On Thu, 28 Jun 2007 16:06:05 +0200, R.S. <[EMAIL PROTECTED]> wrote: >I think you shouldn't expect 'cracks & codes' page for z/software. Not to much private mainframe owners interested in illegal operations, and much less of them interested in contributing those 'cracks' to everyone. >Much simpler (and usually *legal*) would be to share some service passwords for hardware - I googled for some of them - found no reference.
Many are documented in the mainstream hardware publications. >Last but not least: how many TRIED to break any key on mainframe ? Well I sort of tried once, just out of curiosity. There seem to be two basic forms of keys I've seen in mainframe products (and on other platforms too): One is a longish key that in itself contains the licence information, i.e. enables some mix of product features, and possibly contains an encrypted CPU id, etc. This key is entirely opaque, and is presumably decrypted by the software to find out the operating parameters. The other is a plain text licence of some sort, plus a signature or hash so that the recipient can't just change the plaintext portion. Often the plaintext is long, and the signature is pretty short. Or sometimes the signature is public-key based, and is typically quite a bit longer. Regardless, if you make a one-bit change to the plaintext portion (say, have the vendor correct a one character spelling error in the company address), typically the signature changes a lot. Some of our own products use an XML file that can get quite wordy, with a 128 byte signature. But no one is asked to cut & paste this; you just install the shipped licence file and go. What I idly looked into "breaking" (i.e. by eyeballing) was a licence key that contains some plain text (CPU serial, features, date) plus a not-too-long magic hex string. I just happened to have a few of these keys in a file from several years worth of updates, and noticed that the hex string changes very little with small predictable changes in e.g. the date. So it clearly is not strongly encrypted, because one would expect the string to change radically with even a tiny change in the input. Yet the string isn't long enough to contain the CPU serial or much else, so I suspect extremely weak hashing. It looks like a puzzle worthy of a weekend newspaper, but the few minutes I spent wasn't enough. And no, I am not going to send out the list for others to play with. Now I'll expect some bogus extraterritorial DMCA notice from each of a bunch of companies who think theirs is the key in question. :-) Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
