flat assembler
Message board for the users of flat assembler.

Index > Heap > IDA Pro installer has weak passwords

Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16850
Location: In your JS exploiting you and your system
revolution
https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way-en/
Quote:
In this article, we discussed the possibility of installing IDA Pro without owning installation password. In the end, we found plaintext password in the program memory of Linux and MacOS version. On the other hand, we determined the password generation methodology of Windows version. Therefore, we can build a dictionary to accelerate brute force attack. Finally, we can get one password at a reasonable time.
Basically, brute forcing 32-bit seeds is too easy. You don't need a super computer to do that.

But it is fixed now for newer versions.
Quote:
Jan 31, 2019 - Report to Hex-Rays
Feb 01, 2019 - Hex-Rays promised to harden the installation password and reported to BitRock
Feb 11, 2019 - BitRock released InstallBuilder 19.2.0
Post 22 Jun 2019, 13:31
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.