How to decrypt zip file password for mmi update?

mobista · Ср авг 28, 2019 12:03 am

pack:Zugversion>K3344</pack:Zugversion><pack:SdFormat>FAT32</pack:SdFormat><pack:SdType>SDHC</pack:SdType><pack:Capacity>8</pack:Capacity><pack:Svm>MHI2ER3344</pack:Svm><pack:Tpi/><pack:Remarks/><pack:Password>iXFWMxyg979jDEHSwqXi4Q==</pack:Password>

herr_frei · Ср авг 28, 2019 9:02 am

Try 9oH53Xh

mobista · Ср авг 28, 2019 9:45 am

Works great. Thanks!

Does anyone knows pass algo?

Lapkritinis · Чт авг 29, 2019 9:35 am

Hello, I was wondering how to do it on my own.
Password found in xml - is base64 encoded 16 bits hex.
That longer "zip password" is base64 encoded 32 bit hex. That could be AES256 encryption key, but even if I do use decrypt with IV all 00, I get some rubish in output.
Anyone can give some guidance?

PopDog · Чт авг 29, 2019 11:55 am

@Lapkitinis i got a not working copy of the SD Updater Folder (can't find the Installer anymore, there it started once but without a server i deinstalled and deleted it).
I opened a DLL File with disassembler. It was programmed in .NET.

Because i'm not familiar with programming, there I found something. (2-3 long strings which could be the key) but don't understand how it is used. Encryption and Decryption is there described and works over rijndaelmanagedv2 so possible some AES Encryption -> maybe AES256 with Base64 Encoding

Maybe a programming crack understands something and can build a quick n dirty tool.

First it starts something called - get_key and get_IV
when pressing there, it sends me somewhere, where this .ctor string is which you can find also down there after base64 string @MemoryStream:

then back to the normal script -> it sets the key, the IV and a Mode -> System.Security.Cryptography.CipherMode

then it starts something like this

call unsigned int8[] [mscorlib]System.Convert::FromBase64String(string)
newobj instance void [mscorlib]System.IO.MemoryStream::.ctor(unsigned int8[])
then it starts some action which can end in a red line to a script with a false command, or a green line with something other.

.ctor string sets following two things:

ldtoken valuetype __StaticArrayInitTypeSize=9 <PrivateImplementationDetails>::E8C040FA7AE8F580FCF9EDAB3EC4CDC003EF9775 <-- possible secret key?
call void [mscorlib]System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(class [mscorlib]System.Array, valuetype [mscorlib]System.RuntimeFieldHandle)
stloc.0
ldstr aFroahasshasvgh // "FRoaHAsSHAsVGhkLEhke" <-- possible the secret or other salting key?

Other possibility is try to Bruteforce the pass. I only got it working with JtR but for winzip it can only bruteforce over cpu which is very slow.
A zip2 and pkzip2 hash is extracted with zip2john. Other tool I use hashcat (can use gpu) don't accept the zip2 hash and pkzip2 is still in development and not in the official release still trying to build here something. but till now i don't had success with it, because other ppl cracking those passes before and I stop it.

Lapkritinis · Чт авг 29, 2019 3:08 pm

Thanks, but it didn't helped. Maybe you have some more info? It's not clear what encryption method was used, neither what was IV. E8C040FA7AE8F580FC F9EDAB3EC4CDC003EF9775 is 20 bytes length - not sure where to use that one.

sergey307 · Пт авг 30, 2019 11:03 am

Who knows password for 4M0906961CC?
pack:Password>k7sN2j2kAvcY3njoXhfDxw==</pack:Password>
I decripted to this one - lKoiof1&!jhfkij, but there is mistake, I don't know where exactly

romanesh · Пт авг 30, 2019 1:57 pm

Does anyone have the updates for VC 8S0906961AK ?
Please share.

У кого-нибудь есть обновления для VC 8S0906961AK ?
Пожалуйста, поделитесь.

congo · Пт авг 30, 2019 2:44 pm

https://mega.nz/#!s0gUSSYS!KWdJJuoMBmY- ... fjMHRcLamY

congo · Пт авг 30, 2019 2:47 pm

sergey307 писал(а):Who knows password for 4M0906961CC?
pack:Password>k7sN2j2kAvcY3njoXhfDxw==</pack:Password>

IKoiofl&!jhfkij

romanesh · Пт авг 30, 2019 4:33 pm

congo писал(а):https://mega.nz/#!s0gUSSYS!KWdJJuoMBmY- ... fjMHRcLamY

Thanks so much

sergey307 · Пт авг 30, 2019 5:33 pm

congo писал(а):IKoiofl&!jhfkij

Thanks a lot, two mistakes in my variant)) and I was unsure only in first symbol.

romanesh · Пт авг 30, 2019 8:58 pm

[h=2]Please Help decrypt DES(unix) password[/h]DES(unix)

YmGRVkkBszEF.

congo · Сб авг 31, 2019 11:06 am

Hm, dont have it. What is it from ?

romanesh · Сб авг 31, 2019 12:22 pm

congo писал(а):Hm, dont have it. What is it from ?

(0615) - Korea mib2 q7

car_driver · Пт сен 06, 2019 6:49 pm

Has anyone the Zip password for following file?

<pack:Name>4M0906961DF</pack:Name>
<pack:Password>tzrE/s61aCZ4T205/CfBcw==</pack:Password>[SUB][SUP]
[/SUP][/SUB]

jiangbo2571 · Сб сен 07, 2019 6:46 pm

D6sK8gV

car_driver · Вс сен 08, 2019 10:28 am

Thanks, it works!

jiangbo2571 писал(а):D6sK8gV

car_driver · Вс сен 08, 2019 10:29 am

[LEFT]Has anyone the Zip password for following files:

<pack:Name>4M0906961DQ</pack:Name>
<pack:Zugversion>MHI2_ER_AU57x_K2589</pack:Zugversion><pack:Password>7BjzYKGQ2bwVjpSJTnPgCw==</pack:Password>

and<pack:Id>4M0906961</pack:Id><pack:Zugversion>P0040</pack:Zugversion>
<pack:Password>37FUyv7jHYP+N9XZOggksVC750rKEMypY9vJVBirj/A=</pack:Password>

Thank you![SUB][/SUB][SUB][/SUB]
[/LEFT]

congo · Вс сен 08, 2019 10:45 am

Qcp9Bz6F
AudiSVM_Infotainmentupdate