=====WARNING: This article is for Academic purposes ONLY and not with intention to make profits or resell.=====
As an engineer myself, I am always curious about how the things work. I could even remember when I was in high school, I used my pocket money to buy a book titled Applied Cryptography, of course it is a Chinese version. I was amazed by the encryption algorithm, such as MD5, RSA, SHA, etc. I bought a DLL plug-in to make my home-brewed software have registration functionality. (I should have studied IT security, shouldn’t I?)
Time flies, I choose Mechanical Engineering to be my major in University but it did not change my ambitious as well as my field of interest. I remembered the first few days I bought my Arduino kit, I was trying to dig some interesting protocols for encryptions using that microcontroller. Well, it’s a 8-bit MCU so it is not likely possible to implement strong algorithms like RSA and MD5. I found someone making CRC32 and SHA on that platform but it will take a few seconds to get the work done.
Anyway, I am talking too much about the past so let’s get into this topic.
Just a couple of days ago, I was given 3 Cisco PIX-515E firewall with Unrestricted (UR) License. To be honest, I had really no idea with these firewalls and only know about the Cisco ISR series during that time (Yes, I am studying CCNA at the moment and the PIX firewalls are unwanted free gift from one eBay seller.). Soon after, I found the ASA could be a very useful equipment in networking as they are capable of doing not only the fire fighters job, but also be NAT/PAT tasks.
I watched a youtube video and the instructor tried to use valid Serial Number and Activation Keys to activate the “virtual” PIX-515E in GNS3 software. As a result, I was getting much more interested in the activation key algorithms than ever! I had a brief look on the eBay.com.au, there were couple of sellers who were selling UR Licenses at a premium price and it looked like a must have (handy) bundle for CCNP students.
I was accidentally got an article on one Russia website, and one of the ‘hacker’ revealed the software algorithm for the UR license key so I would like to write an English version to make it clearer.
======Please ignore above paragraphs if you are above the CCNA level :-).======
I need to grab a working SN and Key to verify the process is all working. So I grabbed a victim on eBay:
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 809112952
Running Activation Key: 0x4b7c1873 0x54ce958f 0x7b74b95e 0x569def49
Firstly, we need to convert the Serial Number from DEC to HEX. Just use the calculator to conduct the conversion.
DEC(809112952)=HEX(0x 30 3A 15 78)
Secondly, we need to make the inversion of the digits.
30 3A 15 78 => 78 15 3A 30 => 78153A30
Refer to the original discussion, we need to put inverted value of the license type mark (AES+DES+UR = 0x00000039) to the beginning of the SN we have just converted.
“39000000” + “78153A30” = 3900000078153A30
Then we needs a MD5 conversion using a perl syntax:
If you are running or having a Mac or Linux based O/S, just using the following command:
perl -e ‘use Digest::MD5 qw(md5_hex); print md5_hex(pack(“H*”, “390000006C394E30“))’
If you cannot have access to the Linux or Unix based PC, you can use online compiler, such as: http://www.tutorialspoint.com/execute_perl_online.php. You need to remember that the command will be slightly different:
qw(md5_hex); print md5_hex(pack(“H*”, “390000006C394E30“))
You will get the following result:
73187c4b 8f95ce54 5eb9747b 49ef9d56
Last step, we need to separate the result to 4 groups (shown above), and make the inversion AGAIN to get the final result! You’ll get the same result with our victim’s answer:
0x4b7c1873 0x54ce958f 0x7b74b95e 0x569def49
Not that bad!