[ MSmagic @ 07.12.2004. 05:57 ] @
Zamolio bih vas da mi pomognete u resavanju problema da li je ovaj niz kriptovan ili nije i sta znace alfanumericki nizovi. Radi se o specificnom softveru za komunikaciju sa automobilom preko specificnog uredjaja za koji se trazi password. Posto sam ovaj kompletan dump iz fajla ssetup.dll uporedio sa istim takvim koji se nalazi na prijateljevom CD-u, uocio sam samo male razlike, prva je u serijskom broju uredjaja a druga razlika je u ovih nekoliko heksadecimalnih nizova. Na pocetku se pominje MD5 i SHA-1 i mislim da se iza ovoga krije neki enkriptovan broj. Ima li pomoci?

E064 4E32 103F 632B 9F48 F169 00DB 0881 2D62 A513 6393 915D 6FFD BFF8 F6A7 49A4 8C8A 859B 93(00) (to je niz koji se razlikuje od uporedjivanog, poslednje dve nule su iste kao kod drugog dumpa ali sam ih stavio da ne bih remetio heksadecimalni zapis)

.dN2.?c+.H.i....-b..c..]o.....I....... (to se dobije na desnoj strani ekrana u Hex Workshopu kao prevod prethodnog heksadecimalnog zapisa, ukljucujuci i dve poslednje nule, u prevodu je to poslednja tacka


A ovo pise na desnoj strani programa, kao preveden heksadecimalni zapis:


MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.s.s{..s{..s{...d..z{..s{..5{...g..{{...d..r{...}..r{..s{..E{..Richs{..................PE..L...3X'6...........#.....r...........N............@g................................8................................~...... x..d...................................0...................................................$............................text...Lq.......r.................. ..`.data................x..............@....rsrc................~..............@..@.reloc..............................@..B.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................}...}..t}..h}..^}..L}..8}.."}...}...|...|...|...|...|...|...|..p|..\|..N|..:|..,|...|...}...|......N{..:{.."{..z{...{..b{...z..n{...z..H~..t~...y...z...z...z...z...z...z...z..zz..jz..Zz..Hz..:z..*z...z...y...y...y...y...y...y...{...{..^~..(~...}...}...}...~..8~.......{...{...{.......{......................3X'6........................3X'6........`...............3X'6................p.......3X'6................................SHA1............................MD5.................."..........DSA_SIGN.............................................f..(.......CYLINK MEK...........f..(.......RC2..................h..(.......RC4.............................SHA1............................MD5.................."..........DSA_SIGN........................DH_KEYX.....................................................................SHA-1...................Secure Hash Algorithm (SHA-1)...................................MD5.....................Message Digest 5 (MD5)..................."......................DSA_SIGN................Digital Signature Algorithm......................................................................................................f..(...(...(...........CYLINK MEK..........$...CYLINK Message Encryption Algorithm......f..(...(...(...........RC2.....................RSA Data Security's RC2..................h..(...(...(...........RC4.....................RSA Data Security's RC4.........................................SHA-1...................Secure Hash Algorithm (SHA-1)...............................1134701101002...............Message Digest 5 (MD5)..................."......................DSA_SIGN................Digital Signature Algorithm.....................................DH_KEYX.............&...Diffie-Hellman Key Exchange Algorithm...........................................................................................DH-BLOB.DSS-BLOB....Software\Microsoft\Cryptography\DSSUserKeys.Microsoft Base DSS and Diffie-Hellman Cryptographic Provider....Microsoft Base DSS Cryptographic Provider...C.r.e.a.t.i.n.g. .a. .n.e.w. .D.i.f.f.i.e.-.H.e.l.l.m.a.n. .e.x.c.h.a.n.g.e. .k.e.y.!...C.r.e.a.t.i.n.g. .a. .n.e.w. .D.S.S. .s.i.g.n.a.t.u.r.e. .k.e.y.!...E.x.p.o.r.t.i.n.g. .y.o.u.r. .p.r.i.v.a.t.e. .s.i.g.n.a.t.u.r.e. .k.e.y.!...E.x.p.o.r.t.i.n.g. .y.o.u.r. .p.r.i.v.a.t.e. .e.x.c.h.a.n.g.e. .k.e.y.!.....U.s.i.n.g. .y.o.u.r. .D.i.f.f.i.e.-.H.e.l.l.m.a.n. .e.x.c.h.a.n.g.e. .k.e.y. .t.o. .c.r.e.a.t.e. .a.n. .a.g.r.e.e.d. .k.e.y.!...I.m.p.o.r.t.i.n.g. .a. .n.e.w. .p.r.i.v.a.t.e. .e.x.c.h.a.n.g.e. .k.e.y.!...S.i.g.n.i.n.g. .d.a.t.a. .w.i.t.h. .y.o.u.r. .p.r.i.v.a.t.e. .s.i.g.n.a.t.u.r.e. .k.e.y.!...DH_G....DH_P....DSS_G...DSS_Q...DSS_P...ole32.dll...TypeName....Name....SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\....Signature...SigInFile...Type....Image Path......SOFTWARE\Microsoft\Cryptography\Defaults\Provider\..Type 013....DSS Signature with Diffie-Hellman Key Exchange..Type 003....DSS Signature...dssbase.dll.\...PSKEYS..key expansion...master secret...client write key....server write key....IV block....Mask....Software\Microsoft\Cryptography\Defaults\CheckInfo..-%lu....0x%02hx%02hx%02hx%02hx%02hx%02hx....%lu.S-%lu-...DEFAULT....*DEFAULT*...PStoreCreateInstance....pstorec.dll.D.H. .E.x.c.h.a.n.g.e. .K.e.y.s.....D.S.S. .S.i.g.n.a.t.u.r.e. .K.e.y.s.....C.r.y.p.t.o.g.r.a.p.h.i.c. .K.e.y.s.....ExchTypeSubtype.SigTypeSubtype..D.e.l.e.t.i.n.g. .y.o.u.r. .p.r.i.v.a.t.e. .e.x.c.h.a.n.g.e. .k.e.y.....D.e.l.e.t.i.n.g. .y.o.u.r. .p.r.i.v.a.t.e. .s.i.g.n.a.t.u.r.e. .k.e.y...GetMessageTime..GetCursorPos....user32.dll..NtQuerySystemInformation....n.t.d.l.l...d.l.l.......................Q....................L...............S..y.H.k...................................................................................Dan Simon .....Scott Field......x......(..yJ....~7.+vS.bLd.D.....Y...O.aEm...}2..@...{...!"\kN.T.e..`..sV.......u..;...B=.0.<.&o...Fi.W'.....C.......>..../.f.......R....r.5Mj*...qZ.ItK..^......An.Q..$..P..p9.|:.#..z..6[%U.1-]........).gl.........,c..?X....84..3...H._.......G...w.. h.......................................................................................................................................................................................................................................................................@...........@...@.......@...........@.......@.......@...@...........@...@...........@...........@.......@...@...@...........@.......@...@.......@.......@.......@...........@.......@.......@...@...........@.......@.......@...@...........@...@.......@......................................................................................................................................................................................................................................................................@...........@.......@.......@...@...................@...@.......@...@...........@.......@...............@...@.......@...@...@...@.......@.......@...........@...............@.......@...@...........@...@...@...@...........@...@...@...@...................@............. ... ....... ........... ... ....... ... ................... ... ....... ....... ... ... ... ... ........... ........... ... ........... ... ............... ....... ........... ... ........... ... ....... ........... ....... ... ... ....... ...@...@. ...... .@. .. ..@ ...dN2.?c+.H.i....-b..c..]o.....I....... .@ ..@. ...... ..@.... .@. .@ ... .....@ ..@.... .@ .. ..@ ....... ..@ .. .@. ...... ....... ..@. ... .@. .@ .. .@...@ .. ... .@ ..@..... .@ ...... ..@...@ ... ... .@ ..@...@. ..@...............B...@...B...................@.......B...@...........@...@...B...............B...@...B...B.......B...@...........B...@...@.......@...........@.......B...B...................................B.......@...B.......B.......@...B.......B...@...@..... ... ........... ....... ... ....... ............... ... ... ............... ... ... ........... ....... ... ...........


Sta bi to moglo da znaci???
[ 39145nobody @ 07.12.2004. 11:39 ] @
To kar si prikazal je fajl "Dssbase.dll" iz foldera "\Windows\SYSTEM\" . S tem si ne moreš nič pomagati .
[ MSmagic @ 08.12.2004. 01:47 ] @
Ne, to sto sam prikazao je SSETUP.dll koji se nalazi na instalacionom CD-u za uredjaj koji vrsi dijagnostiku automobila. Takav isti cd, posto se radi o istom uredjaju, ima i moj prijatelj od koga sam uzeo taj cd da uporedim sadrzaj i vidim razliku posto sa mojim programom njegov uredjaj nece da radi i obrnuto. Vidljiva je razlika u serijskom broju uredjaja i to je ocigledno, pise na desnoj strani programa Hex Workshop, ali je razlika i u ovih nekoliko nizova koje sam naveo a sto ne mogu da protumacim pa sam na osnovu uvoda zakljucio da je to kriptovan zapis.