EasySify

Bhaskar

Regular
Messages
159
Location
NA
What kind of statistical attack boss?

Thanks to IP, i got ES working. The newest version of ES is Build 377. You can download it from the ES website. http://easysify.sf.net A few improvements have been made. Change log follows:

Build 377
Changes from EasySify 1.1 Build 306

1) Fixed Login/Logout Problem
2) Fixed incorrect unit bug
3) Added Usage Monitor
4) Removed 7 Day usage
5) Revamped Graph
6) Added Embedded Graph
 

max

Regulars
Messages
2,762
Location
NA
ISP
MTNL
dont know. i am not familiar to such techniques...
 

Bhaskar

Regular
Messages
159
Location
NA
Trust me, i had cryptography as a term subject. Its not easy to break. Even if we know what they used, it still wont be easy to break.
 

Tushar

Regular
Messages
341
Location
NA
Thats only IF they are encrypting/decrypting. I think its just some kind of hash, they hash a set of variables and send it in cons string to the server, the server does the same (hashes the same vars in same order) and the two strings are compared.Ask yourself, if they were encrypting the data would they need to send the mac-address in cleartext form also? No, coz they could simply DECRYPT the cons to get it, isn't it?Now you may ask why only the mac, well because when all other variables change, the server has it stored. You change your password, the server saves it, your version number is sent in the very first post. So basically they have all other variables stored in their database, and updated if they change.Now consider the mac address, if that changes, which is quite possible and you request them to reset the one in their db and detect the new one, how are they supposed to do that? if the cons string is a HASH, hashing is a one way algorithm, hence they need the mac-address in clear text format.Thats why you can be sure that its a hash and not an encryption...
 

St0le

The Funny One
Messages
758
Location
NA
ISP
MTNL
so tushar, which means i cant use MY OWN sify account on any other computer except the one which they installed it! (MAC Addr is differnt on diff Comp)if that is true...gotta say...not something the internet was built for!EDIT: Sorry Bhaskar! Phorgive Me! :)
 

Bhaskar

Regular
Messages
159
Location
NA
Hey tushar bro, i really dont know where you have studied computers, but doing attacks on Encrypted or hashed strings is an insane, time comsuming activity.Take SHA1 for example you have to generate atleast 2^80 strings of a given character set to find two that match. Ofcourse i know the next thing is you are going to start quoting the birthday paradox, trying to convince people that the number of strings that need to be generated is more manageable, but in reality it still doesnt work that way. Finding the initial vector for the hashing algorithms is not easy. MD5 for example was 4, 32 bit vectors (if my memory serves me correct). 32 Bits - 4 characters, how many 4 character combinations are you going to come up with. Not to mention that you will still need an exact copy of the plain text to compare.Next you dont know how the client & the server are synchronizing themselves. It could be they are passing strings that the client uses as the IV or they are just using timestamps. Who knows??I am not contesting your argument that the scheme is probably hashing, i suggested that myself early on. What i am trying to say is, encryption or hashing, both ways this is not going to be easy to crack.------------Hey StOLE, what with the 'L' Thing??? No offence bro, Stay out of this conversation if you dont have anything to contribute.
 


Tushar

Regular
Messages
341
Location
NA
Well the idea isn't to actually find collisions, which is ofcourse insane, md5 is a 128 bit hashing algo. If we come to know what string/order/method they are using to create the hash, thats enough, isn't it? Then all we do is hash it all up and make the cons string. The problem is I have no idea how the f**k they come up with a 240 character string :?:, without modifying the base....I made absolutely no mention of finding collisions for the 240 character hex string, I have no idea where you getting that from :-|
 

Bhaskar

Regular
Messages
159
Location
NA
if you cannt recreate the exact plaintext string (which we are unable to, we just have the possible payload string), then its quite logical to assume that you will be finding collisions.Never mind, lets not argue. We are both on the same side. :D
 

max

Regulars
Messages
2,762
Location
NA
ISP
MTNL
damn it! DONT I EXIST? What have I been talking uptill this point? If the algo is a simple one like a XOR encryption then its easy to break but RSA, SHA1, AES are VERY difficult (impossible) to break. I agree.THAT is why I suggested API hooking... :confused:
 

St0le

The Funny One
Messages
758
Location
NA
ISP
MTNL
have u guys tried, running the program under a debugger and simulate a login session ...trap the jump to the dll....if the debugger is Olly/softice u will get the name of the api there it self...else u will have to look into the import table...as for max suggestion, its way easier to install breakpoints at "GetDlgItemText"....and if sify is smart...hook the "SendMessage"monitor all GET_TEXT call's....THIS is the point where the userid and password will be grabbed from textbox.....from there all u need to do is trace a jump to dll (which might carry algo) OR look for a series of instruction repeatting itself (which is i AGREE...A LONG SHOT!)(remmber to note the memory address where the userid and pwd maybe stored)i am not a cracker but i do debug my programs so...thats my suggestion!u guys know asm right? if some1 is going to try...i highly recommend softice! its much better than breaking algo's! :)