Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 09-17-2022, 09:41
TempoMat TempoMat is offline
Friend
 
Join Date: Jan 2006
Posts: 86
Rept. Given: 10
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 25 Times in 18 Posts
TempoMat Reputation: 6
Quote:
Originally Posted by TmC View Post
The 3 dashes are always there, they are known chars.
Don't understand
I meant the chaining values i.e.
0x67452301, 0xEFCDAB89, 0x98BADCFE and 0x10325476.

I have for instance seen at least a program using the following chaining values instead
0X1234567, 0X89ABCDEF, 0XBA98FEDC and 0X76504321
Reply With Quote
  #17  
Old 09-17-2022, 21:38
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 643
Rept. Given: 21
Rept. Rcvd 43 Times in 26 Posts
Thanks Given: 592
Thanks Rcvd at 971 Times in 440 Posts
chants Reputation: 43
So it looks like you want to do a first pre image attack on MD5.

Wait a second if they are chaining, that opens up a whole new set of opportunities. Why not look into length extension attack and such. You need to explain what is meant by "chaining" in mathematical detail e.g. h(h(bytes[12:16])^bytes[8:12]) where ^ is xor or even concatenation.

The time it takes to handle a group of 4 !!!! Should then based on that list for the final combos be the time per final pair to get the next to last combo etc.

If you want to pass remote validation checks, it may still be impossible as they may further reduced the allowable set or notice unusual activity ertc, no guarantees.
Reply With Quote
  #18  
Old 09-18-2022, 04:55
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 326
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by TempoMat View Post
I meant the chaining values i.e.
0x67452301, 0xEFCDAB89, 0x98BADCFE and 0x10325476.

I have for instance seen at least a program using the following chaining values instead
0X1234567, 0X89ABCDEF, 0XBA98FEDC and 0X76504321
Nope. They are inserted as plain string (e.g. 9a4df789abe345a902971c9826734ed1). What you type is md5ed as a string and the two are compared. If the md5 value is found in the list, then what you typed is valid.
Reply With Quote
  #19  
Old 09-18-2022, 12:26
UWT UWT is offline
Friend
 
Join Date: Mar 2022
Posts: 5
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
UWT Reputation: 0
@TmC

The way for you is brute force attack, if you know some values you can customize your own mask, but from now on you will need time to complete your test. A few months ago I came across something similar and I was able to develop a c++ program for this, but it takes time to compute for a 10-character password (around 8 hours), although your start seed is small and knowing the mask it may take less time. The easy way was to substitute the MD5 Hash but I already saw that you need to connect to the server and a valid serial number.
If you want and you can give me the private mask and at least one valid MD5 hash and we will see.

Regards,
UWT

pd. I remember in one of my projects that the hardcodes were the ones on the blacklist.

Last edited by UWT; 09-27-2022 at 06:37. Reason: Add information
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 23:03.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )