@r4e
I think and in Windows 10 has it.

 

Just quickly checked their Activation Manager Unlocker b6.



They use makecert to create their certificate named SMTG.cer (or copy it from the password protected tmp.zip file),
then certmgr to add it to the system as root certificate (using the command -add SMTG.cer -s -r localMachine ROOT)
and then the signtool to sign it to the name "Steinberg Media Technologies GmbH".

So if you're currently looking for VR's cert, it's most likely hidden under the name "Steinberg Media Technologies GmbH".

 

It's not that I don't trust VR (not less than MS at least) but they should do something like that more publicly.

 

Yeap. Ok. That one is there. Must be there for a reason. But it doesn't really matter. No internet on those machines. So it must use that locally to fulfill some requirement the steiny stuff has in order to run properly. It's a don't care really...

 

Reminder:
This thread topic is
What risks are you taking by having the R2R Root Certificate installed on your machine?

Not a general discussion about cracked vs Legit, which would be stupid anyway, as it depends of which developer and which cracker.

So please, keep it in topic and educated. Thank you.

 

OK, I'm back two days later and wow... 4 pages worth of replies.

I wanna thank everybody who tried to help me by providing interesting info, sources and overall facts. Most notably @Granular, @twoheart, @r4e and @stopped. Thank you guys!

I have decided to install the certificate.
I feared that the intended purposes listed in certmgr.msc are purely "cosmetic" and, even though the certificate is listed for only code signing, there are no actual limitations to what a certificate is allowed to be used for. This is not the case from what I've gathered. INTENDED PURPOSES = PERMISSIONS.

Even though you are taking actual risks by installing the R2R certificate which others have pointed out, they are, now, much more mild than I initially though. Nice, Team R2R!
Which I can't say about another scene group, Team V.R.
People have pointed out that they silently install their certificate, which as well is used for bypassing, without the user's notice which has ALL of the intended purposes enabled (the only ones who should have this level of permission are microsoft related certificates). Now, I hear from @r4e, that they package tools with their releases that are used to make a "bootleg" Steinberg certificate which they also install silently. I don't know about the permissions enabled on the latter, can somebody tell me?

So, I guess yeah, that's solved.
Hopefully somebody who is going to have the same dilemma as me can solve it just by looking at this thread as it is now.

 

Last edited: Oct 31, 2023

I think for Steinberg products a certificate is required to get them running correctly,
probably because of some internal legitimacy checks or so.

In the beginning (after Steinberg dropped the dongle protection) there was also a release that
worked without an installed cert but that just appeared once so I think it works more flawless
with the checks enabled and a matching certificate on the machine.

Therefore either R2R or VR have to install a certificate for Steinberg products.
I only disliked, that VR didn't tell anyone while R2R showed full transparency
and let the potential users decide wether they want to install it or not.

Since this behaviour seems quite trustworthy to me, I'd say there are very low to none
risks to install R2R's root certificate.

 

Last edited: Oct 31, 2023

Was just about to write that before you edited your comment, adding much more info.

R2R > V.R in this regard

 

OK, as OP answered and some people cant refrain to reproduce BS off topic generalities about cracked software, I have no other choice than to close this thread.