5aLIVE
January 16th, 2009, 11:03
I'm getting quite close reversing an app which uses MD5 as part of its key generation scheme.
All the 64 rounds constants and chaining variables are not modified in the MD5.
I know that the two strings of interest are being read from a file which are used in some way to change the digest output. They are not being passed as arguments to the MD5 algo.
One string has 8 digits and the other has 9.
I've created two run trace logs of the MD5 algo, I've entered the correct known password for each run.
One trace using the correct two string values and one where I have modified these values in the file. I've looked at the traces side by side and have been able to find where the registers values start to differ from one another.
Once I found this area, I ran the debugger again just before this code expecting to see a reference to at least one of the strings. I can't seem to find either of them.
Can anyone help suggest techniques or tips on how to take the pain out of this please?
I'm using OllDbg, is there a way log values loaded to memory in run trace or a plugin perhaps? Or maybe there is another more way I don't know of?
I've also tried searching for the binary string (Ctrl-B) which doesn't find it too.
All the 64 rounds constants and chaining variables are not modified in the MD5.
I know that the two strings of interest are being read from a file which are used in some way to change the digest output. They are not being passed as arguments to the MD5 algo.
One string has 8 digits and the other has 9.
I've created two run trace logs of the MD5 algo, I've entered the correct known password for each run.
One trace using the correct two string values and one where I have modified these values in the file. I've looked at the traces side by side and have been able to find where the registers values start to differ from one another.
Once I found this area, I ran the debugger again just before this code expecting to see a reference to at least one of the strings. I can't seem to find either of them.
Can anyone help suggest techniques or tips on how to take the pain out of this please?
I'm using OllDbg, is there a way log values loaded to memory in run trace or a plugin perhaps? Or maybe there is another more way I don't know of?
I've also tried searching for the binary string (Ctrl-B) which doesn't find it too.