/navicat-keygen

A keygen for Navicat

Primary LanguageC++GNU General Public License v3.0GPL-3.0

Navicat Keygen

This repository will tell you how Navicat offline activation works.

1. Keyword Explanation.

  • Navicat Activation Public Key

    It is a RSA-2048 public key that Navicat used to encrypt or decrypt offline activation information.

    It is stored in navicat.exe as a kind of resource called RCData. The resource name is "ActivationPubKey". You can see it by a kind of software Resource Hacker. The concrete content is:

    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I
    qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv
    a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF
    R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2
    WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt
    YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ
    awIDAQAB
    -----END PUBLIC KEY-----

    If you have the corresponding private key, please tell me. I would be very appreciated for your generous.

  • Request Code

    It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the offline activation information encrypted by Navicat Activation Public Key.

  • Offline Activation Request Information

    It is just a JSON-style ASCII string which contains 3 items. Respectively they are "K", "DI" and "P", which represent snKey, DeviceIdentifier (related with your machine), Platform (Appropriately speaking, it should be OS Type).

    Like:

    {"K": "xxxxxxxxxxxxxxxx", "DI": "yyyyyyyyyyyyy", "P": "WIN8"}

  • Activation Code

    It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the offline activation response information encrypted by Navicat Activation Private Key (so far, we don't know official activation private key).

  • Offline Activation Response Information

    Just like Offline Activation Request Information, it is also a JSON-style ASCII string. But it contains 5 items. Respectively they are "K", "N", "O", "T", 'DI'.

    "K" and "DI" has the same meaning mentioned in Offline Activation Request Information and must be same with the corresponding items in Offline Activation Request Information.

    "N", "O", "T" represent Name, Organization, Time respectively. Name and Organization are string and the type of Time can be string or integer (Thanks for discoveries from @Wizr, issue #10).

    "T" can be omitted.

  • snKey

    It is a 4-block-long string, while every block is 4-chars-long.

    snKey is generated by 10-bytes-long data. In order to explain it easily, I use data[10] to represent the 10-bytes-long data.

    1. data[0] and data[1] must be 0x68 and 0x2A respectively.

      May change when Navicat product changes. Uncertain yet.

    2. data[2], data[3] and data[4] can be any byte. Just set them whatever you want.

      May change when Navicat product changes. Uncertain yet. But it's very possible right.

    3. data[5] and data[6] are related with your Navicat product language. It depends.

      May change when Navicat product changes. Uncertain yet.
      Must change when Navicat product changes. Confirmed yet.

      For Navicat 12 x64 English version: They must be 0xAC and 0x88 respectively.
      For Navicat 12 x64 Simplified Chinese version: They must be 0xCE and 0x32 respectively.
      For Navicat 12 x64 Traditional Chinese version: They must be 0xAA and 0x99 respectively.
      For Navicat 11 x64 Simplified Chinese version: They must be 0xCE and 0x32 respectively.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that this two bytes are product signature.

    4. data[7] represents whether it is commercial license or non-commercial license.

      For Navicat 12 x64: 0x65 is commercial license, 0x66 is non-commercial license.
      For Navicat 11 x64: 0x15 is commercial license, 0x16 is non-commercial license.

      May change when Navicat product changes. Uncertain yet.
      Must change when version change.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that commercial license is Enterprise License and non-commercial license is Educational License.

    5. High 4 bits of data[8] represents version number. Low 4 bits is unknown, but we can use it to delay activation deadline. Possible value is 0000 or 0001.

      For Navicat 12 x64: High 4 bits must be 1100, which is the binary of number 12.
      For Navicat 11 x64: High 4 bits must be 1011, which is the binary of number 11.

      Must change when version change. Confirmed by Navicat 12 for Mac x64 with IDA Pro 7.0

    6. data[9] is unknown, but you can set it 0xFD or 0xFC or 0xFB if you want to use not-for-resale license.

      May change when Navicat product changes. Uncertain yet.

      According to Navicat 12 for Mac x64 version, what IDA 7.0 indicates is that:

      • 0xFB is Not-For-Resale-30-days license.
      • 0xFC is Not-For-Resale-90-days license.
      • 0xFD is Not-For-Resale-365-days license.
      • 0xFE is Not-For-Resale license.
      • 0xFF is Site license.

    After that. Navicat use DES with ECB mode to encrypt the last 8 bytes which are from data[2] to data[9].

    The DES key is:

    unsigned char DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 };

    Then encode the 10-bytes-long data: (Use Base32 encode if you just want a conclusion.)

    1. Regard data[10] as a 80-bits-long data.

      If data[10] starts with 0x68 and 0x2A, so the 80-bits-long data is 01011000 00101010......

    2. Divide the 80-bits-long data as 16 5-bits-long blocks.

      If data[10] starts with 0x68 and 0x2A, so the 80-bits-long data is 01011, 00000, 10101, 0...., ...

    3. So the value every block is less than 32. Map them by a encode-table:

      char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";

      Then you will get a 16-char-long string.

      If data[10] starts with 0x68 and 0x2A, so after encoded, it should starts with "N", "A", "V".

    4. Divide the 16-char-long string to four 4-chars-long blocks, Then you get snKey.

3. Activation Process

  1. Check whether sn_Key that user inputs is legal.

  2. After user clicks Activate, Navicat will start online activation first. If fails, user can choose offline activation.

  3. Navicat will use the snKey that user inputs and some information collected from user's machine to generate Offline Activation Request Information, then encrypt it by Navicat Activation Public Key and return Base64-encoded string as Request Code.

  4. In legal way, the Request Code should be sent to Navicat official activation server by a Internet-accessible computer. And Navicat official activation server will return a legal Activation Code.

    But now, we use keygen to play the official activation server's role.

    1. According to the Request Code, Get "DI" value and "K" value.

    2. Fill Offline Activation Response Information with "K" value, name, organization name and "DI" value.

    3. Encrypt Offline Activation Response Information by Navicat Activation Private Key and you will get 256-byte-long data.

    4. Encode 256-byte-long data by Base64. The result is Activation Code.

  5. Input Activation Code, then offline activation is done.

4. How to use

  1. Build patcher and keygen.

  2. Replace Navicat Activation Public Key in navicat.exe.
    Example:

    E:\GitHub\navicat-keygen\x64\Release>navicat-patcher.exe "D:\Program Files\PremiumSoft\Navicat Premium 12\navicat.exe"
    D:\Program Files\PremiumSoft\Navicat Premium 12\navicat.exe has been backed up.
    Public key has been replaced.
    Success!
    

    You will get RegPrivateKey.pem file at current directory.

  3. Then in console:

    E:\GitHub\navicat-keygen\x64\Release>navicat-keygen.exe RegPrivateKey.pem
    

    You will get a snKey and be asked to input your name and organization.
    Just input and then you will be asked to input the request code. Now DO NOT CLOSE KEYGEN.

  4. Disconnect network and open Navicat Premium, find and click Registration. Then input Registration Key by snKey that keygen gave. Then click Activate.

  5. Generally online activation will failed and Navicat will ask you do Manual Activation, just choose it.

  6. Copy your request code and paste it in keygen. Input empty line to tell keygen that your input ends.

  7. Then you will get activation code which looks like a Base64 string. Just copy it and paste it in Navicat Manual Activation window, then click Activate. If nothing is wrong, activation should be done successfully.