-
Amazon Deals - ToS - Warp
EasySify
- Thread starter Bhaskar
- Start date
- Replies 93
- Views 39,074
ultra vires
O.o
posix ??? arnt u usin C# ??
Microsoft = BorgC# would require a 30+Mb install of .Net framework if i am not wrong.Its definately not one of the common schemes in use. Another thing that was bothering me was that it always generates fixed length strings, i.e 240. There fore padding is involved, but to what extent? I could be something really stupid as a message authentication scheme using One Time Pads.
boss, i dont have a sify connection but have you considered a statistical attack on that string? How about decompiling the EXEs and DLLs after identifying and isolating the encryption / decryption functions? How about API hooking to spy on its buffers?
What kind of statistical attack boss?
Thanks to IP, i got ES working. The newest version of ES is Build 377. You can download it from the ES website. http://easysify.sf.net A few improvements have been made. Change log follows:
Build 377
Changes from EasySify 1.1 Build 306
1) Fixed Login/Logout Problem
2) Fixed incorrect unit bug
3) Added Usage Monitor
4) Removed 7 Day usage
5) Revamped Graph
6) Added Embedded Graph
Thanks to IP, i got ES working. The newest version of ES is Build 377. You can download it from the ES website. http://easysify.sf.net A few improvements have been made. Change log follows:
Build 377
Changes from EasySify 1.1 Build 306
1) Fixed Login/Logout Problem
2) Fixed incorrect unit bug
3) Added Usage Monitor
4) Removed 7 Day usage
5) Revamped Graph
6) Added Embedded Graph
Thats only IF they are encrypting/decrypting. I think its just some kind of hash, they hash a set of variables and send it in cons string to the server, the server does the same (hashes the same vars in same order) and the two strings are compared.Ask yourself, if they were encrypting the data would they need to send the mac-address in cleartext form also? No, coz they could simply DECRYPT the cons to get it, isn't it?Now you may ask why only the mac, well because when all other variables change, the server has it stored. You change your password, the server saves it, your version number is sent in the very first post. So basically they have all other variables stored in their database, and updated if they change.Now consider the mac address, if that changes, which is quite possible and you request them to reset the one in their db and detect the new one, how are they supposed to do that? if the cons string is a HASH, hashing is a one way algorithm, hence they need the mac-address in clear text format.Thats why you can be sure that its a hash and not an encryption...
Hey tushar bro, i really dont know where you have studied computers, but doing attacks on Encrypted or hashed strings is an insane, time comsuming activity.Take SHA1 for example you have to generate atleast 2^80 strings of a given character set to find two that match. Ofcourse i know the next thing is you are going to start quoting the birthday paradox, trying to convince people that the number of strings that need to be generated is more manageable, but in reality it still doesnt work that way. Finding the initial vector for the hashing algorithms is not easy. MD5 for example was 4, 32 bit vectors (if my memory serves me correct). 32 Bits - 4 characters, how many 4 character combinations are you going to come up with. Not to mention that you will still need an exact copy of the plain text to compare.Next you dont know how the client & the server are synchronizing themselves. It could be they are passing strings that the client uses as the IV or they are just using timestamps. Who knows??I am not contesting your argument that the scheme is probably hashing, i suggested that myself early on. What i am trying to say is, encryption or hashing, both ways this is not going to be easy to crack.------------Hey StOLE, what with the 'L' Thing??? No offence bro, Stay out of this conversation if you dont have anything to contribute.
Well the idea isn't to actually find collisions, which is ofcourse insane, md5 is a 128 bit hashing algo. If we come to know what string/order/method they are using to create the hash, thats enough, isn't it? Then all we do is hash it all up and make the cons string. The problem is I have no idea how the f**k they come up with a 240 character string :?:, without modifying the base....I made absolutely no mention of finding collisions for the 240 character hex string, I have no idea where you getting that from :-|
damn it! DONT I EXIST? What have I been talking uptill this point? If the algo is a simple one like a XOR encryption then its easy to break but RSA, SHA1, AES are VERY difficult (impossible) to break. I agree.THAT is why I suggested API hooking... 😕
have u guys tried, running the program under a debugger and simulate a login session ...trap the jump to the dll....if the debugger is Olly/softice u will get the name of the api there it self...else u will have to look into the import table...as for max suggestion, its way easier to install breakpoints at "GetDlgItemText"....and if sify is smart...hook the "SendMessage"monitor all GET_TEXT call's....THIS is the point where the userid and password will be grabbed from textbox.....from there all u need to do is trace a jump to dll (which might carry algo) OR look for a series of instruction repeatting itself (which is i AGREE...A LONG SHOT!)(remmber to note the memory address where the userid and pwd maybe stored)i am not a cracker but i do debug my programs so...thats my suggestion!u guys know asm right? if some1 is going to try...i highly recommend softice! its much better than breaking algo's! 🙂