0x51 rejection - 0x101 - need help.

[Arta]

Oh, didn't realise that. Assumed decoding was comparable to hashing.

This is Starcraft, both values are DWORDs.

[K]

Retrieving the actual key from the decoded values is very easy, comparable to decoding the key in the first place. Not a big brute force task or anything like that. What game is this about? What's the size of val2?

Really? Seems like re-encoding a cdkey would be fairly difficult...

[K]

how long does it take him to brute value2 + the server salt?  I'm just wondering if this is worth anyone's time to do.

(System: Athlon XP 2000+, 512mb RAM)
Did a test with my own Diablo 2 cd key from an old packet log.  Since they included the server token, brute forcing just value 2 didn't take *that* long.  My program took 16.2 seconds to try 0x01000000 values, so it would take around 1 hour and 17 minutes to try all the possible values.  Wouldn't even want to guess if it didn't include the server token.

[Adron]

Well, it's not even that hard. If this is Starcraft, the unknown is just three decimal digits. Say 10 bits. The server seed is 32 bits. Total 42 bits, or 4.4e12 operations. Running at 1 GHz thus a bit over 1 hour worst case time for each cpu cycle/loop your optimized brute forcing algorithm needs.