PDA

View Full Version : Cryption


w_a_r_1
February 26th, 2010, 03:41
Is there any MD5 Online crack or any tool ?

I am trying to decrypt this string since 1 week but no luck. Is there anyone who can guide my about any tool or any online site to decrypt this string.

Thanks in advance if anyone would help me.

414f7777778f7dae4ec03c354b8f546742b545776d4f4d65546e7c9a508d7388

naides
February 26th, 2010, 06:46
[414f7777778f7dae4ec03c354b8f546742b545776d4f4d65546e7c9a508d7388] => "Whoever tries to decrypt me with so little extra information, is dumb"

MD5 is NOT an encryption scheme per-se, it is a hashing algo (Digital signature to atest the integrity of a string of bytes) Wikipedia

Search the Malattia cryptography site. . .

Darkelf
February 26th, 2010, 08:22
Furthermore the posted string is surely NOT MD5.
It's either two concatenated MD5's or something like SHA256 or anything completely different. As naides said, trying to decrypt it with so little info is just crazy.

w_a_r_1
February 26th, 2010, 10:24
So here is little more information about this thing.

This is the outgoing string from the software which seems to be MD5:

40f0d3bf1e233d140d40a9405bcf32a7

This is the response which is also encrypted.

414f7777778f7dae4ec03c354b8f546742b545776d4f4d65546e7c9a508d7388*5657274502D30256C62696379665E22356D 6162764*5657274502D30256C62696379665E23356D6162764*5657274502D30256C62696379665E26356D6162764*565727 4502D30256C62696379665E21356D6162764*77F68635E2E69616D4D62764*56469684E286475714D62764*86475714F6740 2C6C61634


Same for another outgoing string.

a81f8dc576f4a98fc102b5c84ae2af29


This is response:

6e5742ad4bc07e7d5491703679645b99758241796e4b7c6d536d7e667ec1448a*5657274502D30256C62696379665E22356D 6162764*5657274502D30256C62696379665E23356D6162764*5657274502D30256C62696379665E26356D6162764*565727 4502D30256C62696379665E21356D6162764*77F68635E2E69616D4D62764*56469684E286475714D62764*86475714F6740 2C6C61634


Now it is quite obvious for every serial this reponse will be different. I want to decrypt this incoming reponse.

I tried to find out the answer and I noticed this. Only first response string is different and rest is same.

For example.

outgoing: 40f0d3bf1e233d140d40a9405bcf32a7

Incoming First string:

414f7777778f7dae4ec03c354b8f546742b545776d4f4d65546e7c9a508d7388

same another

Outgoing: a81f8dc576f4a98fc102b5c84ae2af29

Incoming First String :

6e5742ad4bc07e7d5491703679645b99758241796e4b7c6d536d7e667ec1448a

Is there anyone who can help me with this? Just wants to know what is the relation between this outgoing and incoming first string.

evaluator
February 26th, 2010, 15:29
huh!?
you must look in THAT program, how it decrypts-deals with such strings..

disavowed
February 26th, 2010, 21:44
I'd suggest using a rainbow table: http://www.freerainbowtables.com/en/tables/md5/

w_a_r_1
February 28th, 2010, 23:24
Thank you Disavowed, but still no sucess

Sab
March 1st, 2010, 03:53
try the not so difficult approach. run peid with kanal crypto plugin and see what algorithms are used in the program. once you see them, get the address and set a breakpoint on this location. then run the application and when it does that in/out exchange you will break on the algorithm. at this time you can confirm the algo type from kanal, if it is done client side (not server) you should be able to spot it easily. if kanal shows no algos found, or no algos you can break on, you can proceed to finding the routine which sends the data out and break there. dongs