The activation of this app is so adorably cute I can not help but describe it somewhere.
The activation window inside the application just concatenates the E-Mail and the Order ID input fields and hashes them with md5.
import hashlib
email = b"me@example.com"
order_id = b"00001"
hashlib.md5(email + order_id).hexdigest()
The resulting hash is the activation key you have to enter as "Your Code". You don't even have to press "Get Code" for this to work.
I only describe the following part because it is so cute. It is irrelevant for activating Tazti.
The activation data gets stored in Mouse.ini which you can either find in the Tazti application folder or under C:\Users\<User>\AppData\Roaming\tazti
.
There are lots of strange keys inside this ini files but the only relevant categories are Yazoo
and Willamette
.
Yazoo
contains a key called Random
which is exactly that. Static random information which is never even updated anywhere.
And then there is Willamette
. It contains a key called Tillamook
which contains a bunch of random data (including the Yazoo Random value) combined with the email and order id encrypted with RC2.
I am not kidding you. It uses the static key 1tusca5l
and an initial IV of rj7s
.
The entire thing is trying so hard to be hard to decrypt and with only the config this would indeed be pretty difficult to do. But the entire application is written in .Net and no obfuscation whatsoever has been applied to it.