How to Register WinRAR with a Self-Generated
License File
GreenYun
February 17, 2023
1 Introduction
WinRAR is a file (un)archiving and (de)compressing program developed by
Eugene Roshal. Trial version of WinRAR can be downloaded and distributed
without cost. Sold and supported by win.rar GmbH, WinRAR is allowed to be
used in a 40-day test period. In case of expiry, a license should be purchased to
continue using the software (legally).
After a person/organization/company pay to win.rar GmbH, one will receive
a file named rarreg.key for registering the software. The file may be sent
within a CD or via email. To put the file and the installer together or to copy it
to the installation destination can complete the registration. (Refer the official
docs for more details.)
The proper way to register for a license file is pay to win.rar GmbH. Yet this
article will discuss the generation process of “rarreg.key”. (Valid from version
4.x till current.)
2 Prerequisites
To generate the license file, one must provide his name or the company name —
referred to as “Name”. Name containing characters other than ASCII characters
is discouraged. (May lead to wrong key.)
Another information is provided by the receipt after the payment. “License
Type” is a string that usually describes how many registered copies is autho-
rized. For instance, “Single PC usage license”, “1000 PC usage license”, etc.
3 A Variant of SHA-1 Algorithm
WinRAR adopted SHA-1 algorithm as message hash method. In general SHA-1
algorithm implementation, the digest S is combined with 5 state values as
S = S
0
S
1
S
2
S
3
S
4
1
where S
i
(i {0, 1, 2, 3, 4}) are 32-bit unsigned integers.
The extra step before generate S is doing byte-wise reverse for each S
i
. After
that, concatenate them as S, a 160-bit unsigned integer. Note that we will store
S or other data discussed below in big-endian (or network order) the most
significant byte in the front (or “on the left”).
3.1 Yet Another Variant
There is another SHA-1 function used by WinRAR with all initial state values
set to zero. This function is found as the only use to generate a secret numbers
with a zero-length string input, and the answer is
1050D90D0F27A54653461BD1B4E33C7C0FFD8D43
4 Digital Signature Algorithm
The digital signature algorithm (the DSA) used by WinRAR is a variant of the
SM2 digital signature algorithm.
4.1 The Composite Field
WinRAR chose a composite field of F
(2
15
)
17
, described as follows.
4.1.1 The Base Field
The base field of F
2
15
is generated by the primitive polynomial
B (x) = x
15
+ x + 1
where the coefficients are in F
2
.
a (x) F
2
15
,
a (x) = a
14
x
14
+ a
13
x
13
+ · · · + a
1
x + a
0
coefficients are combined as a 15-bit series, denoted as
a = a
14
a
13
· · · a
1
a
0
4.1.2 The Extension Field
The extension field of F
(2
15
)
17
is constructed by the primitive polynomial
E (x) = x
17
+ x
3
+ 1
where the coefficients are in finite field F
2
15
.
b (x) F
(2
15
)
17
,
b (x) = b
16
x
16
+ b
15
x
15
+ · · · + b
1
x + b
0
2
and b is denoted b as
b = b
16
b
15
· · · b
1
b
0
Note that, b
i
F
2
15
, i {0, 1, · · · , 15, 16}, which means b
i
can be translated
into a 15-bit series, and the total length of b is 15 × 17 = 255 bits.
4.2 The Elliptic Curve
The selected curve C is
y
2
+ xy = x
3
+ αx
2
+ β
where x, y, α, β F
(2
15
)
17
. WinRAR chose α = 0 and β = 161, and a base point
G C: (all numbers below are denoted as hexadecimal)
G = (x
G
, y
G
)
x
G
= 56FDCBC6A27ACEE0CC2996E0096AE74FEB1ACF220A2341B898B549440297B8CC
y
G
= 20DA32E8AFC90B7CF0E76BDE44496B4D0794054E6EA60F388682463132F931A7
And the order of G:
µ = 1026DD85081B82314691CED9BBEC30547840E4BF72D8B5E0D258442BBCD31
4.3 Key Generation
WinRAR use some string (ASCII) as seed to generate private–public key pair.
4.3.1 The Private Key
First, generate hash digest from the input message. Calculate the di-
gest for the input message if the length of input message is not zero, use the
method described in section 3. Assign the digest to g.
If zero-length string is input, directly assign
g = CDE43B4C6847B9D5DC5EF4A350265329EB3EB781
Now we treat g a 20-byte octet stream, (significant byte first,) and concate-
nate a counter c of a 32-bit unsigned integer after the last byte of g. We will
use to denote “concatenation”, which means a message M should be
M = g c
which is a 25-byte stream.
3
The loop strats by setting the counter c to 1. Send M as message to the
SHA-1 function described in section 3, and store the digest as S. Obviously, S
is a 20-byte octet stream, denoted as
S = S
19
S
18
· · · S
1
S
0
in network order, where S
i
(i {0, 1, · · · , 18, 19}) are the bytes.
Assume k is another octet stream, with zero-length before the loop starts.
The most least two bytes of S will be taken to append to the left side of k:
k = S
1
S
0
k
Repeat this process for 15 rounds, after each round increment c by 1 and
update to M.
If the digest after the i-time loop is denoted as S
i
, the final k after all 15
round will looks like:
k = S
15
1
S
15
0
S
14
1
S
14
0
· · · S
2
1
S
2
0
S
1
1
S
1
0
and this is the private key we generated.
To verify the key generator, check if an empty message input generates
k = k
0
, and k
0
described as follows:
k
0
= 59FE6ABCCA90BDB95F0105271FA85FB9F11F467450C1AE9044B7FD61D65E
4.3.2 The Public Key
As the base point G on the elliptic curve is known (section 4.2), the public key
is calculated by multiplying the private key k to the base point, according to
elliptic curve arithmetics
P = k · G
To verify if the key generator works well, generate P = P
0
from k
0
(which is described before), and check
P
0
= (x
P
, y
P
)
x
P
= 3861220ED9B36C9753DF09A159DFB148135D495DB3AF8373425EE9A28884BA1A
y
P
= 12B64E62DB43A56114554B0CBD573379338CEA9124C8443C4F50E6C8B013EC20
A public key compress method is used by the SM2 digital signature algo-
rithm. But WinRAR followed only some simplified steps:
1. Let P = (x
P
, y
P
) on the elliptic curve. if x
P
= 0, ˜y
P
= 0; or else ˜y
P
is the
most least (right-most) bit of e = y
P
· x
1
P
of the composite field F
(2
15
)
17
;
2. Concatenate x
P
and ˜y
P
and obtain the bit stream.
The compressed public key is denoted as
˜
P = x
P
˜y
P
4
4.4 The Signing Process
A message M is signed using a private key k, following these steps:
1. Pick a random number n, which satisfies 0 < n < µ;
2. Generate a digest h via the algorithm described in section 3, and extend
h by pushing the least 10 bytes of the secret number (described in 3.1) to
its left side, which has total 30 bytes and may looks like
h = 1BD1B4E33C7C0FFD8D43 Sha
1
(M)
3. For a point P = (x
P
, y
P
) on the elliptic curve, let X (P ) = x
P
, then
calculate
r X (n · G) + h mod µ
4. Check if either r = 0 or r + n = µ, go to step 1, else continue;
5. Calculate
s n k · r mod µ
6. Check if s = 0, go to step 1 or obtain signature (r, s).
5 The Generation of the Whole License
Assume the input message “Name” and “License Type” are denoted as U and
L, and follow the next steps to generate the license:
1. Follow the steps in section 4.3 to obtain private–public key pair with input
U, and convert to the compressed public key form
˜
P
U
;
2. Convert
˜
P
U
into hexadecimal string form, pad with 0 on the left side until
the length of the string is 64;
3. Split the string form of
˜
P
U
into two parts the first 48 characters (s
+
)
and the remainders (s
);
4. Let D
3
be a string that is constructed as follows:
D
3
= "60" s
+
where text between two double quotation mark is a string literal;
5. Follow the steps in section 4.3 to obtain private–public key pair with input
D
3
, and convert to the compressed public key form
˜
P
3
;
6. Convert
˜
P
3
into hexadecimal string form, pad with 0 on the left side until
the length of the string is 64, denoted as D
0
;
5
7. Let I be a 20-character string that is constructed as follows:
I = s
D
0,0
D
0,1
D
0,2
D
0,3
where D
0,i
is the ith character of the string D
0
;
(Note: In practice, WinRAR does not care the contents of I at all.)
8. Use the algorithm described in 4.4 with L as message input and k
0
as
private key input, obtain signature (r
L
, s
L
);
9. Convert r
L
and s
L
into hexadecimal string form, s
+
L
and s
L
, pad each
with 0 on its left side until both length are 60; (Remain unchanged if the
length is greater than 60)
10. Let D
1
be a string that is constructed as follows:
D
1
= "60" s
L
s
+
L
11. Construct a message string M
1
as
M
1
= U D
0
and sign it with private key k
0
, obtain (r
1
, s
1
);
12. Convert r
1
and s
1
into hexadecimal string form, s
+
1
and s
1
, pad each with
0 on its left side until both length are 60; (Remain unchanged if the length
is greater than 60)
13. Construct a string D
2
as
D
2
= "60" s
1
s
+
1
14. A CRC32 checksum is calculated using the message string
L U D
0
D
1
D
2
D
3
15. Convert the checksum into decimal string form s
c
, pad with 0 on the left
side until the length is 10;
16. Let l
0
, l
1
, l
2
and l
3
are the length of D
0
, D
1
, D
2
and D
3
, respectively, and
convert l
i
into decimal string forms s
l,i
;
17. Let D be a string constructed as follows:
D = s
l,0
s
l,1
s
l,2
s
l,3
D
0
D
1
D
2
D
3
s
c
5.1 Output
The first line: a string literal: "RAR registration data".
The second line: U .
The third line: L.
The fourth line: combined with a string literal "UID=" and I.
The following lines: D, which is separated into 7 lines, with the first 6 lines
consisting 54 characters each.
6
Reference
1. https://en.wikipedia.org/wiki/WinRAR
2. https://github.com/bitcookies/winrar-keygen
3. https://github.com/obaby/winrar-keygen
4. “GB/T 32918—2016: Information security technology—Public key cryp-
tographic algorithm SM2 based on elliptic curves”
7