This is why we took a whole month to verify such a difficult surmise.Īlthough this issue is not included in Security Bug Bounty Program, they still generously awarded us IDA Pro Linux and MAC version, and upgraded the Windows version for us. ![]() It can broaden our experience no matter the result is correct or not. Therefore, we can build a dictionary to accelerate brute force attack. On the other hand, we determined the password generation methodology of Windows version. In the end, we found plaintext password in the program memory of Linux and MacOS version. Generally, we can compute the password of one installer in 10 minutes. We collected all leaked installation passwords, such as hacking teams password, which is leaked by WikiLeaks.įor example, we can generate the hacking teams leaked password FgVQyXZY2XFk with the following script. Therefore, we cannot get the password simply with static or dynamic analyzing the installer, and brute force is apparently not an effective way. This is the power of reverse engineering and using tools such as IDA Pros disassembler and debugger: we dont need the source code to learn how the software works.With just a debugger and a disassembler, we. ![]() We found the plaintext installation password directly in the program memory of the running IDA Pro installer. Ida Pro 7.2 Software Exits With Since we dont know the correct passcode, the software exits with a wrong password message.All is not lost. The installer is built with an installer creation tool called InstallBuilder. With a Windows version installer, we only need 10 minutes to calculate the password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |