Hardcoded md5 serial number crack

[LaDidi]

@TmC :
Calculate MD5 with your serial.
Change one MD5 hash with this one.
That's all.

[foosaa]

Quote:

Originally Posted by LaDidi

@TmC :
Calculate MD5 with your serial.
Change one MD5 hash with this one.
That's all.

Yes. This is the simplest attack you could do. Don't worry about cracking the hash. Attack the hash by replacing one the existing hash with a known hash.

If you find the location of the predefined hashes in the program, create a new MD5 hash of any string (say blablabla) and replace one of the hashes in the existing predefined hashes with the created hash and you are done. It should work unless there are any other checks that are based on the serial number.

If you would like to share the executable privately for patching, let me know and I'll see if I can help to patch it.

[TmC]

Quote:

Originally Posted by foosaa

It should work unless there are any other checks that are based on the serial number.

There is no problem with patching the program. (inlining rather than patching, since it is part of a suite that has also a hardware part and the hardware is checking for program integrity at startup).

Unfortunately, the serial is checked also when requesting updates through the update routine, and even patching the program wont pass the server check.

The serial is passed in cleartext so a patch that simply gives one random hash to check does not work.

[foosaa]

Quote:

Originally Posted by TmC

There is no problem with patching the program. (inlining rather than patching, since it is part of a suite that has also a hardware part and the hardware is checking for program integrity at startup).

Unfortunately, the serial is checked also when requesting updates through the update routine, and even patching the program wont pass the server check.

The serial is passed in cleartext so a patch that simply gives one random hash to check does not work.

Yup. Thought so. Would you mind sharing the program name in a PM? Thanks.