Kremlin 1.1, a stupidly protected encryption utility
(An useful encryptor for our studies, btw)
HCU

by Jon

(17 August 1997, slightly edited by Reverser)


Courtesy of Reverser's page of reverse engineering

Well, it's pretty obvious how much important this kind of targets are for our trade: encryption and decryption (in a broad sense :-) are similar activities.

Yet I'm not happy with the fact that an +HCU follower (and that's what Jon is, despite the fact that he is a newbye) has not finished a good reverse engineering work... and await Jon's completation of this essay... the scheme in Kremlin is indeed very easy to reverse: there is no point in simply having ONE choice of encryption algorhytm if you can easily have all of them... Jon, are you reading this?


Kremlin 1.1	

Download Kremlin 1.1 at http://wwww.mach5.com/

I found this nice shareware utility a day I was searching for an encryption
utility. It looked pretty good, so I decided to try it. 
Of course, like all shareware programs, it had a nag-screen and some
limitations. It didn't look too hard to crack, since it only uses a simple 
registration-code scheme. I looked trough the help-file to find some hints, 
and I found out that it had two types of registration-codes, one to 
remove the nag, and one that not only removes the nag, but also enables all 
encryption algorithms. I also found that both codes should be 10 digits long 
(as you can see, it is always worth to check first of all the target's own 
documentation :-)
Since I'm not so familiar with Softice yet, I decided to try an easier way 
to crack this target: the Windows registry approach. 
I looked at HKEY_CURRENT_USER\Software\Mach5 Software\Kremlin, and found 
something interesting: the key "glommer". 
I tried to change its value to 10 random numbers (because the size of the 
code is 10 numbers long), and then I started Kremlin.
The nag was gone!This is an incredible stupid protection scheme! 
But there was still a problem: the "limitation" that the help file spoke of: 
the strongest encryption-algorithms were still missing. 
I tried everything in the program to find any hints, and then I noticed that 
in the options-menu there was the option "Remember last algorithm used". 
I checked it, selected an algorithm and encrypted a random file (to allow
the program to record the last algorithm used). 
I quitted Kremlin, and started regedit. 
Now there were quite a lot of new keys. 
The most interesting was "actualalg" (actual algorithm). 
I changed its value to 1, and started Kremlin, and now the before unselectable 
"Blowfish" algorithm was selected and ready to use!
This means that you can change this value to select any one of the following
algorithms: ASCII=0, Blowfish=1, DES=2, IDEA=3, NewDES=4, Psuedo-RC4=5,
Safer=6 and Vigenere=7. 
This protection-scheme is probably the most stupid that exist, since even a 
newbie cracker, like myself, can quikly figure it out without using a debugger or 
a disassembler! 
BTW, when you have edited the registry to use your favorite algorithm, and start 
Kremlin, DON'T select another algorithm inside it, since that algorithm will then 
be the default.

Enjoy!

Jon 

   
(c) jon 1997. All rights reserved
You are deep inside reverser's page of reverse engineering, choose your way out:

Project 7
homepage links red anonymity +ORC students' essays academy database
tools cocktails antismut CGI-scripts search_forms mail_Reverser
Is reverse engineering illegal?