Hardcoded md5 serial number crack

[TmC]

Quote:

Originally Posted by TempoMat

Sholdn't the number of conbinations be 36^19, if the password format ist given as !!!!-!!!!-!!!!-!!!!?
Or are the 3 dashes removed from the password before the MD5 Hash.

The 3 dashes are always there, they are known chars.

Quote:

Originally Posted by TempoMat

Just a dumb question: Are the MD5 init variables the standard ones?

Don't understand

[Jupiter]

When I saw title of this thread ("Hardcoded md5 serial number crack") my first thought was "COLLISIONS". But no one mentioned MD5 collisions yet.

It's better to threat serial number as bytes (not as text) to successfully implement an attack.

You can find appropriate MD5 collision sources at GitHub, for example:
MD5 collision

Quote:

Originally Posted by TmC

Don't understand

May be he means MD5 initial values from reference implementation.

[TmC]

Quote:

Originally Posted by Jupiter

When I saw title of this thread ("Hardcoded md5 serial number crack") my first thought was "COLLISIONS". But no one mentioned MD5 collisions yet.

It's better to threat serial number as bytes (not as text) to successfully implement an attack.

You can find appropriate MD5 collision sources at GitHub, for example:
MD5 collision



May be he means MD5 initial values from reference implementation.

They are plain MD5 textual hashes like MD5(Serial) = Hash

[TempoMat]

Quote:

Originally Posted by TmC

The 3 dashes are always there, they are known chars.
Don't understand

I meant the chaining values i.e.
0x67452301, 0xEFCDAB89, 0x98BADCFE and 0x10325476.

I have for instance seen at least a program using the following chaining values instead
0X1234567, 0X89ABCDEF, 0XBA98FEDC and 0X76504321

[TmC]

Quote:

Originally Posted by TempoMat

I meant the chaining values i.e.
0x67452301, 0xEFCDAB89, 0x98BADCFE and 0x10325476.

I have for instance seen at least a program using the following chaining values instead
0X1234567, 0X89ABCDEF, 0XBA98FEDC and 0X76504321

Nope. They are inserted as plain string (e.g. 9a4df789abe345a902971c9826734ed1). What you type is md5ed as a string and the two are compared. If the md5 value is found in the list, then what you typed is valid.

[UWT]

@TmC

The way for you is brute force attack, if you know some values you can customize your own mask, but from now on you will need time to complete your test. A few months ago I came across something similar and I was able to develop a c++ program for this, but it takes time to compute for a 10-character password (around 8 hours), although your start seed is small and knowing the mask it may take less time. The easy way was to substitute the MD5 Hash but I already saw that you need to connect to the server and a valid serial number.
If you want and you can give me the private mask and at least one valid MD5 hash and we will see.

Regards,
UWT

pd. I remember in one of my projects that the hardcodes were the ones on the blacklist.