Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 18:09

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 
Author Message
 Post subject: Recovering the lost cdkey of Electronic Arts game
PostPosted: 05 Aug 2008 05:52 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have just installed Battlefield 2 and after having installed the patch I have seen that now the cdkey is (luckily) no longer in plain text, anyway the following method should work with any other game released by Electronic Arts.
The "luckily" was referred to the security side because naturally if for some reasons is no longer possible to remember the serial everything is lost.

First download my "cunprot" tool:

http://aluigi.org/pwdrec.htm#cunprot

Then open the registry editor (regedit) and go in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Electronic Arts\EA Games
or
HKEY_LOCAL_MACHINE\SOFTWARE\Electronic Arts\Electronic Arts

where are listed some games like, in my case, "Battlefield 2".
in each game there is a registry key called "ergc" which contains a long string.

now copy the string in a new text file.
if it starts with a x (I don't know if it can have other chars) it's enough to remove the first 5 chars of the string, so if the string is x939201000000d08c...123 delete x9392, so it must start with 010000...

now drag the new text file over the cunprot.exe file and will be showed your saved serial.
cunprot can be used from command-line too so is possible to avoid the creation of the text file and pasting the encrypted string directly on the console.

remember that the type of encryption adopted by Electronic Arts is machine dependent, so if you have reinstalled Windows or are on another PC or with another account you can't recover your serial (this is the security about I talked before)


Last edited by aluigi on 05 Aug 2008 07:28, edited 1 time in total.

Top
 Profile  
 
 
 Post subject:
PostPosted: 05 Aug 2008 06:27 

Joined: 16 Aug 2007 06:25
Posts: 367
Very nice work!

Here is a neat trick you can do if you need change your cd-key very quickly for BF2 (and possibly other games). Since there is no in-game option to allow you to do this, EA Support typically makes you type the key in plain text in the registry and reinstall the latest patch (to re-encrypt it).

But if you wan't a quick way to change your cd-key without having to reinstall:

1) Goto the registry entry where your cd-key is, for example: HKEY_LOCAL_MACHINE\SOFTWARE\Electronic Arts\EA GAMES\Battlefield 2\ergc

2) Enter your cd-key like so: x9392CDKEYHERE

The cd-key should be in all caps, without dashes. You can change your cd-key like this without even having to restart the game (while you're in the choose a server menu), but the disadvantage is that you don't have the encryption.


Top
 Profile  
 
 Post subject:
PostPosted: 05 Aug 2008 18:59 

Joined: 16 Aug 2007 06:25
Posts: 367
Hey luigi,

Would you happen to know much about VB6? I am looking to use the CryptUnprotectData function to decrypt these hex strings to their original form in VB6. Is the hex string just a simple way of storing the encrypted data (instead of storing a raw string with weird characters)?

I have checked google, but most of the code samples for the crypt32.dll or CryptUnprotectData were bloated, or I couldn't get them to work correctly with the hex string that BF2, .RDP, etc provide for us (maybe they want the string in a different form). I must have scanned through the first 5 pages of search results too :P, which is why I was hoping you knew some simple code that just gets the decryption done.

What would be nice is a to have a textbox with the hex string, another textbox to output the decrypted data, and a command button to initiate the function. Any ideas?

Edit: Here is some sample code, but clicking the button returns "0" to text2.text. I have also tried without the HextoAsc function, same result. Any ideas on tweaking it to work so it decrypts the string to text2.text?

Code:
Option Explicit

Private Type DATA_BLOB
   cbData As Long
   pbData As Long
End Type

Private Declare Function CryptProtectData _
   Lib "crypt32.dll" ( _
   ByRef pDataIn As DATA_BLOB, _
   ByVal szDataDescr As String, _
   ByRef pOptionalEntropy As Any, _
   ByRef pvReserved As Any, _
   ByRef pPromptStruct As Any, _
   ByVal dwFlags As Long, _
   ByRef pDataOut As DATA_BLOB) As Long

Private Declare Function CryptUnprotectData _
   Lib "crypt32.dll" ( _
   ByRef pDataIn As DATA_BLOB, _
   ByVal ppszDataDescr As String, _
   ByRef pOptionalEntropy As Any, _
   pvReserved As Any, _
   ByRef pPromptStruct As Any, _
   ByVal dwFlags As Long, _
   ByRef pDataOut As DATA_BLOB) As Long


Private Sub Command1_Click()
    Dim udtDataIn As DATA_BLOB
    Dim udtDataOut As DATA_BLOB
    Dim sString As String
    Dim aData() As Byte
   
    sString = HexToAsc(Text1.Text)
    aData() = sString
   
    udtDataIn.cbData = UBound(aData)
    udtDataIn.pbData = VarPtr(aData(0))
   
    Text2.Text = CryptUnprotectData(udtDataIn, ByVal 0, ByVal vbNullString, ByVal vbNullString, ByVal vbNullString, ByVal 1, udtDataOut)
End Sub

Private Function HexToAsc(sString As String) As String
    Dim X As Long
    For X = 1 To Len(sString) Step 2
    HexToAsc = HexToAsc & Chr$(Val("&H" & Mid$(sString, X, 2)))
    Next
End Function


Top
 Profile  
 
 Post subject:
PostPosted: 05 Aug 2008 20:07 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ppszDataDescr and pDataOut.pbData are unicode, have you converted them to ascii before visualizing them?


Top
 Profile  
 
 Post subject:
PostPosted: 05 Aug 2008 20:35 

Joined: 16 Aug 2007 06:25
Posts: 367
I'm not sure of a function to do so. But I don't even think the code is correct to begin with, as it just returns a 0 no matter what I input. Wouldn't it show blank spaces, or garbage data if there was unicode?

VB is pretty confusing to me with the declaring DLLs and all this stuff. I was hoping this would be pretty simple since it looks like a widely used library, but I haven't had any luck :(


Top
 Profile  
 
 Post subject:
PostPosted: 05 Aug 2008 23:19 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in case of doubts use olly and place a breakpoint on CryptUnprotectData first on cunprot and then your program and check the differences


Top
 Profile  
 
 Post subject:
PostPosted: 06 Aug 2008 11:30 

Joined: 16 Aug 2007 06:25
Posts: 367
I've decided to scrap that project. Was running into too many problems. VB6 just seems too ancient to use anymore.

But would you happen to know how to solve these compiling errors? I'm using your source code, with gcc like so: gcc cunprot.c -o c:\output.txt

Thanks

Code:
C:\Documents and Settings\user\Desktop\cunprot\cunprot.c: In function `decshow':
C:\Documents and Settings\user\Desktop\cunprot\cunprot.c:206: warning: passing ar
g 1 of `wcheck' from incompatible pointer type
C:\Documents and Settings\user\Desktop\cunprot\cunprot.c:255:2: warning: no newli
ne at end of file
C:\DOCUME~1\user\LOCALS~1\Temp/ccyqaaaa.o(.text+0x3e2):cunprot.c: undefined refer
ence to `stristr'
C:\DOCUME~1\user\LOCALS~1\Temp/ccyqaaaa.o(.text+0x5c6):cunprot.c: undefined refer
ence to `CryptUnprotectData'
collect2: ld returned 1 exit status


Top
 Profile  
 
 Post subject:
PostPosted: 06 Aug 2008 11:59 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
remember to use cunprot 0.1.1 which I have released yesterday, there was a small off-by-one bug in some cases and then I have added support for the x9392 stuff.
so the first 2 warnings (in reality the one of the newline at the end of the file is strange since there are 3 new lines in cunprot.c) are gone while for the undefined reference add c:\mingw\lib\libcrypt32.a to the compilation command


Top
 Profile  
 
 Post subject:
PostPosted: 06 Aug 2008 12:27 

Joined: 16 Aug 2007 06:25
Posts: 367
Thanks sir, got it working :). Here is exactly what I did (just for future reference):

gcc cunprot.c -o output.exe stristr.c c:\mingw\lib\libcrypt32.a

I had to add stristr.c (http://aluigi.org/mytoolz/stristr.c) because it was complaining about an undefined refrence to it :P

Thanks again!


Top
 Profile  
 
 Post subject: Re: Recovering the lost cdkey of Electronic Arts game
PostPosted: 15 Apr 2009 04:42 

Joined: 15 Apr 2009 04:41
Posts: 2
This does not seem to work anymore has the algorithm changed?


Top
 Profile  
 
 Post subject: Re: Recovering the lost cdkey of Electronic Arts game
PostPosted: 15 Apr 2009 05:09 

Joined: 15 Apr 2009 04:41
Posts: 2
nvm got it to work. Seems my registry value was corrupted and by running the 1.41 patch again it fixed it.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: