, 3,40,32,61,51,22, 9,43,26,30,21,59, 5,38,55, 2,29,36,11,15,34, 7, 8, 0,42,16,46,47,33,27,50, 7,14,25,45, 6,49,57, 4,35,23,62,56,31,39,58,12,48,63,53,41,28,20,44,
17,19,46,55,54,43,21,62,52, 2,36,15,22,63,31,32,59,37,56,34,24, 9,58,25,18, 1,45, 3,41,40,30,32,20,12,27, 7,10, 4,44,42,48,16,13,38,29,53,28,35,47,57,39,60,26,51,23, 5, 0,50,61, 6,11,49, 8,33,
12,35, 6, 2,57,23,11,49, 0,55,20,14,58,31,63, 5,29,39,27,44,41,45,22,48, 1,18, 9, 8,24,13,33,23,36,17,56, 4,53, 7,34,26,25,47,40,50,59,10,60,19,16,54,37,28,42,61,43,32,52,38,51,46,21,62, 3,30,
2,26,24,12,56,58,10, 8, 1,17,28,47,23,34,44,39,25, 5,54,63,46,38,43,59, 0,52,50,49, 6, 4,61,38,60,55,57,13,21,40,31,35,29,14, 7, 9,48,11,36,42,15,27,32,20,19,33,22,37,18,45,30,41,53, 3,62,51,
14,53,57,47, 6,25,42,51,13,16,34,12,29,28,60,45,58,38,41,36,27, 5,59,43, 4, 7,32,30,56, 0, 3,54,44,15,24, 1,35,18,20,21,23, 2,52,37,22,19,63,10,55,46,50,31,11,62,48, 9,40,39,49,54,26,61,33, 8,
4,24,26,13,21,45,54,34,47,40,51, 1,38, 8, 3,25,39,29,10,62,19,23,50,32,14,15,43,31,35, 2,60,18,61, 7,53,12,56,17,49, 6, 5, 0,55,22,37,27,33,41,52,11,59,30,46,36, 9,48,16,58,20,42,57,44,63,28,
53,14, 0,21,13,31,55,38, 6,11,29,35,34,23,43,30,20,51, 7,22,18, 8,44,60,24,41, 3,45, 1,57,32, 3,59,10, 4,56,12,27,58,47,28,26,54,62,36,17,48,15,42,40,61,25,16,37,63,33,46,49,39,52, 2,50, 9, 5,
44,59,32,63, 9,11,23, 7,33,31,15,36,10,55, 2,46,19,41,38,12,39,54,53,26,61,51,57,40,37, 3, 0,34,14,34,50,62,22,49,17,48,42,60, 8,56,35,58,47,29,28,45,24,16,25, 1,21, 6,30,27,18, 5,43, 4,13,52,
42,55, 7,19,18,36,14,32,27,35,43,11,60,59,29,62,63, 3, 0,25,13,61,28,34,54,57,51,37,40,41,38,61,23,26,52,46,16, 6,48,17,44,10,24,30,31,47,58, 2,53, 1, 8,22,12,45,20,49,56,33, 9, 4,15, 5,39,50,
29,34, 8,25,30,47,60,24,45,48,53,58,14,26,42,13,12, 4,61,19,62, 0,15,55,38,50,52, 6,49, 5,54,50,10,59,51,39,20,37,35,31, 2,23,32,18,17,36,11,44,43,33, 7,21,63,27,16,40, 9, 1,56, 3,28,41,46,57,
48,63,62,59,61,15,20,46,50,29,11,43,16,19,35, 7,55,40,30,26, 8,18,47,12, 9,45, 1,41, 3,37,56, 8,21,25,33,32,60, 5,42,44,17,22,39, 0, 2,28,53,31,58,51,13,10,34,57,14, 4,38,52,54,49,36, 6,24,27,
27,18,16,54,55, 3,13,22,42,57,37,41,62, 9,45,60,61,36,12,38,14,63,49,30,19,35,31,43,15,11,25, 4,39,56,17,10, 7,53,50,52,33,46,21,34,51, 4, 5, 1, 6, 2,20,32, 0,29, 8,28,26,44,59,47,40,58,23,48,
43,60,61,22,62,17,34,54,37,58,42,48,55,10,53,18,16,52, 8,21,30, 7, 2,14,32, 5, 4,27,33,50,24,39,26,23, 3, 9,63,45,11,36,15,59,38,13,47,31,35,28,29,49, 0,19,20, 6,12, 1,39,40,46,51,44,57,56,41,
11,16,18,10, 7,44,12, 9,41,53,48,42,63,22,58,61,60,33,13,23, 0,62,31,20,46, 6,49,50,52,27,39,52,25,21,40,54,55,57,43,15,36,19,56, 8,28, 2,29,47,35, 4,30,59,14, 5,34,51,24, 3,32, 1,17,45,38,37,
24, 4, 2, 6,47,30,52,29,21,46,38,56,51, 5,32,31,49,34,15,37,17,28,61, 3,53,10,60,25,12,26,43, 2,50,41,14,35, 1,19,39,13, 8,57,42,36,62,18, 9, 7,54,16,44,45,40,22,33,63,11,20,58,55, 0,59,48,23,
63,48,37,44,50,10,58,40,61,34,16,60,11,17,12,41,42,46,45, 2, 5,27,21,35,33,30,56, 7,32,62, 1,25,47,31, 9, 3,43, 8,55,59,19,36,49,57,26,23,14,25,20,38, 6,15,29, 0,53,24,51,54,52,39,22,13, 4,18,
22,36,33,43, 3,55,31,27,32,23,19,59,17,11,21,52,15,18,49,53,51,40,12,47,37,39,13,54,61, 9, 6,10,35,58,62,50,44,38,10,60,16,48,45, 4,14,34,26,20,25, 8, 1,42,28,24, 2, 0, 5, 7,41,30,63,56,57,46,
3,32,59,62,22,27,38,55,36,49,52,33,54, 7, 4,19,46,42,23,13,25,10,57,24,60,28,53,17,48,44,14,37, 0, 8,43,63, 9,31,40,37,41,61,34,21, 6,45, 1, 5,51,58,26,18,39,47,56,35,20,11,16,29,50, 2,12,15,
60,43,50,36,37,19,29,52,62,20,55,63,42,15,14,27,11,54, 5,47,45,41,26,53, 3, 8,24,18, 9,61, 4,19, 2,28,32,33,48,30,16,22,10,44,51, 6,21,25,12,23,34,39,57,17,58,13,35,56,49,46,40,38,59, 0, 1, 7,
45,30,20,38,34, 4,62,21,29,50, 6, 5,13,56,27,14, 0,47,63,54,60,12,40,18,25,48,17,53,28,58,19,53,46, 9,31,23, 8,43,57,51, 1,39,22,55,52, 3,41,33,37,44,16,24,61,42, 7,15,59, 2,26,36,49,11,10,35,
8, 5,29,49,58,56,50, 2,20,62, 0,30,57, 4, 7,35, 6,26,43,40,48,53,54,41,28,60,10,12,25,34,15,55,52, 3,23,31,45,63,13,39,24,51,44,11,46, 9,18,32,61,22,42, 1,37,16,27,19,36,21,47,59,38,55,17,14,
36,22, 9,60,32,42,25,18, 3,28,17,44,19,16,47,54,10,27,39,14,38,46,35,21,62,49, 6,52,50,33,13,29,12,20,37,61,59,51,15,43,11,63,30,24,53,29, 2,58,31, 5,56,55,23, 4,26,57, 8,41, 7,45,48, 1, 0,40,
10,15,52,11,40,63, 2,50,46,21,59,19,44,43,23,33,36,61, 4,58, 1, 3,34,28,41,24, 8, 9,18,54, 5,28,29,53, 7,27,17,56,22,16,60,42,57,49,20,12,25,14,26,13,51,48,47,39,31,30, 6,62,37, 0,55,38,45,32,
34,29, 5,31,45,21,43, 4,30,63,14,20,53, 2,55, 6,35,24,50,17,37,57,10,42,51,61,54,13,39, 8,52,62,15,44,38,49,58,62,12,25,26,28, 3,27,19,22,16,59,60, 9,41,47,48,18,11,46,33,56, 1,32,23, 7,40, 0,
38,51,28,45,31,13, 3,53,25, 9,24,39, 4,57,54,47, 1,14,44,27,36, 2, 7,52,29,59,55,21,20,23,42,46,41,50,34,58,49,22,56,30, 0, 5,43,17,18,62,46,61,32,63,15, 6,33,19,40,16,48,12,35,60, 8,10,11,26,
37,62,63,32,60,52,30,19,43, 5,27,50,18,46, 6,55, 7,17,20,24,34,16, 1,13,22,58,47,42,44,48,21,31,56,39,36,59,61,29,41, 3,40, 9,25,14, 4,51,57,49,45,28,12,54, 8,53, 0, 2,23,15,10,31,33,35,26,11,
50,61,60, 9,63,40, 8,10,48,45,41,37, 7,54,57,16,18,15,34,56,20,55, 4, 0,59,29, 2,11,36,43,26,12,24,38,44,22,62,58,27,33,52,32,23,12, 1,49, 6,51, 5,31,14,46,30,35,13,47,25,17,19,28, 3,53,21,42,
0,57,53, 1,35,39,41,28,12,18, 8,13, 5,51,61,58,45,23,42,33,11,29,32,50, 2,55,59,20,21,14,44,33, 3,52,26,47, 6,16,30,56,38, 4,15,48, 9,46,62,54, 7,19,43,49,27,63,37,22,17,25,31,10,24,60,36,34,
56, 1,47,57, 2, 8,40,58,26,54,39,24,49,45, 9,28,51,20,17,50,15,31,62,33,35,19,63,23,14,21,48,43,37,27,12,53, 4,10,38, 0,30, 6,11,44,61, 7,32,18,46,55,36, 5,52,59, 3,60,42,34,29,16,13,22,43,25,
21,47, 1,53, 4,34,17,45,24,10,25,26,31,58,22,51,28,30,40,43,52,49,63,36, 6,46,62,38, 0,56,37,21,48,11,13,57, 2,54,23,14,20,35,27, 3,60,55,59,16,19, 7,33,29,15,32,44,61,41, 8, 5,18,12, 9,50,39,
25,31,49,29,51,14,36, 6,38,59,21,23,47,35,19, 4, 2,13,33,42, 3, 1,16,17,45, 9,18,24, 8,39,27, 9,11,48,30, 5,28,32,26,34,12,58,37,52,55,60,10,63,22,61,40,53,44,54,15, 7,50, 0,57,62,20,46,41,56,
20,58,45,28, 5,26,48, 1, 8,60,12,34,35,47,16,57,53,56,37,15,50, 6,19,11,49,62,46, 0,38,30,40,44,17,36,39,51,29,61,14,23,21,31,33,41,10,59,55,22,63,32,27, 2,43, 7,42,54, 3,24, 4, 9,25,18,52,13,
32, 3,44,37,36,18,51,42,22,39,54, 9,52,41,24,17,40,55,28, 6,31,15, 0, 4,43,23,14,19,63,59,53,51,57, 5,60,48,33,25,46,62, 7,50,29,47,13,30,56, 8,38,20, 2,27,49,21, 1,12,58,16,11,34,61,26,35,10,
57, 0,14,56,12,49, 7,23,35,27, 5, 6, 8,38,50,20,30,28,55, 9,16,34, 3,61,26,42,44,58,47,53,59,30,32,54, 2,21,13,11,45, 1,51,24,10,63,33,40,37,52,41,17,60,39,18,48,62,36,19,31,25,15, 4,43,22,29,
55,42,41,17,27,22,53, 3,18,12,60,16,43,44,34,37,48,32,57,31, 6,50,23,29,52, 0,38,62,46, 7,51,56,28, 2,54,40,11,13,63,19,59,15, 4,45,25,21,20,26,14,56, 5,36,35,30,58,39, 1, 9,33,24,10, 8,49,61,
23,28,51,58,49,12,44,57,39,22,26,25, 2,53,10, 1,47, 0, 3,11,33, 4,55,15, 5,32, 7,56,30,38,41,22,42,43, 8,45,31, 9,21,20,14,29,50,40,16,63,19,60,59,62,52,35,36,46,17,18,37,13, 6,61,34,54,27,24,
61,50,43,33,48,46, 5,15,63,30, 7,62,41,52, 0,11,27,10,29, 1,58,42,24,57,44,34,26,16,22,60, 2,60, 4,51,59,36,37,20,18, 9,54, 3,28,35,56,39,13,38, 8,25,53,40,45,12, 6,21,31,19,17,23,32,14,47,55,
39,49,31, 5,28, 0,33,35,23,32,56,38, 1, 6,46, 2, 4,12,36,41,44,47,18,40,58,22,16,26,34,25,11,48,27,37,20,29,51,59,24, 8,13,45,48,15, 7,61,54,62, 9,60,17,57, 3,10,52,55,43,14,53,63,30,19,42,21,
62,37,48, 3,43,54,45,17,60, 8,18,61,27,40,13,42,41,19,58, 4,29,11,56, 6,36,20,21,55,59,63,47,15, 1,49,22,44,50,34, 7,32,46,33,31,53,24,38, 0,39,30,23,35,52, 5,14,57,26,28,10,15,25, 9,12, 2,16,
13, 6,35, 4,53,38,27,31,14, 7,30, 0,45,49,62,29, 5,25,11, 3,42,58, 9,37,47,16,22,34,26,12,36,47,33,40,21, 2,57,55, 8,24,39, 1,17,43,32,54,61,46,18,10,48,51,41,60,50,59,15,23,28,19,56,63,44,20,
19,17,40,42,52,60,47,37,54,26,22,10,36,48,25, 3,44,62, 1,29, 4,33,20,31,27,56,30,32, 7,46,45,14,58,35,18,41,15,24,59,55,63,11, 6,51,34,14,23,12,21, 0,49,43, 2,38,28, 8,57,61,50,13,16,39, 5, 9,
6,13,12,24,14,51,18,25,53,41,45,57,30,39,37,34, 8,31,16,32,55,20,33,62,21,11,36,29, 2,35,22,35, 9,46,47,26, 0,42, 5, 4,49,56,19,60, 3,52,50,40,27,15,63,38, 7,43,61,44,10,28,23,17, 1,48,59,58,
47,21,56,14,24,29,19,30, 4,15,31, 2,25,20,36,38,23,45,46,60,54,39,48,22,13,40,37,51,57, 1,62,17,63,16, 6, 0,26,52,28,53,58,12,18,32,43,42,44,11,17,41, 9,34,10, 3,59,50, 7, 5, 8,27,35,33,61,49,
41, 7,55,46,16,33, 0,59,11, 6,50,27,61,32, 5,63,62,44,14,39,12,60,51, 8,10,53,28,48,17,42,23, 0,38,24,15,19,18,35,37,40, 3,54,26,20,49, 1,45, 4,57,47,34, 9,13,58,30,31,21,36,22, 2,52,29,25,43,
46,40,17,41,15,61, 1,48,10,24, 9,54,33,37,39,44, 3,63,47, 5, 2,36,30,49,11,21,20,59,55,19,58,45,45, 6,16,42,52,26,32, 7,62,27,35,28, 8, 0,38,13,56,14,31,50, 4,23,51,34,53,60,43,12,18,25,29,22,
59,44, 3,48,33,16,28,41, 9,25,10,22,15,42,26,40,17, 7,51,35,49,52,14, 2,50,38, 0,46,62,32,57,40,53,29,61,37,36,39,19,63,55,43, 5, 1,12,20,21,34,23,30, 4,11,31,56,47,13,45,18,27, 8,60,24, 6,54,
58,20,30,23, 8, 2,63,56, 5,43,35,29,12,21,11, 0,14, 1,62,10,61,13,17,16,39,37,40,57,51,45,46,26,19,22,49,38,34,50,53,28,47,25, 9, 7,15,44,42,36,48, 3,18,26,60,41,55,52,32, 4,24,33,31,27,54, 6,
31,25,39,34,38,53,22,13,51,44,47,28,21,12,17,24,26, 6, 9,55,32,56,11,19,30,33,27, 4, 5,49,18,24,16,63,45, 8,23, 3, 2,29,35,20,62,54,42,43,15,48,36,50,46,14,59,52,10,41,61,57, 0,37,58,40, 7, 1,
49,39,25, 8,23,57, 9,12,28, 3, 1,51,56,13,40,26,24,35,22, 7,59,21,27,46,20,36,11, 2,29,31,16,42,18,62,58,34,38,44, 4, 5, 6,30,63,10,41,50,52,37,33,43,19, 0,32,15,54,42,60,53,14,48,45,17,55,47,
51,38,23,30,25, 6,32,14,31,33, 4,49,24, 0,52,21,56,53,59,18,22,26,41,54,34,44,42,47,58,28,55,11, 7,61,29,20,39,36, 1,45,57, 8,60,19,27,37,40,50, 3,48,10,13, 9,17,46,11,63,35,12,43, 5,15,16, 2,
28,23,38,20,39,35,59, 0,49,36, 2,31,26,14,15,56,21,57,32,16, 9,24,42,10, 8, 3,41, 1,45,51, 7,57,55,60, 5,30,25,33,47,58,53,34,61,46,11,48,17,43,44,37,54,12,22,40,19,27,62, 6,13,50,29,52,18, 4};
char zb[4096] = {
29,17,47,56,22,41,20, 1,37,33,62,44,32,35,39,14, 8,30,53,24, 7,13, 2,28,10,18,27,34, 4, 5,15,38, 3,61,21,46,63,31, 0,31, 9,25,51,11,59,57,19,48,26,45,55,23,28,36,43,50,16,52, 6,58,60,12,42,49,
24, 1,34,29,21,62,49,47,50,13,37,18,41,58,55, 9,23,22,43,38,52,26, 3,40, 4,44,19,60,31,59,51,35,39,53,32,48, 8,28,10,60,36,33,45,46,27,63,25,42, 2,57, 7,15,16,30,11,61,54,20,56, 0,16,17,14,12,
62,30,27,50,23,53,24,19,18,28, 6,21,44,47,16,25,32, 3,15,37,12,33, 0,26, 9,46,61,57, 2,17,20,60,43, 8,59,22,14,48, 4,55,41,11, 5,52,51,56,38,45,29,13,39,42, 7, 1,34,36,54,40,63,35,58, 7,49,10,
50,22, 6,42,13,60,19, 1, 4,57,54,29,33,28,30,56,34,11,41, 9,14,37,46,10,27,26, 2,61,49,32,39,20,48, 3,44,25,23,51,52, 7,35,62, 0,55,47,58,21,36, 8,18,45,38,52, 5,16,15,63,24,59,53,17,12,43,40,
36,59,11,15, 5,52,47,28,46,17,62,53,21,58,63,33, 6,39,13, 8,19,29, 2,43, 3,49,34,32,16,27, 7,55,22,20,38,44, 1,25,26,40,18,45,61,10,56,37,35,14,60, 0,12,41, 5,57,54,23,50,51,42, 4, 9,24,30,48,
41,33,50,35,46, 7,57,61,10,34,42,20, 8,32,44, 9,63,36, 4,11, 5, 3,43,51,62,48,30,16,22,54,14,12,56,45,29,37, 0,58,40,19,52,15,49,24,17,27,60,13,39,26,23,53,25, 2,59,18,38,28,21,55, 6, 1,25,47,
15,44,62,41, 0,55,28,57,26,32,50,60,29,17,59,37,54,45,18, 3, 1, 8,49,48,11,43,16,34,30, 6,12, 7,25,39,21,33, 5,56,10,24, 4,36, 2,40,58, 9,53,23,20,46,14,35,38,61,63,13,42,47,38,52,27,19,22,51,
7,62,60,12,47, 0,22,25,57,33,20,13,15,44,11,42, 8,52,19,35,48,41,17,34,53,32, 9,37,27,29,26,46,54, 4,36,50,51,63,61,49, 1,55,58, 2,59,38,23,40,18,28,10,14,12,56, 3,24,39,30,45, 5,21,43, 6,16,
23,38,45,13,61,10,58,17,49,27,36,52,53, 9,42,29,62,12, 0,20,28,60,16,22,39,30,54, 6,63,11,24,40,44, 7,35,21,57,33,43,51,46,14,34,48,37, 8, 4, 1,55, 2,19,18,45,32,50, 5,15,56,41,26, 3,47,59,25,
19,15, 7, 1,17,49,33,37,34, 8,12,46,18,29,36,35,39,40,57,52,56, 4, 6,63,55,54,11, 3,62,20,48,43,42,10,13,41,58,38,16,22,61,24,27,30,21,53, 0,47,26,32,51, 5,21, 9,45,28,14,44,23, 2,60,25,50,59,
18,29,15, 4,49,24,32,34,48,54,41, 7,20, 6,21, 3,42,23,26,45,61,39,22,56,36,25,59,63,44,50, 1,19,37,14,60, 8, 2, 9,51,28,10,13,30,47,27,11,55, 0,12,43, 5,52,40,16,38,46,35,17,53,40,62,57,33,58,
56, 1,48,58, 8,54,35,53,11,52,51,34,61, 4,19, 0,40,22, 9,49,21, 2,39,36,43,45, 7,55,12,10,59,63,23,30,57, 5,29,13,62,42,27,25,20,50,18,46,32,33,16, 3,44,17,14,60,24,37,47,41,28, 6,26,38,14,15,
13,21,36,18, 2,40,17,32,43, 6,15,55,60,27,38, 8,50,14,46,39,57,20,30,25,45,22,63,54,59,62,19,24,33,12,53,29,61,37,48,47,26,23,16,51, 9, 3,52, 5, 7,49, 1, 4,34,34,42, 0,41,58,35,10,11,28,44,56,
16,10,61,30,42,37,45,36,21,23, 2,56,51,14,26,24, 0,32,59,28,62,47,35,60,57,53,18,13, 4, 5,27, 9,55,17,48,40,50, 7,29, 3,44,34,41, 8,12,19,25,54,58,38, 6,22,39,15,46,63,49,39,43,33, 1,11,52,20,
24,36,55,19,58, 2,44,33,32,29, 7, 0,13,21,45,41,20,10,28, 4,25,18,27,54,52, 6, 3, 8,11,60,43,49,50,26,23,15,56,42,34,30,57,40, 9,16,38,35, 5,51,46,17,48, 1,22,37,39,47,12,59,14,61,53,22,62,63,
4, 8,41,52,43,19,34,16,51,63,35,12,39,54,29,11,38,13,10,36, 2,45,25,58,15,56,44,59,33,42, 5, 1, 9,23,20, 3,49,27,47,57,40,18,22,28, 6,62, 7,46,14,48, 0,55,63,30,21,26,53,32,60,24,50,61,37,17,
5,35,14, 0,34,48, 9,27,30,11,23,10,52, 3,41,60,36,19, 2, 7,17,55,63,44,12,59,50,62,42,45,47,51,21,24, 4,53,32,29,22,56,49, 1,54,25, 8,20,26,57,40,16,28,46,29, 6,15,61,13,37,18,43,39,58,38,33,
10,39, 4,40,25,57,63,59,58,38,52, 1,14,42,20,36,53,46,51,13,30,23,37,27,18, 9,29,21, 8,35, 2,61,11, 0,12,45,22,62,17,34,47,26,33,32,50,15,19,43, 5,56,49,24,60,44,60,48,55,54, 7,28,41,16, 3, 6,
28,13,24,57,27,30,29, 8,54,20,19,49,46,60,23, 4,12,51,32,10,37,26,62,42,40,50,45,39,36, 7,25,22,41,48, 0,18, 9,35,63,44,34,47,11,59,53,52, 2,58,43, 6,56,61,18, 3,14,17, 1,21, 5,16,55,33,15,38,
29,17,44, 8,55,36,46,26,12,43,33,62, 6,49,58,34,25,38,20,63, 4,54,24, 1,59,19,51,48,47,22,41,15,57,42,27,32,52,61,14,13,39,21,40,23, 2,16,11,53,50, 7,35, 3,26,10,56,60,37, 0, 9,45,30,18,28, 5,
46,60,13,26,30,47, 6,54,25,50,18,24, 7,62,53,39,41, 5,43,14,34,12,44,37,23,33,38,42,21,15,57,28, 8, 1,55,20,16, 3,56,17,48, 0,59,58,11,45,40, 2,19,22,61,10, 1,63,35,49, 4,27,52,51,36,32,29, 9,
22,24,49,25,21,27,15,41, 8,18,43,17,28,13,40, 1,26,16,33,61,42,57,60,39, 2,20,52, 4,55,46,54, 6,12,34,47,19,38,14, 3,62,37,30,53,11,23, 5,58,59,32,29,63,56,37,35,10,44,48,36,51, 9, 0,50, 7,45,
37,57,25, 9,20,50, 4,52,45,10,56,54,34,26,28, 2,51,44, 3,30,53,16,12,23,22,14,24,40,19,48,38,42, 5,59,32,61,60, 0,36,41,11,33, 7,15,46,49, 6,29,63,39,21,27,62,55,47, 8,58,18,17,62,43,35, 1,13,
59,51,16,44,35, 3,23,13,60, 0,30, 9,58, 5,48,28,49,54,21,32,15,17,52, 7,34,55,26,46,10, 2,62,11,24, 6,56,47,41,19,20,45,29,63, 4,39, 1,57,37,42,27,53,50,33,57,18,43,38,22,14,25, 8,61,36,40,12,
0,53,23,46,16,51,27, 6,22,62,13,40,55,11,35,20,15, 1,49,12,32, 7,59,33,14,44,42,50,38,36,28,47,29,19,52,60,34, 8,25,58,43, 5,63,56, 3,39,10,61,24,30,57,26, 0,54,41, 2,18, 9, 4,48,45,17,21,37,
39,54, 8,45,19,18,48,51, 5,56, 3,41,42,25, 6,59, 9,60,14,21,40,38,57, 2,29,61,17,58,32,37,52, 4,16,53,50,63,24,30, 0,26,23,20,28,46,22,44,15, 7,35, 1,55,36, 2,47,27,12,11,43,62,13,33,10,34,49,
63,48,34,59,41, 8,14,23,53, 5,16,37,56, 1,43,47, 2, 6,38,17,36,58, 4,55,32,52,46, 0,26,61,11, 3,40,27,25,51,15,24,60,39,21,54,18,20,19,28,33,50, 9,35,62,44,55,13,49,42,30,12,22,29,57,45,10, 7,
57,18,19,61, 6,22, 8, 3,63,39, 1,43,26,20,13,52,14,47,34,40, 9,10,50,38,24,42,36,45,15,12,56,25,35,51,46, 4,27,53,59,33,16,28,62,44,60,55,49,17,48,54,58, 2,13,11,23,32, 5,29, 0,30, 7,37,41,21,
47,23,40,28, 9,16,21,29, 6,60,24, 2, 0,53,14,18, 7,48,17,26,33,46,11,50,10,62,39,20,45,55,22,30,15,43, 5,13,37,41,54,59,32,51, 3,63,35, 4,61,56,49,27,25,57,27, 8,12,58,19,38, 1,34,52,44,36,42,
9,61,56,27,39,42,52,55,36,40,58,63,16,10,57,49,47,33,11,22,60,30,14,13,25,23,19,24, 1,51,21,38, 0,44,34, 2,20,46,15,35,62,37,12,41,26,43,54, 8,59,45,29, 6,58, 7,28, 3,17, 4,32,50,48,53, 5,18,
26,20,18,10,22,28,54,63,56,42, 4,19,12,50,60,45,35, 0,48,23,16,14,33, 9,13,37,21,38,29,41,61,57, 3, 5, 7,39,30,11,58,32,51,46,44,17,62,36,24,49, 1,25, 2,40,41,59,53,43,52, 6,55,47,15,34, 8,27,
53, 9,38,60,10,14, 2,49,24,30,21,45,11,16,37, 6,44,41,55,50,46,62,51,28,42,47,25,22,56,59,13,23,17,15, 3,27,26,32,19, 5, 7,35,48, 1,34,54,39, 4,36,40,18,20,59,43,33,52,29,61, 8,12,63, 0,58,57,
61, 4, 1, 2,54,25, 3,11,59,45, 5,48,10,39,18,55,23,28,16,24,27,40,42,21,19,38,15,36,41,14,58,56,53,47,26,52, 6,60,44,37,30,57,50,33,20, 7,43,32,51,63,17,49,50,62,13,34, 0, 8,46,22,12, 9,35,29,
55,11,53, 7,51, 5,30,22,28,44,60,23,36,59, 3,50,29, 4,24,41,43,15,58,32,35,17,37,33, 9,21,46, 0, 6,18,45,62,48,54,57, 2,19,52,56,61,63,42,14,10,13,47,26,12, 3,25, 8,40,20,16,39, 1,38,49,27,34,
48,12,26,51,33,32,42,38, 9,35,10,57, 1,41, 7,23,52,49,56, 0,59, 5, 8,11,46, 3,60,53,20, 4,16,34,45, 2,19,14,44,36,27,54,58,43,29, 6,15,13,28,22,61,37,30,47, 6,21,55,25,40,50,24,17,18,63,39,62,
45,63, 3,36, 1, 4,51,47, 0,58,11,35,38,56,54,44,27,20,23,29,24,21,61,49, 8, 2,32,17,34, 9,55,52,30,60,42,59,19,22,46,10,13,39,57,26,25,33,41,12,53, 5, 7,15, 4,28, 6,14,62,48,50,18,37,40,16,43,
17, 0,47,32,11,59,60,20,50, 7,28,30,49,55, 5,26,19,56, 6,48, 8,43,36,41,51,15,14,12,23,24,33,44,18,25, 2,46, 3, 4,42,21,54,58,45,38,52,10,16, 9,22,62,37,34,32,39, 1,27,57,53,61,63,40,29,13,35,
27, 2,58, 6,45,38,55, 7,15,24,17,59,30,40,61,43,28,37,62,25,20,22,23,18,56,13, 1,19, 5,47,29,21,46,33,16,49,39,26,41,53,50, 9,14,35,10,48,63, 3,44,36, 8,54,43,12,57,11,32,52,34,42,51,60, 0, 4,
60,27,21,20,40,23,49,43,19,22,29,36,62,30, 9,54,33,35, 7,42,26,50,47,57,38,28,56,25,58,44,18,13,32,41,11, 6,10,34, 1, 0,12,53,51, 5,16,63,45,52,15,24, 4,39,10,48,37,55, 8, 2, 3,14,59,46,17,61,
11,16, 9,62,14,35,40,24,13,47,27,38,59,51,34,22,17, 8,36,33, 7,44, 5,46,37, 0,57,28,61,58,60,53,49,29,63,30,12,43,18,52,15, 3, 1, 4,48,25,42,39,21,23,20,50,20,19,32,45, 6,10,54,41,56,55, 2,26,
49,55, 0,43,59,58,62,50,33,15,46,47,24,36,52,12,18,61,22, 1,54,19,21, 8, 5,29,35,41,53,13,32,17,20,57,40, 7,63,39,37,27,25, 2,38, 9,45,14,51,16,28,44,34,48,19,42, 4,30,26,11,10,56,23, 6,60, 3,
25,19,43,56,29, 6,41,35, 3, 4,48,32,57,18,24, 5,10,30,37, 2,38,61,20,45,49,39,55,52, 7,26,63,54,14,16,28, 1,21,23,11,50, 9,22,60,62,13, 0,17,44,34, 8,59,58,61,53,40,33,51,15,47,27,46,42,12,36,
44,47,30,33,53,11,13,18,20,46,22,27,17, 0,51,57,43,63,29,34,41,32,55,12,16, 7,10,26,40,49,50,62,19,54,58,28,35, 1,39,36, 8,59,52,45, 5,61, 9,38, 6,60,42,37,30, 4,48,21,25,23,56, 3, 2,15,24,14,
14,42,39,23,57,26,56,58, 2, 9,45, 4,35,37,50,21,11, 7, 5,60,47,53,34,30,20,16, 6,27,54, 3,40,10,59,55,41,38,28,44,49,48, 0,12,32,43,33,29,18,19,52,61,24,13,42,17,62, 1,36,25,15,46, 8,51,63,22,
8,32,33, 3, 7,15,26,10,14,48,37,50,54,43,17,16,56,21,39,59,52,63,19, 5,44, 1,47,51,28,25,35,41,61,38, 6,34,55, 2,23,18,45,29,24,13,49,30,62,60,42,12,53,11,44,40,58,20, 9,46,27,36,22, 4,57, 0,
34,26,57,16,50,33,39,45,38,14,61,25,48,12,46,40, 5,17,63,47,11,51,41,53,28,35,13,23,18, 1, 9,37,52,58,43,10,62,55,21, 8,59,32,15,29, 7,24,22, 6,56,42,27,30,23,36, 0,54, 2,20,49,44,19, 3, 4,60,
38,56,63,21, 4,39, 5, 0,55, 2,59, 3, 9,61,25,17,30,50,53, 6,13,27,10,24,54,40,43,49,48,16,36,45,47,62,37,58,18,28, 7,14,60,42,26,12,57,32, 8,41,11,52,15,29, 9,46,22,35,44, 1,33,20,34,23,51,19,
40,45,52,24,56,61,59,44,17,21,55, 5,23,38,39,15,60,26,47,18,22,13, 9, 6, 4,27, 8,29, 3,53,49, 2,62,46,14,36,25,50,32,16,28,10,37,34,42,41, 1,48, 0,58,43,19,54,33,20,51, 7,63,12,57,35,30,11,54,
2,52, 5,49,63,56,11,62,44,36, 0,51,40,45, 4, 7,13,57,30,19, 6,24,38,29, 1,21,41,15,35,23,17,58,60,28,10,55,54,20,33, 9,22,61,42,37,39,12,48,34,47,59,32,43,36,50,18,16,46, 3,26,25,14,27,53, 8,
35,37,42,53,26,12,61, 2,40,16,38,39, 3,34,33,27,59,15,52,62, 0,11,48,47,50,51,22,30,25,63,23,14,58,36, 8, 9,46,17,24, 1,55,41,43,19,32, 6,20,18,45,10,13,60,47,49,44, 4,21,57,29, 7,54, 5,56,28,
12,50,20,14,28,46,25,56,61,37,39,18,41,33,62,38, 3,55, 1,53,51,35,32,16,60,34,27, 9, 6, 8,10,26,63,52,15,42,47,59, 2,43, 5, 7,17,49,44,21,13,24, 4,57,40,23,11,58,11,19,45,22,36, 0,29,48,54,30,
51,14,10,47,37,34,38,21,27,53,40,61, 5,35,12,13,55,43,58,46,44, 0, 3,62,26,11,20,60,39,52,30,16,36,49, 1,23,33,15, 6,63,17,48, 8,54,41,18,57,25, 2, 9,22,28, 8,29, 7,56,24,42,19,32, 4,59,45,50,
42,25,54,38,18,20, 1, 5,52,61,63, 8,37,57,22,58,16,62,35,27,23, 9,26,40, 6,10,49, 2,43,34,45,39,51,11,33,56,13,47,55,12,53,50,46, 7,28,17,29,15, 3, 4,36,21,17, 0,30,41,59,19,44,60,32,14,48,24,
20, 6,29,39,24,13,43,48, 1,25, 8,15,50,22,27,63,37,53,12,38,10,42,28,61,21,57,58,56,17,33, 4,18,34,35,62,54,40,16, 5,46,14,60,47, 0,30,59,36,55,41,19,52,45,48,51, 9, 7, 3,49,11,23,44,26,32, 2,
32,46,28,34,62,44,20,39,42,12,57,22,43, 7, 0,10, 1,58,54,51, 3,48,15,35,47,41,23,14,13,19,37,33, 4,56,49,26,11,52,38,29,63,17,36,21,55,40,30,27,25,50, 9,16,24,45, 5, 6,61,60, 2,59,24, 8,18,53,
54,43,32,63,15,29,12,14,35, 1,34,33,25,19,49,51,61,27,42,58,45,56,18,52,17, 4, 0, 5,46,57, 3, 8,10, 9,22,48,36,40,53,20,38, 6,13,60,24,47,44,62,37,41,11,59,49,23, 2,50,16, 7,30,21,28,39,26,55,
58, 5,51,17, 3,63,53,60,62,55,47,16, 2,52, 1,46,24,25,27,43,29,49,45,15,48,36,12, 7,14,40,44,59,13,22,61, 0, 8,18,50,38, 6,56,39,42, 4,26,34,37,30,11,33,32,35,20,19, 9,28,35,57,54,10,21,23,41,
21,58,59,29,52,45, 0,46, 7,49,44,11,27, 2,56,32,22,42,60,54,18, 6,40,19,63,24,48,43,51,30,15,36,28,50, 9,17, 4,57,12,23,20,38,10,14,61,34, 3,35,62,55,41, 8,15,26,25,53,33, 5,37,39,16,13,47, 1,
3,34,37,11,12,41,10,40,23,51, 9,42,63,48,32,30,58,29,45,44,55,59, 1, 0,33, 5,28,47,57,56,53,35, 2,21,54,16, 7,49,13, 4,36, 8,19,18,43,22,50,20,38,14,60,62,31,24,17,39,27,26, 6,15,25,52,61,46,
1,41,12, 5,32,43,37, 9,16, 3,14,26, 4, 8,15,53,45,24,61,55,58,52,54,59, 7,63,62,11,50,39,51,48,38,40,18,35,17,21,30,25, 2,19, 6,22,29,60,46,28,10,34,47, 0,33,27,36,57,23,33,13,49,20,56,42,44,
43, 7,46,48,44,17,50,42,37,41,26,28,19,15,55,14, 4, 2,25, 5,63, 1,29, 3, 0, 8,53,35,60,18,34,32,39,61,24,12,59,45, 9, 6,56,49,21,27,36,23,47,30,57,33,16,51,56,38,52,22,10,62,40,58,13,54,20,11,
30,40, 2,22,38, 9,36,15,29,13,49,58,47,23,10,19,46,34,44,57,50,28,53,20,61,60, 4,18,52, 0, 6,27, 7,32,51,24,42,12, 8,11,33,16,35, 3,14, 1,56,63,17,21,54,25,46,41,26,59,43,45,48,37, 5,62,55,39,
52, 3,35,55,48, 1,16,30,47,59,53,14,45,63, 8,62,21,18,40,15,49,36,56,17,41,58,33,44,37,38, 0, 5,27,13,39,11,43, 6,28,61,24, 4,25,57,54,50,12,26,23,51,46, 7,53,22,29,10,60,34,20,19,42, 2, 9,32,
33,28,22,37,60,62,18, 4,39,26,25, 6,32,46,47,61,48,59, 8,16,35,34, 7,14,30,12,40,10,24,43,42,50, 1,63,17,57,53, 5,45,15, 3,44,55,36, 0, 2,27,21,54,20,38, 9,51,52,51,29,56,13,58,11,49,41,19,23}; |
|
|
| Back to top |
|
|
|
| Tom St Denis... |
| Posted: Fri Oct 16, 2009 9:02 am |
|
|
|
Guest
|
On Oct 16, 11:02 am, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
[quote:ba1d13cc6b]This is sort of a digital signature problem. However I needed a signature (license number) that was
suitable for manual transcription - i.e. less than 30 characters. I think this leaves out RSA. The target
is a smartphone application license activation. I have a smartphone application that is a free
download, but needs activation to convert it from limited features to full-featured.
[/quote:ba1d13cc6b]
The simplest approach is to perform an HMAC and truncate the output.
Embed the key in the app. It'll keep most people honest and the
pirates [who'd defeat the scheme anyways] will thank you for the lack
of work they'd have to do to pirate it. You'll spend less time
worrying about this aspect of the application, etc and so on.
Tom |
|
|
| Back to top |
|
|
|
| Maaartin... |
| Posted: Fri Oct 16, 2009 9:02 am |
|
|
|
Guest
|
On Oct 16, 8:25 pm, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
[quote:4ea7e0cb81]And David, I am not asking anyone to check my work. I have already done that. I have
both the license number generation and license number checking working perfectly.
[/quote:4ea7e0cb81]
You have not. You have done everything except for 2the hardest part -
computing the inverse or showing it's really hard.
[quote:4ea7e0cb81]The reason the code is not fully commented is that if I did that
you would most certainly be able to invert it.
[/quote:4ea7e0cb81]
But then I'm quite sure somebody'll be able to do it without comments.
[quote:4ea7e0cb81]I would gladly use a standard digital
signature technology if I could find one that can use a license number that I could
read to a customer over the phone. A 512-bit RSA signature is just too long to be
transferred that way.
[/quote:4ea7e0cb81]
There was a similar question here already and IIRC the answer was to
use ecliptic curve signatures, there much shorter for the same
security level. I'm not sure if there're short enough for you. |
|
|
| Back to top |
|
|
|
| David Eather... |
| Posted: Fri Oct 16, 2009 9:11 am |
|
|
|
Guest
|
Robert Scott wrote:
[quote:aa530a3199]This is sort of a digital signature problem. However I needed a signature (license number) that was
suitable for manual transcription - i.e. less than 30 characters. I think this leaves out RSA. The target
is a smartphone application license activation. I have a smartphone application that is a free
download, but needs activation to convert it from limited features to full-featured.
I am considering the following approach: The owner name, or device ID, is hashed to 54 bits.
This hash need not be secret, or even cryptographically secure. Then the customer tells me these
54 bits (as a list of 9 numbers ranging up to 63). I apply my secret algorithm and give him a 66-bit
activation code (as a list of 11 numbers ranging up to 63). He enters these 11 numbers into his
smartphone, where my application calls MyName54Gen(), shown below. If MyName54 matches
the original hash of the device ID, then the application enables the paid features. The application
itself it protected from modification by the smartphone OS digital signature, so the
only thing a pirate can try to do is to find an inverse to MyName54Gen(). So that is why I am posting
it here. I would like to see if anyone can reverse MyName54Gen(). The code is only slightly obfuscated
because this is the form a disassembler might produce.
[/quote:aa530a3199]
This is a stupid idea. You are asking people to check your work for free
so you can profit by it, but at the same time you are making it *harder*
for them. No one is going to do this.
If you want someone to help you at least provide well commented code and
be prepared to clarify information in response to questions.
Note the different motivation for the hacker - he may stand to gain
substantially for his work. |
|
|
| Back to top |
|
|
|
| mike clark... |
| Posted: Fri Oct 16, 2009 12:00 pm |
|
|
|
Guest
|
On Oct 16, 3:52 pm, Unruh <unruh-s... at (no spam) physics.ubc.ca> wrote:
[quote:54aa447223]n... at (no spam) dont-mail-me.com (Robert Scott) writes:
On Fri, 16 Oct 2009 10:41:29 -0700 (PDT), Tom St Denis <t... at (no spam) iahu.ca> wrote:
On Oct 16, 11:02=A0am, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
This is sort of a digital signature problem. =A0However I needed a signat> >>ure (license number) =A0that was
suitable for manual transcription - i.e. less than 30 characters. =A0I th> >>ink this leaves out RSA. =A0The target
is a smartphone application license activation. =A0I have a smartphone ap> >>plication that is a free
download, but needs activation to convert it from limited features to ful> >>l-featured.
The simplest approach is to perform an HMAC and truncate the output.
Embed the key in the app. It'll keep most people honest and the
pirates [who'd defeat the scheme anyways] will thank you for the lack
of work they'd have to do to pirate it. You'll spend less time
worrying about this aspect of the application, etc and so on.
And how would this HMAC depend on the device ID? I want to generate a unique license
number for each customer. Up to now I have been hashing the device ID into a license number.
The trouble with that is the code to check the license number is the same as the code
that generates the license number. A pirate need not understand it. He only needs to copy it.
And that has been done. Within 3 months after the last release of my software, I found
pirate-generated license numbers posted on the web. So I decided that one step up from that
would be to find a system that uses one algorithm to generate the license number and
a totally different algorithm to check it in the application - i.e. something like public key
technology. In that case the pirate would need to do more than copy the code he sees
in the application. He would need to understand it so as to be able to invert it.
And David, I am not asking anyone to check my work. I have already done that. I have
both the license number generation and license number checking working perfectly. My
only question is how hard is it for someone to see what is going on and invert the
license number checking. The reason the code is not fully commented is that if I did that
you would most certainly be able to invert it. What I have done is presented as much
information as I could without giving away the method. I realize that this method is not
a good encryption technology for general use. I would gladly use a standard digital
signature technology if I could find one that can use a license number that I could
read to a customer over the phone. A 512-bit RSA signature is just too long to be
transferred that way.
Bob Scott, Michigan
Look. You have a "license checking subroutine" which you sent a query to and it
returns a yes/no answer. The pirate need only replace that with a subroutine which
returns yes for all questions (a trivial binary modification) At that point it
does not matter what your license checking software does.
Now you could be more sneaky, and have self decrypting code, in which the key
subroutines are encrypted and the return from that subroutine must be used to
decrypt those routines. this makes their job slightly harder, introduces bugs, and
makes your program slower.
Pirates will find your routine a challenge. Any homebaked scheme will almost
certainly fall to them.
[/quote:54aa447223]
But as stated in the original post "The application itself it
protected from modification by the smartphone OS digital signature".
So this won't work. |
|
|
| Back to top |
|
|
|
| mike clark... |
| Posted: Fri Oct 16, 2009 12:17 pm |
|
|
|
Guest
|
On Oct 16, 1:40 pm, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
[quote:de7b8f6dd3]On Fri, 16 Oct 2009 11:43:34 -0700 (PDT), Maaartin <grajc... at (no spam) seznam.cz> wrote:
You have not. You have done everything except for the hardest part -
computing the inverse or showing it's really hard.
That's because it is not really hard. But I can prove that I can invert the MyName54Gen() function.
For example, to get {1,2,3,4,5,6,7,8,9} as MyName54[], just use the input of:
In66[] = {15,12,3,22,6,37, 7,37,62,34,43};
If you post another MyName54[], I will post an In66[] that generates it.
Bob Scott, Michigan
[/quote:de7b8f6dd3]
So what you are really saying is that you know the scheme is weak, but
you want to know how weak? Instead of judging how weak your system is
based on the skills of the reverse engineer, why not use something
that you can more easily quantify how weak it is. Remember Kerckhoffs'
principle. I'd look into using ECDSA, but at 66 bits there is only so
much you can hope for. |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Fri Oct 16, 2009 12:25 pm |
|
|
|
Guest
|
On Fri, 16 Oct 2009 10:41:29 -0700 (PDT), Tom St Denis <tom at (no spam) iahu.ca> wrote:
[quote:ae287aef20]On Oct 16, 11:02=A0am, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
This is sort of a digital signature problem. =A0However I needed a signat=
ure (license number) =A0that was
suitable for manual transcription - i.e. less than 30 characters. =A0I th=
ink this leaves out RSA. =A0The target
is a smartphone application license activation. =A0I have a smartphone ap=
plication that is a free
download, but needs activation to convert it from limited features to ful=
l-featured.
The simplest approach is to perform an HMAC and truncate the output.
Embed the key in the app. It'll keep most people honest and the
pirates [who'd defeat the scheme anyways] will thank you for the lack
of work they'd have to do to pirate it. You'll spend less time
worrying about this aspect of the application, etc and so on.
[/quote:ae287aef20]
And how would this HMAC depend on the device ID? I want to generate a unique license
number for each customer. Up to now I have been hashing the device ID into a license number.
The trouble with that is the code to check the license number is the same as the code
that generates the license number. A pirate need not understand it. He only needs to copy it.
And that has been done. Within 3 months after the last release of my software, I found
pirate-generated license numbers posted on the web. So I decided that one step up from that
would be to find a system that uses one algorithm to generate the license number and
a totally different algorithm to check it in the application - i.e. something like public key
technology. In that case the pirate would need to do more than copy the code he sees
in the application. He would need to understand it so as to be able to invert it.
And David, I am not asking anyone to check my work. I have already done that. I have
both the license number generation and license number checking working perfectly. My
only question is how hard is it for someone to see what is going on and invert the
license number checking. The reason the code is not fully commented is that if I did that
you would most certainly be able to invert it. What I have done is presented as much
information as I could without giving away the method. I realize that this method is not
a good encryption technology for general use. I would gladly use a standard digital
signature technology if I could find one that can use a license number that I could
read to a customer over the phone. A 512-bit RSA signature is just too long to be
transferred that way.
Bob Scott, Michigan |
|
|
| Back to top |
|
|
|
| Fabrice... |
| Posted: Fri Oct 16, 2009 1:23 pm |
|
|
|
Guest
|
On Oct 16, 8:02 am, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
[quote:236925f075]This is sort of a digital signature problem. However I needed a signature (license number) that was
suitable for manual transcription - i.e. less than 30 characters. I think this leaves out RSA. The target
is a smartphone application license activation. I have a smartphone application that is a free
download, but needs activation to convert it from limited features to full-featured.
I am considering the following approach: The owner name, or device ID, is hashed to 54 bits.
This hash need not be secret, or even cryptographically secure. Then the customer tells me these
54 bits (as a list of 9 numbers ranging up to 63). I apply my secret algorithm and give him a 66-bit
activation code (as a list of 11 numbers ranging up to 63). He enters these 11 numbers into his
smartphone, where my application calls MyName54Gen(), shown below. If MyName54 matches
the original hash of the device ID, then the application enables the paid features. The application
itself it protected from modification by the smartphone OS digital signature, so the
only thing a pirate can try to do is to find an inverse to MyName54Gen(). So that is why I am posting
it here. I would like to see if anyone can reverse MyName54Gen(). The code is only slightly obfuscated
because this is the form a disassembler might produce. That is why variable names are not descriptive.
The code is standard C that will run under any C compiler. For example, try to find a 66-bit In66[] that
will produce MyName54[] = {1,2,3,4,5,6,7,8,9}.
By the way, if anyone knows of an alternative to this system, perhaps using some kind of public key
digital signature with signatures no bigger than 66 bits, I would like to hear about it. Anyway, here
is the code:
(-Bob Scott, Michigan)
[/quote:236925f075]
I'll perform a reverse analysis of your scheme for a flat fee... |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Fri Oct 16, 2009 1:40 pm |
|
|
|
Guest
|
On Fri, 16 Oct 2009 11:43:34 -0700 (PDT), Maaartin <grajcar1 at (no spam) seznam.cz> wrote:
[quote:f59001366c]You have not. You have done everything except for the hardest part -
computing the inverse or showing it's really hard.
[/quote:f59001366c]
That's because it is not really hard. But I can prove that I can invert the MyName54Gen() function.
For example, to get {1,2,3,4,5,6,7,8,9} as MyName54[], just use the input of:
In66[] = {15,12,3,22,6,37, 7,37,62,34,43};
If you post another MyName54[], I will post an In66[] that generates it.
Bob Scott, Michigan |
|
|
| Back to top |
|
|
|
| Fabrice... |
| Posted: Fri Oct 16, 2009 1:44 pm |
|
|
|
Guest
|
On Oct 16, 4:28 pm, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
[quote:824791621c]On Fri, 16 Oct 2009 21:52:58 GMT, Unruh <unruh-s... at (no spam) physics.ubc.ca> wrote:
Look. You have a "license checking subroutine" which you sent a query to and it
returns a yes/no answer. The pirate need only replace that with a subroutine which
returns yes for all questions (a trivial binary modification) At that point it
does not matter what your license checking software does.
Maybe you missed my very first posting, but this application is targetted at
smartphones with and OS-supplied digital signature chained to Verisign. The
pirates cannot modify the code without getting Verisign to re-sign it for them.
My experience has been that pirates are much more inclined to try to generate
license numbers than to modify the software itself.
Bob Scott, Michigan
[/quote:824791621c]
I hope you are not targeting iPhones :)
I'm serious about my previous offer though, it would be a very modest
fee and any result would be confidential. I'm not out to extort money
from you (I'm assuming you are an independent developer with not much
money) but I'm not going to work for free on my week-end :)
Or I might take a jab at it just for fun, but then no exclusivity :)
I wonder if your stuff would be covered by DMCA ... |
|
|
| Back to top |
|
|
|
| Andrew Swallow... |
| Posted: Fri Oct 16, 2009 3:52 pm |
|
|
|
Guest
|
Robert Scott wrote:
{snip}
[quote:8c44be52ea]
I am considering the following approach: The owner name, or device ID, is hashed to 54 bits.
[/quote:8c44be52ea]
You need a method of ensuring that the owner name is unique. You are
on a smart phone so it may be able to phone back to your server.
Andrew Swallow |
|
|
| Back to top |
|
|
|
| Unruh... |
| Posted: Fri Oct 16, 2009 3:52 pm |
|
|
|
Guest
|
none at (no spam) dont-mail-me.com (Robert Scott) writes:
[quote:f27ad019e0]On Fri, 16 Oct 2009 10:41:29 -0700 (PDT), Tom St Denis <tom at (no spam) iahu.ca> wrote:
On Oct 16, 11:02=A0am, n... at (no spam) dont-mail-me.com (Robert Scott) wrote:
This is sort of a digital signature problem. =A0However I needed a signat=
ure (license number) =A0that was
suitable for manual transcription - i.e. less than 30 characters. =A0I th=
ink this leaves out RSA. =A0The target
is a smartphone application license activation. =A0I have a smartphone ap=
plication that is a free
download, but needs activation to convert it from limited features to ful=
l-featured.
The simplest approach is to perform an HMAC and truncate the output.
Embed the key in the app. It'll keep most people honest and the
pirates [who'd defeat the scheme anyways] will thank you for the lack
of work they'd have to do to pirate it. You'll spend less time
worrying about this aspect of the application, etc and so on.
And how would this HMAC depend on the device ID? I want to generate a unique license
number for each customer. Up to now I have been hashing the device ID into a license number.
The trouble with that is the code to check the license number is the same as the code
that generates the license number. A pirate need not understand it. He only needs to copy it.
And that has been done. Within 3 months after the last release of my software, I found
pirate-generated license numbers posted on the web. So I decided that one step up from that
would be to find a system that uses one algorithm to generate the license number and
a totally different algorithm to check it in the application - i.e. something like public key
technology. In that case the pirate would need to do more than copy the code he sees
in the application. He would need to understand it so as to be able to invert it.
And David, I am not asking anyone to check my work. I have already done that. I have
both the license number generation and license number checking working perfectly. My
only question is how hard is it for someone to see what is going on and invert the
license number checking. The reason the code is not fully commented is that if I did that
you would most certainly be able to invert it. What I have done is presented as much
information as I could without giving away the method. I realize that this method is not
a good encryption technology for general use. I would gladly use a standard digital
signature technology if I could find one that can use a license number that I could
read to a customer over the phone. A 512-bit RSA signature is just too long to be
transferred that way.
Bob Scott, Michigan
[/quote:f27ad019e0]
Look. You have a "license checking subroutine" which you sent a query to and it
returns a yes/no answer. The pirate need only replace that with a subroutine which
returns yes for all questions (a trivial binary modification) At that point it
does not matter what your license checking software does.
Now you could be more sneaky, and have self decrypting code, in which the key
subroutines are encrypted and the return from that subroutine must be used to
decrypt those routines. this makes their job slightly harder, introduces bugs, and
makes your program slower.
Pirates will find your routine a challenge. Any homebaked scheme will almost
certainly fall to them. |
|
|
| Back to top |
|
|
|
| Carsten Krueger... |
| Posted: Fri Oct 16, 2009 4:43 pm |
|
|
|
Guest
|
Am Fri, 16 Oct 2009 15:02:06 GMT schrieb Robert Scott:
[quote:7d3e533661]The application
itself it protected from modification by the smartphone OS digital signature, so the
[/quote:7d3e533661]
People who pirate the application altough crack the OS so the digital
signature is no protection.
For a secure digital signature you need more bits.
ECC would be good.
But it's useless anyway.
greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/ |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Fri Oct 16, 2009 5:28 pm |
|
|
|
Guest
|
On Fri, 16 Oct 2009 21:52:58 GMT, Unruh <unruh-spam at (no spam) physics.ubc.ca> wrote:
[quote:c70f7fbd60]Look. You have a "license checking subroutine" which you sent a query to and it
returns a yes/no answer. The pirate need only replace that with a subroutine which
returns yes for all questions (a trivial binary modification) At that point it
does not matter what your license checking software does.
[/quote:c70f7fbd60]
Maybe you missed my very first posting, but this application is targetted at
smartphones with and OS-supplied digital signature chained to Verisign. The
pirates cannot modify the code without getting Verisign to re-sign it for them.
My experience has been that pirates are much more inclined to try to generate
license numbers than to modify the software itself.
Bob Scott, Michigan |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Fri Oct 16, 2009 5:32 pm |
|
|
|
Guest
|
On Fri, 16 Oct 2009 22:52:54 +0100, Andrew Swallow <am.swallow at (no spam) btopenworld.com>
wrote:
[quote:a844297995]Robert Scott wrote:
{snip}
I am considering the following approach: The owner name, or device ID, is hashed to 54 bits.
You need a method of ensuring that the owner name is unique. You are
on a smart phone so it may be able to phone back to your server.
[/quote:a844297995]
Every smartphone has a unique device ID that cannot be changed. I could use
that. In fact, I just use the Owner Name. I realize that there is nothing
preventing someone from putting someone else's name in as the owner name, but
most people don't want to do that. And I don't want to be too hard on
legitimate customers who may have good reasons for changing phones. |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Thu Dec 10, 2009 11:41 pm
|
|