Skip to content

chenrylee/navicat-keygen

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
navicat-keygen
navicat-keygen
 
 
navicat-patcher
navicat-patcher
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
navicat-keygen.sln
navicat-keygen.sln
 
 

Repository files navigation

Navicat Keygen

This repository will tell you how Navicat offline activation works.

1. Keyword Explanation.

  • Navicat Activation Public Key

    It is a RSA-2048 public key that Navicat used to encrypt or decrypt offline activation information.

    It is stored in navicat.exe as a kind of resource called RCData. The resource name is "ActivationPubKey". You can see it by a kind of software Resource Hacker. The concrete content is:

    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I
    qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv
    a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF
    R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2
    WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt
    YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ
    awIDAQAB
    -----END PUBLIC KEY-----

    If you have the corresponding private key, please tell me. I would be very appreciated for your generous.

  • Request Code

    It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the offline activation information encrypted by Navicat Activation Public Key.

  • Offline Activation Request Information

    It is just a JSON-style ASCII string which contains 3 items. Respectively they are "K", "DI" and "P", which represent snKey, checksum (related with your machine and OS), Platform (Appropriately speaking, it should be OS Type).

    Like:

    {"K": "xxxxxxxxxxxxxxxx", "DI": "yyyyyyyyyyyyy", "P": "WIN8"}

  • Activation Code

    It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the offline activation response information encrypted by Navicat Activation Private Key (so far, we don't know official activation private key).

  • Offline Activation Response Information

    Just like Offline Activation Request Information, it is also a JSON-style ASCII string. But it contains 5 items. Respectively they are "K", "N", "O", "T", 'DI'.

    "K" and "DI" has the same meaning mentioned in Offline Activation Request Information and must be same with the corresponding items in Offline Activation Request Information.

    "N", "O", "T" represent Name, Organization, Time respectively. Name and Organization are string and the type of Time is unknown.

    "T" can be omitted.

  • snKey

    It is a 4-block-long string, while every block is 4-chars-long.

    snKey is generated by 10-bytes-long data. In order to explain it easily, I use data[10] to represent the 10-bytes-long data.

    1. data[0] and data[1] must be 0x68 and 0x2A respectively.

      May change when Navicat product changes. Uncertain yet.

    2. data[2], data[3] and data[4] can be any byte. Just set them whatever you want.

      May change when Navicat product changes. Uncertain yet. But it's very possible right.

    3. data[5] and data[6] are related with your Navicat product language. It depends.

      May change when Navicat product changes. Uncertain yet.
      Must change when Navicat product changes. Confirmed yet.

      For Navicat 12 x64 Simplified Chinese version: They must be 0xCE and 0x32 respectively.
      For Navicat 12 x64 Traditional Chinese version: They must be 0xAA and 0x99 respectively.
      For Navicat 11 x64 Simplified Chinese version: They must be 0xCE and 0x32 respectively.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that this two bytes are product signature.

    4. data[7] represents whether it is commercial license or non-commercial license.

      For Navicat 12 x64: 0x65 is commercial license, 0x66 is non-commercial license.
      For Navicat 11 x64: 0x15 is commercial license, 0x16 is non-commercial license.

      May change when Navicat product changes. Uncertain yet.
      Must change when version change.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that commercial license is Enterprise License and non-commercial license is Educational License.

    5. High 4 bits of data[8] represents version number. Low 4 bits is unknown, but we can use it to delay activation deadline. Possible value is 0000 or 0001.

      For Navicat 12 x64: High 4 bits must be 1100, which is the binary of number 12.
      For Navicat 11 x64: High 4 bits must be 1011, which is the binary of number 11.

      Must change when version change. Confirmed by Navicat 12 for Mac x64 with IDA Pro 7.0

    6. data[9] is unknown, but you can set it 0xFD or 0xFC or 0xFB if you want to use not-for-resale license.

      May change when Navicat product changes. Uncertain yet.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that:

      • 0xFB is Not-For-Resale-30-days license.
      • 0xFC is Not-For-Resale-90-days license.
      • 0xFD is Not-For-Resale-365-days license.
      • 0xFE is Not-For-Resale license.
      • 0xFF is Site license.

    After that. Navicat use DES with ECB mode to encrypt the last 8 bytes which are from data[2] to data[9].

    The DES key is:

    unsigned char DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 };

    Then encode the 10-bytes-long data: (Use Base32 encode if you just want a conclusion.)

    1. Regard data[10] as a 80-bits-long data.

      If data[10] starts with 0x68 and 0x2A, so the 80-bits-long data is 01011000 00101010......

    2. Divide the 80-bits-long data as 16 5-bits-long blocks.

      If data[10] starts with 0x68 and 0x2A, so the 80-bits-long data is 01011, 00000, 10101, 0...., ...

    3. So the value every block is less than 32. Map them by a encode-table:

      char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";

      Then you will get a 16-char-long string.

      If data[10] starts with 0x68 and 0x2A, so after encoded, it should starts with "N", "A", "V".

    4. Divide the 16-char-long string to four 4-chars-long blocks, Then you get snKey.

3. Activation Process

  1. Check whether sn_Key that user inputs is legal.

  2. After user clicks Activate, Navicat will start online activation first. If fails, user can choose offline activation.

  3. Navicat will use the snKey that user inputs and some information collected from user's machine to generate Offline Activation Request Information, then encrypt it by Navicat Activation Public Key and return Base64-encoded string as Request Code.

  4. In legal way, the Request Code should be sent to Navicat official activation server by a Internet-accessible computer. And Navicat official activation server will return a legal Activation Code.

    But now, we use keygen to play the official activation server's role.

    1. According to the Request Code, Get "DI" value and "K" value.

    2. Fill Offline Activation Response Information with "K" value, name, organization name and "DI" value.

    3. Encrypt Offline Activation Response Information by Navicat Activation Private Key and you will get 256-byte-long data.

    4. Encode 256-byte-long data by Base64. The result is Activation Code.

  5. Input Activation Code, then offline activation is done.

About

A keygen for Navicat

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%