Skip to content

Latest commit

 

History

History
350 lines (215 loc) · 20.4 KB

README.HOW_DOES_IT_WORK.md

File metadata and controls

350 lines (215 loc) · 20.4 KB
Raw

How is "rarreg.key" generated?

WinRAR uses an ECC-based signature algorithm to generate rarreg.key. The algorithm it used is a variant of Chinese SM2 digital signature algorithm. Different to many standard ECDSAs, the curve that WinRAR selected is a curve over composite field GF2p15p17-inlined GF2p15p17-inlined.

1. Composite field GF2p15p17-inlined GF2p15p17-inlined

Elements in ground field GF2p15-inlinedGF2p15-inlined are represented with standard basis, i.e. polynomial basis. The irreducible polynomial is

where each coefficients is in GF2-inlinedGF2-inlined. If we use

as the standard basis of the ground field, an element AA in GF2p15-inlinedGF2p15-inlined can be denoted as

The irreducible polynomial of composite field GF2p15p17-inlined GF2p15p17-inlined is

where each coefficients is in GF2p15-inlinedGF2p15-inlined. If we use

as the standard basis of the composite field, an element BB in GF2p15p17-inlined GF2p15p17-inlined can be denoted as

For clarity, we use DD , which is a 255-bits-long integer to denote an element BB in GF2p15p17-inlined GF2p15p17-inlined. The map between them is

2. Elliptic curve over GF2p15p17-inlined GF2p15p17-inlined

The equation of the elliptic curve that WinRAR uses is

The base point GG is

whose order nn is

3. Message hash algorithm

We use

to denote a message whose length is ll. So the SHA1 value of MM should be

where s0,4s0,4 are 5 state values when SHA1 outputs. Generally speaking, the final SHA1 value should be the join of these 5 state values while each of state values is serialized in big-endian.

However, WinRAR doesn't serialize the 5 state values. Instead, it use a big integer hh as the hash of the input message.

4. ECC digital signature algorithm

We use kk to denote private key, PP to denote public key. So there must be

If we use hh to denote the hash of input data, WinRAR use the following algorithm to perform signing:

  1. Generate a random big integer RndRnd which satisfies RNDRND.

  2. Calculate rr

    where RNDGxRNDGx means we take X coordinate of RNDGRNDG and convert it from GF2p15p17-inlined GF2p15p17-inlined to a big integer.

    If r=0r=0 or rRndrRnd, go back to step 1.

  3. Calculate ss

    If s=0s=0, go back to step 1.

  4. Output (r,s)(r,s).

5. WinRAR private key generation algorithm

We use

to denote input data whose length is ll. WinRAR use it to generate private key kk.

  1. We use g0-5g0-5 to denote 6 32-bits-long integer. So there is

  2. Let g0=0g0=0.

  3. If l!=0l!=0, we calculate SHA1 value of TT. Then assign SHA1 state value SiSi to gi+1gi+1:

    Otherwise, when l=0l=0, we let

  4. Regard g0g0 as counter, add itself by 1.

    Calculate SHA1:

    We takes the lowest 16 bits of S0S0 and donote it as Kg0Kg0.

  5. Repeat step 4 again with 14 times.

  6. After that, we will get k1-15k1-15. Then output private key

6. The private key and public key of WinRAR

Private key kk is

This private key is generated by the algorithm describled in section 5 where the length of data TT is zero.

Public key PP is

7. Generation of "rarreg.key"

The generation of license file rarreg.key requires 2 arguments:

  1. Username, an ANSI-encoded string, without null-terminator. Denoted as

  2. License type, an ANSI-encoded string, without null-terminator. Denoted as

The following is the algorithm to generate rarreg.key.

  1. Use the algorithm describled in section 5, with argument UU, to generate private key kuku and public key pupu. Then output hexlified public key string with SM2 compressed public key format. The hexlified public key is denoted as TempTemp.

    The length of TempTemp should be 64. If less, pad with '0' until the length is 64.

  2. Let Data3Data3 be

  3. Use the algorithm describled in section 5, with argument Data3Data3, to generate private key kdata3kdata3 and public key pdata3pdata3. Then output hexlified public key string with SM2 compressed public key format. The hexlified public key is denoted as Data0Data0.

    The length of Data0Data0 should be 64. If less, pad with '0' until the length is 64.

  4. Let UIDUID be

  5. Use the algorithm describled in section 4, with argument LL and private key kk describled section 6, to get signature (rl,sl)(rl,sl).

    The bit length of rlrl and slsl shall not be more than 240. Otherwise, repeat this step.

  6. Convert rlrl and slsl to hex-integer string SZrlSZrl and SZslSZsl, without "0x" prefix.

    If the length of SZrlSZrl or SZslSZsl is less than 60, pad character '0' until the length is 60.

  7. Let Data1Data1 be

  8. Let TempTemp be

    Use the algorithm describled in section 4, with argument TempTemp and private key kk describled section 6, to get signature (rTemp,sTemp)(rTemp,sTemp).

    The bit length of rTemprTemp and sTempsTemp shall not be more than 240. Otherwise, repeat this step.

  9. Convert rTemprTemp and sTempsTemp to hex-integer string SZrTempSZrTemp and SZsTempSZsTemp, without "0x" prefix.

    If the length of SZrTempSZrTemp or SZsTempSZsTemp is less than 60, pad character '0' until the length is 60.

  10. Let Data2Data2 be

  11. Calculate CRC32 value of

    The final checksum the complement of CRC32 value.

    Then convert the checksum to decimal string SZchecksumSZchecksum. If the length is less than 10, pad character '0' until the length is 10.

  12. Let DataData be

  13. Output with format

    • A fixed header "RAR registration data", taking one line.

    • Username, taking one line.

    • License type, taking one line

    • UID, taking one line, with format:

    • Output DataData, with 54 characters a line.