The next thing I've tested was the IDA 7.2 installer, of course. This, surprisingly, turned out to be the right idea and successfully bruteforced the other hashes/passwords (when using Microsoft's C runtime implementation for srand and rand). This, converted to Rust, amounts to something like: use float_extras::f64::ldexp To do that I've dug through the Perl source code to find the exact implementation of DRand48. I found that interesting and verified their findings by converting the code to Rust and do a full search for all PRNG seeds (assuming a 32-bit seed). I assume different algorithms/charsets/etc. I noticed Perl 5.20.0's PRNG implementation can't be used to find seeds for the other leaked passwords or to bruteforce IDA 7.0-7.2 setup passwords. This only works for versions up to 6.8 though, and not even all installers, as qudiss noted: Unless you find out how the passwords were generated in the first place! Devcore found out that the passwords are simply generated with a small Perl script using srand()/ rand().
The password being 12 alphanumeric characters long means that bruteforcing it is pretty much out of the question. InnoSetup encrypts the program data with the installer password and hashes it via SHA-1, prepending it with PasswordCheckHash and eight random bytes as salt.
The Windows installer, however, uses InnoSetup as installation engine. On, devcore published a blog post about obvious flaws in the MacOS and Linux installers for IDA, including the password as plaintext in the setup file. Separately to that, a license file from ESET was leaked, which didn't match the feature set of the installer file.īut all the leaks didn't matter, because without the installer password, the program files were safe. This does not mean it was usable however, as you need an installer password to install and a licence file to activate it. In January 2019, the installer files for IDA 7.2 were leaked. Note: All hashes and passwords are redacted. Posted: How IDA 7.2's installer password was found
0 kommentar(er)
