I created a test setup file with inno 5.5.0 and encryption set to true with "Test_12" as the password.
INNOUNP provided me with this hash/salt:
PwdHash=a6c2d840701d5a9148c036563ca850f44ba1ddcd
PwdSalt=a8c9c02fd695f24a
I use oclHashcat for retrieving the password with hash:salt and testing all modes through 110-140 with a given mask in this case explicity "Test_12". It does NOT recover the password. I have to be doing something wrong. Can anyone help me please?
Thanking in advance,
Best regards
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It is wrong. You should look at the source code of either IS or innounp. Search for function TestPassword.
PS. Don't forget to base64 decode the salt before usage.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm just unable to generate the same hash as in the Setupheader. Generating like this:
SHA1("PasswordCheckHash"+salt+pwd) or with SHA1("PasswordCheckHash"+b64decode(salt)+pwd), but I don't get why you should b64 decode the salt before usage, it is not a typical base64 encoded string?!
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Salt is base64 encoded before dumping to script for better readability. Inside it is a binary value (8 bytes) and not a printable string.
Also are you using unicode or ansi version of IS? They treat password string differently.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Then you should have
b64encode(SHA1("PasswordCheckHash"+b64decode(PasswordSalt)+pwd)) == PasswordHash
where PasswordHash and PasswordSalt are values from script.
What programming language do you use? Some of them can not properly use binary values as strings. It may be the source of the problem.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm using Python 2.7 with hashlib/base64 and VC++ with Crypto++. Both versions give me the same false hash.
a445f32957a5d7c0d52f4ceded58d6368ee7fb0f != a6c2d840701d5a9148c036563ca850f44ba1ddcd (the one in the header)
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi guys,
I created a test setup file with inno 5.5.0 and encryption set to true with "Test_12" as the password.
INNOUNP provided me with this hash/salt:
PwdHash=a6c2d840701d5a9148c036563ca850f44ba1ddcd
PwdSalt=a8c9c02fd695f24a
I use oclHashcat for retrieving the password with hash:salt and testing all modes through 110-140 with a given mask in this case explicity "Test_12". It does NOT recover the password. I have to be doing something wrong. Can anyone help me please?
Thanking in advance,
Best regards
Well, I guess you are using password hash and salt a wrong way. :)
How do you attaching salt to the password?
like this hash:(<-colon)salt
It is wrong. You should look at the source code of either IS or innounp. Search for function TestPassword.
PS. Don't forget to base64 decode the salt before usage.
Ariman, thanks for your help & hints.
I'm just unable to generate the same hash as in the Setupheader. Generating like this:
SHA1("PasswordCheckHash"+salt+pwd) or with SHA1("PasswordCheckHash"+b64decode(salt)+pwd), but I don't get why you should b64 decode the salt before usage, it is not a typical base64 encoded string?!
Thanks
Salt is base64 encoded before dumping to script for better readability. Inside it is a binary value (8 bytes) and not a printable string.
Also are you using unicode or ansi version of IS? They treat password string differently.
I'm using the ANSI (a) version.
Then you should have
b64encode(SHA1("PasswordCheckHash"+b64decode(PasswordSalt)+pwd)) == PasswordHash
where PasswordHash and PasswordSalt are values from script.
What programming language do you use? Some of them can not properly use binary values as strings. It may be the source of the problem.
I'm using Python 2.7 with hashlib/base64 and VC++ with Crypto++. Both versions give me the same false hash.
a445f32957a5d7c0d52f4ceded58d6368ee7fb0f != a6c2d840701d5a9148c036563ca850f44ba1ddcd (the one in the header)
Thanks