Last active
February 9, 2025 02:40
-
-
Save ymgve/e3d28e69f2ed209730afafd36fe61d53 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| from Crypto.Cipher import AES | |
| f = open("index.dat", "rb") | |
| f.seek(10) | |
| ctext = f.read(5) | |
| f.close() | |
| # hardcoded IV found at address 0x004277f6 | |
| IV = bytes.fromhex("9C6177555316469389520095098AB8FE") | |
| def check(pwd): | |
| # password is in UCS2, including the last zero symbol | |
| pwd2 = bytearray() | |
| for c in pwd: | |
| pwd2 += bytes([c, 0]) | |
| pwd2 += bytes([0, 0]) | |
| key = hashlib.md5(pwd2).digest() | |
| ptext = AES.new(key, AES.MODE_CFB, IV, segment_size=128).decrypt(ctext) | |
| # comparison function at address 0x00429de1 | |
| if ptext == b"CLIDX": | |
| print("FOUND!!!", pwd) | |
| exit() | |
| pwd = b"C3p@lR3c0rdings" | |
| # replace chars | |
| for i in range(len(pwd)): | |
| for j in range(256): | |
| pwd2 = pwd[:i] + bytes([j]) + pwd[i+1:] | |
| check(pwd2) | |
| # insert chars chars | |
| for i in range(len(pwd)+1): | |
| for j in range(256): | |
| pwd2 = pwd[:i] + bytes([j]) + pwd[i:] | |
| check(pwd2) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment