IT faggots/street shitters: please explain this in layman's terms

[Coonskin]

I downloaded a torrent and this basically explains how the password was cracked. Do any of you understand this?

Here is how U-he main protection works:

1. Generate value (0 - 2047) from the licensee name.
We call this value "UserValue".
2. Get the hash of serial number by UrsHash.
UrsHash is combination of WHIRLPOOL512 and SHA512)
3. Get hardcodedHash[UserValue] and compare with calculated hash.
If it matches, license = OK.

This means, serial number is not generated for users dynamically. The hash
of all serial numbers are hardcoded to the app since the first release. User
name is just used to determine which correct serial number to assign. This
is good if dev has many customers, otherwise serial check will be dull and
slow (check all hardcoded serials one by one, this is done by RobPapen).

However, there is the weak point in this "wise" protection. Once legit serial
numbers are leaked, that serial number can be used to other name. You can
make another licensee for that serial by colliding "UserValue". This is not
easy to avoid. Blacklisting the leaked serial number can affect to the legit
users too, because that user may have same UserValue with leaked licensee.

In short:
- Uhe app contains 2048 correct hashed serial numbers.
- Calculate valid serial from hashed serial is nearly impossible.
- User A and User B may have same legit serial number.
-> Generate another valid name for leaked serial can be possible.

Enjoy checking many security aspects for the uhe type protection.
These UserValue+Hash protection is used by Arturia, Audiority, SonicAcademy,
LVC-Audio, Youlean etc. Valid user+serial pair can be made from legit serial.

 

[Punished Dan Mullen]

Wtf did you download

 

[Coonskin]

Wtf did you download

Repro: Two classic analogue synths recreated

Repro: Two classic analogue synths recreated

u-he.com

Synthesizer for Ableton

 

[AntSucks]

Yeah, I mean, he explains it pretty well.

They took some shortcuts when they designed the algorithm that generates the serial number. It allows other names to be linked to that serial number now and they can't block it because it also belongs to a legit user.

 

[Punished Dan Mullen]

Does the package includes a keygen or whatever, did your copy generate a license file/ID or whatever?

 

[Coonskin]

Does the package includes a keygen or whatever, did your copy generate a license file/ID or whatever?

No it must have been built into the installer or something, I didn't have to replace any files or generate a key. If this wasn't too difficult I would try it for their other software but idk what kinda tools that needs

 

[Punished Dan Mullen]

No it must have been built into the installer or something, I didn't have to replace any files or generate a key. If this wasn't too difficult I would try it for their other software but idk what kinda tools that needs

I think what they were saying is to use a generic calculator to generate your own key, is there a machine ID or what ever in the about page in the software

 

[Coonskin]

I don't even see where the key is? The about page says it's registered to someone and the license file doesn't show a key. It's not a huge deal but I'm kind of intrigued on how shit like this is done.

The license file actually says it's freeware so I'm just gonna say fuck it this is confusing.

nice thread stupid

 

[diane]

If you want to read about the mathematical side of it look up hash function collisions.

The plugin basically has a list of valid sausage types embedded in it, but not the ingredients to make those sausages. So when you present it with a sausage, it can taste test and tell whether you had the secret sausage recipe or not, even though it doesn't have the secret sausage recipe itself. It just knows how to recognize a sausage that tastes right.

Now if you have a sausage testing machine but not the secret recipe, you could just keep making different sausages with varying recipes until the machine says our recipe was valid, and now you have the secret recipe. If you wanted to guess how to make a given sausage, it would be fairly easy to figure out the proportions if that sausage only had 2 ingredients. Just change the ingredients a little bit over and over until it works. But if the sausage had 200 ingredients, it would be exponentially harder to figure out the correct proportions since there are so many more moving parts to figure out.

In this case, they didn't use a very wide variety of ingredients, only like 11, so you can write a computer program that will eventually guess a recipe (user name) that matches one of the secret sausage recipes. You could probably even force it and find a variation of Joseph Cumia + a few random letters that validates.

 

[Punished Dan Mullen]

I don't even see where the key is? The about page says it's registered to someone and the license file doesn't show a key. It's not a huge deal but I'm kind of intrigued on how shit like this is done.

The license file actually says it's freeware so I'm just gonna say fuck it this is confusing.

nice thread stupid

i have googled this shit too much for no reason but its not free they put crackling sounds in their Demo ver of the software

 

[Coonskin]

i have googled this shit too much for no reason but its not free they put crackling sounds in their Demo ver of the software

Lol sneaky motherfuckers

Thanks @diane

 

[MilwaukeeStrangler]

https://audioz.download/ incase you weren't aware

all direct downloads

 

[Coonskin]

https://audioz.download/ incase you weren't aware

all direct downloads

I wasn't thanks. This is like CGPeers for music shit looks really cool