View Single Post
  #1  
Old 02-08-2006, 03:41
cnbragon/iPB
 
Posts: n/a
Smile Sth. about InnoSetup's passwords

the apps' setup program which use InnoSetup, set a password protection.
when install the apps,they will display a Password Dialog which need u to input the correct password which was set by the apps' author.
The setup program will create two folder named just like is-*****.tmp
at "%Temp%\Local Settings\Temp", in which there is a is-*****.tmp file,
it is the CheckPassword routine in.
Innosetup will use MD5 Algorithm to hash the password as follows:
pad the message first with "PasswordCheckHash" , then with
PHP Code:
"0x91,0xA1,0x 96,0xDC,0x8C,0x56,0x98"
the last is the password which we input.
After been hashed, it will compare the hash string with a const string which is the correct password's hash string.
It seems that the correct password's hash string was set by Innosetup when make install program.
So the problem is that can we get the correct password except for brute force?
anyone get an idea?
sorry for my poor English.

regards

Last edited by cnbragon/iPB; 02-08-2006 at 14:39.
Reply With Quote