Страница 2 из 5
Добавлено: Ср авг 28, 2019 12:03 am
mobista
pack:Zugversion>K3344</pack:Zugversion><pack:SdFormat>FAT32</pack:SdFormat><pack:SdType>SDHC</pack:SdType><pack:Capacity>8</pack:Capacity><pack:Svm>MHI2ER3344</pack:Svm><pack:Tpi/><pack:Remarks/><pack:Password>iXFWMxyg979jDEHSwqXi4Q==</pack:Password>
Добавлено: Ср авг 28, 2019 9:02 am
herr_frei
Try 9oH53Xh
Добавлено: Ср авг 28, 2019 9:45 am
mobista
Works great. Thanks!
Does anyone knows pass algo?
Добавлено: Чт авг 29, 2019 9:35 am
Lapkritinis
Hello, I was wondering how to do it on my own.
Password found in xml - is base64 encoded 16 bits hex.
That longer "zip password" is base64 encoded 32 bit hex. That could be AES256 encryption key, but even if I do use decrypt with IV all 00, I get some rubish in output.
Anyone can give some guidance?
Добавлено: Чт авг 29, 2019 11:55 am
PopDog
@Lapkitinis i got a not working copy of the SD Updater Folder (can't find the Installer anymore, there it started once but without a server i deinstalled and deleted it).
I opened a DLL File with disassembler. It was programmed in .NET.
Because i'm not familiar with programming, there I found something. (2-3 long strings which could be the key) but don't understand how it is used. Encryption and Decryption is there described and works over rijndaelmanagedv2 so possible some AES Encryption -> maybe AES256 with Base64 Encoding
Maybe a programming crack understands something and can build a quick n dirty tool.
First it starts something called - get_key and get_IV
when pressing there, it sends me somewhere, where this .ctor string is which you can find also down there after base64 string @MemoryStream:
then back to the normal script -> it sets the key, the IV and a Mode -> System.Security.Cryptography.CipherMode
then it starts something like this
call unsigned int8[] [mscorlib]System.Convert::FromBase64String(string)
newobj instance void [mscorlib]System.IO.MemoryStream::.ctor(unsigned int8[])
then it starts some action which can end in a red line to a script with a false command, or a green line with something other.
.ctor string sets following two things:
ldtoken valuetype __StaticArrayInitTypeSize=9 <PrivateImplementationDetails>::E8C040FA7AE8F580FCF9EDAB3EC4CDC003EF9775 <-- possible secret key?
call void [mscorlib]System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(class [mscorlib]System.Array, valuetype [mscorlib]System.RuntimeFieldHandle)
stloc.0
ldstr aFroahasshasvgh // "FRoaHAsSHAsVGhkLEhke" <-- possible the secret or other salting key?
Other possibility is try to Bruteforce the pass. I only got it working with JtR but for winzip it can only bruteforce over cpu which is very slow.
A zip2 and pkzip2 hash is extracted with zip2john. Other tool I use hashcat (can use gpu) don't accept the zip2 hash and pkzip2 is still in development and not in the official release still trying to build here something. but till now i don't had success with it, because other ppl cracking those passes before and I stop it.
Добавлено: Чт авг 29, 2019 3:08 pm
Lapkritinis
Thanks, but it didn't helped. Maybe you have some more info? It's not clear what encryption method was used, neither what was IV. E8C040FA7AE8F580FC F9EDAB3EC4CDC003EF9775 is 20 bytes length - not sure where to use that one.
Добавлено: Пт авг 30, 2019 11:03 am
sergey307
Who knows password for 4M0906961CC?
pack:Password>k7sN2j2kAvcY3njoXhfDxw==</pack:Password>
I decripted to this one - lKoiof1&!jhfkij, but there is mistake, I don't know where exactly
Добавлено: Пт авг 30, 2019 1:57 pm
romanesh
Does anyone have the updates for VC 8S0906961AK ?
Please share.
У кого-нибудь есть обновления для VC 8S0906961AK ?
Пожалуйста, поделитесь.
Добавлено: Пт авг 30, 2019 2:44 pm
congo
Добавлено: Пт авг 30, 2019 2:47 pm
congo
sergey307 писал(а):Who knows password for 4M0906961CC?
pack:Password>k7sN2j2kAvcY3njoXhfDxw==</pack:Password>
IKoiofl&!jhfkij
Добавлено: Пт авг 30, 2019 4:33 pm
romanesh
Добавлено: Пт авг 30, 2019 5:33 pm
sergey307
congo писал(а):IKoiofl&!jhfkij
Thanks a lot, two mistakes in my variant)) and I was unsure only in first symbol.
Добавлено: Пт авг 30, 2019 8:58 pm
romanesh
[h=2]Please Help decrypt DES(unix) password[/h]DES(unix)
YmGRVkkBszEF.
Добавлено: Сб авг 31, 2019 11:06 am
congo
Hm, dont have it. What is it from ?
Добавлено: Сб авг 31, 2019 12:22 pm
romanesh
congo писал(а):Hm, dont have it. What is it from ?
(0615) - Korea mib2 q7
Добавлено: Пт сен 06, 2019 6:49 pm
car_driver
Has anyone the Zip password for following file?
<pack:Name>4M0906961DF</pack:Name>
<pack:Password>tzrE/s61aCZ4T205/CfBcw==</pack:Password>
[SUB][SUP]
[/SUP][/SUB]
Добавлено: Сб сен 07, 2019 6:46 pm
jiangbo2571
D6sK8gV
Добавлено: Вс сен 08, 2019 10:28 am
car_driver
Thanks, it works!
jiangbo2571 писал(а):D6sK8gV
Добавлено: Вс сен 08, 2019 10:29 am
car_driver
[LEFT]Has anyone the Zip password for following files:
<pack:Name>4M0906961DQ</pack:Name>
<pack:Zugversion>MHI2_ER_AU57x_K2589</pack:Zugversion><pack:Password>7BjzYKGQ2bwVjpSJTnPgCw==</pack:Password>
and<pack:Id>4M0906961</pack:Id><pack:Zugversion>P0040</pack:Zugversion>
<pack:Password>37FUyv7jHYP+N9XZOggksVC750rKEMypY9vJVBirj/A=</pack:Password>
Thank you![SUB][/SUB][SUB][/SUB]
[/LEFT]
Добавлено: Вс сен 08, 2019 10:45 am
congo
Qcp9Bz6F
AudiSVM_Infotainmentupdate