Art of Decrypting Digsby Password

Posted June 8th, 2010. Filed under Security Stuff

Digsby is popular multiprotocol IM client that lets you chat with all your friends on AIM, MSN, Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list. It also has social networking feature that lets you keep connected with your friends through popular social network sites such as Facebook, Twitter, LinkedIn, Myspace etc. All these features together with ease of use made it one of the popular IM client around the world in short duration of time.

digsby_reversed

Digsby stores only main account password locally and all other IM account passwords (such as Yahoo, Gmail, AIM) are stored in the servers. The main account password is stored in the ‘logininfo.yaml’ file at following location,

[Windows XP]
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Digsby

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Local\Digsby

It is always challenging to reverse and discover how a certain application encrypts the password as most apps uses their own unique methods and different algorithms.  I was onto the same challenge, when I set to decrypt the Digsby password as I already knew it uses some kind of encryption algorithm with derived key.

It took me around 16 hours of reversing spanned across several days and nights to get to the final password. As usual drive was very interesting and pleasure of cracking it down successfully was immense.

Newer version of Digsby uses better key generation mechanism than the previous one which used just static string as the key for encryption algorithm.Here are the interesting stuffs on how Digsby encrypts the password and how to decrypt it.

Digsby uses the combination of Product Id, Install Date and Digsby username to compute the key for encryption algorithm.  It concatenates all these 3 together to form one string and the computes the SHA1 hash of it.  This generates the 20 byte hash which is used as the key to encryption algorithm.

Next it takes the password stored from ‘logininfo.yaml’ file which is stored in BASE64 format.  It decodes this password using BASE64 decoder to get the encrypted password,. This encrypte password is of the same length as original password.  So mere BASED64 decoding of the stored password will get you the length of the password.

Then this encrypted password is decrypted using the RC4 algorithm using the previously generated SHA1 hash as the key. During reversing I completely  reversed this RC4 algorithm itself. For me it look like some kind of XOR and SWAP routines to decrypt the password and I thought this may be proprietary algorithm used by Digsby.  It is later that I discovered that this in fact is RC4 algorithm after going through documentation of RC4 algorithm.

Overall it was very interesting experience reversing the algorithm and getting the right on the target.  This will come as part of our new tool, IMPasswordDecryptor which will help you to instantly recover passwords stored by popular IM clients.

Source : http://nagareshwar.securityxploded.com/2010/06/08/art-of-decrypting-digsby-password/

Yahoo Blog Korea, probleme mari

Posted June 5th, 2010. Filed under DotRO

Exemplu:
[????? ?? 59] ??? ?? ??? ??? ???? – oldpine300? ??? – ??! ??? (vezi primul rand)

Nu mi-a mers pe orice blog deoarece unele cer un plugin flash pentru editor. Asta numai in IE. L-am instalat dar nu afisa corect continutul ci semne de intrebare asa ca am renuntat, sa nu stric pagina omului. Daca vad

웹에디터를 이용하기 위해서는
Microsoft Internet Explorer 를 사용하셔야 합니다.

in Mozilla – evit blogul.

Metoda:
Pentru inceput te logezi pe un cont yahoo. Apoi cauti un blog placut pe care vrei sa fii blogger . Intri pe prima pagina a blogului.
In stanga e o coloana denumita 전체 글보기 (faci copy-find)- e lista de foldere. Apesi pe un folder.
In addressbar apare http://kr.blog.yahoo.com/user/folder/3.html Inseamna ca esti in folderul 3. Pune deoparte.

Alegi o stire. Exemplu http://kr.blog.yahoo.com/user/1268.html?p=1&pm=l&tc=110&tt=1275727691 Observatie: stirea numarul 1268. Pune si asta deoparte.

Urmatorul link trebuie sa functioneze: sa vizualizezi stirea – totusi nu merge intotdeauna.

http://kr.blog.yahoo.com/user/MYBLOG/yblog.html?fid=3&pid=1268&m=lc

Pentru a edita un articol folositi:

http://kr.blog.yahoo.com/user/MYBLOG/write.html?fid=3&pid=1268&m=lc

Puteti uploada poze imediat sub boxul de text. Va lasa si cu dar e filtrat bine.

Sunt 3 butoane jos: PREVIEW SUBMIT RESET.

Have Fun!

Source : http://rstcenter.com/forum/23220-csrf-yahoo-blog-korea.rst

Vrei sa spargi parole yahoo ?!

Posted May 24th, 2010. Filed under DotRO

Cum nu am avut nimic interesant în reader de ceva timp iar articolul cu care tot ameninţ de câteva zile mai are de aşteptat puţin am găsit ceva foarte tare postat pe RSTCenter.

cmiN,membru al forumului RST a postat asta :

“Unii antivirusi il vad ca virus deoarece e cracker deci la unii antivirusi mai prosti trebuie dezactivati”

Să vedem câte ceva despre autorul acestui e-mail :

Home : http://yahoo.boo.ai/
For more info try IRC network

server = us.undernet.org

channel = #mAiL , #IceMan , #FakeName

Ce înţelegem de aici ?

Înţelegem că omul este foarte periculos , are propriul lui channel pe undernet şi nu trebuie să fim răi cu el că poate rămânem fără e-mail.
Tot ce îmi mai rămâne să spun este : trist !

Powered by HaxTor | CopyWrong © 2011