Search
Latest Posts Categories
Links
February 24th, 2010 Sorry, no bonus…

It has been pretty long time since I posted last note… And this time don’t have good news.

Some time ago I confirmed the Windows 7 SDCs are encrypted with Blowfish. Not entire archive – just the headers, but still – you need two 32-character keys that are hardcoded in the original downloader .exe and different at least for each university. Blowfish is pretty strong encryption, bruteforcing it with keys of this length is mission impossible. Plain text attacks are not a solution for BF too.

Nice job Greg from MS (finally)! I guess that’s your name looking at names of temporary files your soft creates ;)

comments are open 5 comments

August 29th, 2009 Updated protection schema

In last few days I noticed many comments complaining about files that UnpackSDC can’t handle. I downloaded one of files that the tool failed to decrypt and it looks MS changed encryption schema again… ;/

The good thing is that I already have original MSDNAA downloader handling new file format so hopefully unpacksdc will be able to deal with it in short time – I just need to take look and analyze if that’s something breakable again ;)

UPDATE: I didn’t have chance to debug the downloader yet, but from static code analysis looks like Blowfish is in use. I will try to figure out if the encryption key is static once I find some time to run a debugger.

comments are open 2 comments

August 28th, 2009 unpacksdc 2.0 approaching…

Small announcement – I’m working on 2.0 version of unpacksdc. Main goals of the release:

  • Both command line and nice wizard user interface
  • Support for few more file types used for heuristic encryption key detection (e.g. .msi)
  • Native support for multipart cabinets – copy /b will be no longer required for such archives ;)

You should be able to get it in a week or two – depends on amount of time I’ll be able to spend on coding.

comments are open 6 comments

March 24th, 2009 UnpackSDC 1.1 – bits of heuristics

I didn’t have much time recently, but I finally updated sdc unpacker. Now it can decode new MS protection schema ;)

As many people noticed, unpacksdc didn’t work well with new sdc files. For some reason, MS decided to use additional ‘encryption’ for packed files. Although encryption is simple xor, the encryption key is not stored anywhere in the file. I spent few hours debugging original downloader to find out where it comes from and apparently it is stored in encrypted form in downloader executable along with proper sdc CRC32. So – it looks unbreakable, but that’s not completely true ;)

Unfortunately for MS, they used xor “encryption” with constant, 1 byte key, so why don’t we scan for known file types in the container and calculate the key ourselves? – That’s what unpacksdc 1.1 does!

Download link: unpacksdc11.zip.
Enjoy!

comments are open 39 comments

May 23rd, 2008 SCD Unpacking problems

I’m receiving some complaints about problems with some sdc files, here’s what can you do:

  • Use sdc unpacker without skipcrc switch, so the file is validated before unpacking
  • If you get “CRC error” it means that the file is broken and unpacker won’t be able to unpack its contents
  • Try downloading the file again, maybe using other source?
  • If you’re sure the file is ok but sdc unpacker can’t handle it properly – drop me a link to the sdc file in a comment
comments are open 56 comments

January 30th, 2008 The Unpacker and multi-part SDC files

I’m getting more and more questions if SDC Unpacker can handle splitted archives.
The answer is… No, or even Yes ;)

The unpacker can’t handle this kind of files by itself, but there is a simple workaround – you have to merge sdc parts before you run the unpacker. You can use “copy” command, e.g.:

copy /b archivepart.01.sdc+archivepart.02.sdc mergedarchive.sdc

Now you can use sdc unpacker to decrypt mergedarchive.sdc

Simple, isn’t it? ;)

comments are open 26 comments

December 10th, 2007 SDC unpacker

Attachments: unpacksdc.zip

Last time I had a “little” problem with MSDNAA (MSDN Academic Alliance). I’ve been downloading VisualStudio 2005 when the MS downloader failed for some reason. It was unable to download the SDC file from server for some times, then it told me I already downloaded it. Damn!

I requested reinstall from the ELMS site… Nothing happened by ~2 weeks, noone contacted me with instructions. Unfortunately you can’t order VS 2005 on dvd from ELMS.

But… there are some locations (even my university has one ;) ) you can download compressed and “protected” iso images from. So, I did an experiment. I downloaded a downloader for something like ms crc305 or sth, renamed downloaded sdc file of VisualStudio to crc305.sdc and run the downloader to unpack it. I was a bit surprised, but I got decrypted iso file ;) That means there is no file or product-specific encryption key, so probably someone wrote generic unpacker for this kind of files.  So I started looking for it and found nothing… except two SDC Wrappers – tools for creating sdc files, but without unpacking option. In fact these wrappers contain full unpacking procedures, but I was too lazy to find how to enable it on the UI.

After few hours debugging and coding I wrote complete unpacker for this kind of files. You can grab it here. It’s a console tool, it will print valid commandline when you run it without parameters. If you find sdc file that is not supported by this tool, just let me know (eg. write the comment with a link to sdc file). As I hate zlib, you will need .NET framework to run it (yeah, DeflateStream rocks!). Maybe some day I will port it to C++, so you will get native windows exe, or maybe even source code ;)

You have to remember that you can download sdc files and decompress them freely, but you shouldn’t install software it contains until you “purchase” it on your academy ELMS site. In most cases you will need the key that is provided after checkout, otherwise the software won’t install or run.

comments are open 57 comments

December 7th, 2007 Hello world!

Yep, just started the bloggy thing there…

comments are open 5 comments

/ / ()