Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Share dump key #11

Open
revengemanx opened this issue May 27, 2020 · 7 comments
Open

Share dump key #11

revengemanx opened this issue May 27, 2020 · 7 comments

Comments

@revengemanx
Copy link

Hi every one ,
I have some game without keychip and i wanted to rekey them To use them . If someone can share them thx .
Keys are : sddy and sdcu .
@ArcadeHustle
Copy link
Owner

Have you considered simply using the TrueCrypt key dumper that we provided?
https://github.com/ArcadeHustle/RingEdge_NoKey_softmod/tree/master/TrueCrypt-win32_keydump

@revengemanx
Copy link
Author

revengemanx commented May 27, 2020
edited
Loading

This key dumper works without keychip plug on the ring ?

@ArcadeHustle
Copy link
Owner

Truecrypt is still used by the underlying system, and TrueCrypt keys are still passed, even though the physical keychip is not queried.

@ArcadeHustle
Copy link
Owner

Don't forget the EWF is active, and you need to grab the keys before powering down the drive. Hot Swap works fine. Make sure you've replaced the original truecrypt executables with the dumper. Then #Profit.

@revengemanx
Copy link
Author

it doesnt work for me sure im doing something wrong .
i replaced all truecrypt files in windows system32 and minint /system32 truecrypt files
i put the keydump.patch with theses
i unplug the sata cable and plug it in my computer i see files drive is unlocked but no key files in c:

maybe i unplug to late or something else

@francky06l
Copy link

francky06l commented Jul 17, 2020
edited
Loading

The patched TrueCrypt is confusing somehow.
When reading the patch file you can see

snprintf(filepath, sizeof(filepath), "C:\\keyfile_%d.bin\0 EDIT PATH HERE", asd);

On the binary patched exe, the "EDIT PATH HERE" is D:\keyfile_%d. So the files are dumped on D drive root.
I was also confused, but a quick disassembly let me find out. I made a patch or the patch to dump on C:
F.

@alcohime
Copy link

On the binary patched exe, the "EDIT PATH HERE" is D:\keyfile_%d. So the files are dumped on D drive root.
I was also confused, but a quick disassembly let me find out. I made a patch or the patch to dump on C:
F.

Thank you very much for this. I was using the patched truecrypt with RE2 and was wondering why I wasn't getting keyfiles at all - (I had to resort to the other method of disabling mxprestartup and accessing windows through systemuser). From Windows I could see that there was not always a D: drive, partition 2 would sometimes mount as Z: and sometimes it wouldn't mount at all!

Suggest patching truecrypt so it dumps to root of C.

Cheers.

@Jacotyl Jacotyl mentioned this issue Oct 9, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@francky06l @revengemanx @ArcadeHustle @alcohime