It has been pretty long time since I posted last note… And this time don’t have good news.

Some time ago I confirmed the Windows 7 SDCs are encrypted with Blowfish. Not entire archive – just the headers, but still – you need two 32-character keys that are hardcoded in the original downloader .exe and different at least for each university. Blowfish is pretty strong encryption, bruteforcing it with keys of this length is mission impossible. Plain text attacks are not a solution for BF too.

Nice job Greg from MS (finally)! I guess that’s your name looking at names of temporary files your soft creates

5 comments

In last few days I noticed many comments complaining about files that UnpackSDC can’t handle. I downloaded one of files that the tool failed to decrypt and it looks MS changed encryption schema again… ;/

The good thing is that I already have original MSDNAA downloader handling new file format so hopefully unpacksdc will be able to deal with it in short time – I just need to take look and analyze if that’s something breakable again

UPDATE: I didn’t have chance to debug the downloader yet, but from static code analysis looks like Blowfish is in use. I will try to figure out if the encryption key is static once I find some time to run a debugger.

2 comments

Small announcement – I’m working on 2.0 version of unpacksdc. Main goals of the release:

• Both command line and nice wizard user interface
• Support for few more file types used for heuristic encryption key detection (e.g. .msi)
• Native support for multipart cabinets – copy /b will be no longer required for such archives

You should be able to get it in a week or two – depends on amount of time I’ll be able to spend on coding.

6 comments

Yep, just started the bloggy thing there…

5 comments