Skip to content

Instantly share code, notes, and snippets.

@BluBb-mADe

BluBb-mADe/tazti.md

Last active August 4, 2023 19:37
Show Gist options
  • Save BluBb-mADe/e87e2e9381822c7d73c0ee181edc11dc to your computer and use it in GitHub Desktop.
Save BluBb-mADe/e87e2e9381822c7d73c0ee181edc11dc to your computer and use it in GitHub Desktop.
Download ZIP
Tazti 3.x License Key activation
Raw
tazti.md

The activation of this app is so adorably cute I can not help but describe it somewhere.

The activation window inside the application just concatenates the E-Mail and the Order ID input fields and hashes them with md5.

import hashlib
email = b"me@example.com"
order_id = b"00001"
hashlib.md5(email + order_id).hexdigest()

The resulting hash is the activation key you have to enter as "Your Code". You don't even have to press "Get Code" for this to work.

I only describe the following part because it is so cute. It is irrelevant for activating Tazti.

The activation data gets stored in Mouse.ini which you can either find in the Tazti application folder or under C:\Users\<User>\AppData\Roaming\tazti. There are lots of strange keys inside this ini files but the only relevant categories are Yazoo and Willamette. Yazoo contains a key called Random which is exactly that. Static random information which is never even updated anywhere. And then there is Willamette. It contains a key called Tillamook which contains a bunch of random data (including the Yazoo Random value) combined with the email and order id encrypted with RC2. I am not kidding you. It uses the static key 1tusca5l and an initial IV of rj7s.

The entire thing is trying so hard to be hard to decrypt and with only the config this would indeed be pretty difficult to do. But the entire application is written in .Net and no obfuscation whatsoever has been applied to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment