What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » General Chit Chat » Download a bit of the forums' history right here

Download a bit of the forums' history right here
Author: Message:
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: Download a bit of the forums' history right here
quote:
Originally posted by Chrono
quote:
Originally posted by MeEtc
/OLD/game-beta-1.zip
/OLD/game-update1-2.zip

they're password protected, any ideas?

Not really... the game sucked anyways. Who made it? i cant recall. Im pretty sure it's quite easy toi crack a winrar password, if anyone bothers, let us know :p
RAR: not so easy or quick if it is a long pwd. But luckily they aren't RARs.

ZIP: depends on the contents. In this case it was dead easy and super-fast because of how ZIP encrypts its stuff (weakness in its standard encryption algorithm)...

Bruteforcing might still take a very long time, even on todays PCs, depending on the length of password, so that is out of the question, but in this case you can use an almost instant "known plain-text" attack.


Now, I cba to upload the archives somewhere, so here instructions to decrypt them using AZPR:
(note: only the registered version will fully decrypt the archives)

[Image: attachment.php?pid=1023868]





And to keep with tradition, for old time sake and for what it's worth, below a lengthy post explaining how I came up with those key numbers ;-) :p

Spoiler:


So in this case we're in luck:
There are 2 files in there (the UNLHA32 library files) which is a third party component they used and as such might be found on the internet if we're lucky (and we are).

The point here is that if you have access to an original unencrypted file which is encrypted in the zip, chances are extremely high that you can use the "plain-text" attack. AZPR from ElcomSoft can do such an attack.

So.... Googling for that library and you'll find a few versions. But if you wanna use a "plain-text" attack you need to find the exact same files which are in the encrypted archive. So, I downloaded many versions and started to compare the CRC32 checksums of them with the one used in the archive.

Most versions I found immediately (on the original homepage of UNLHA32) weren't the right ones (all newer versions).
So I Googled a bit deeper and found two older ones in some obscure corner of the net.
It turned out they used version 1.47.1.7 of the UNLHA32.DLL library.

But there is a problem:
For the "plain-text" attack to be effective you need to zip the original file with the _exact_ same zipping method (no problem there, the method can be looked up in the encrypted file attributes..."deflating" was used), but also with the _same_ program! This because many programs use all slightly different compression dictionaries and trees and thus the compressed files are slightly different too!

After trying a few different zip programs I already had installed (except winzip), I always ended up with a slightly wrong dictionary tree. So I gave up on that (cba to download and try more zip programs because it was already too late...yawn)....

Then I Googled for the documentation text file (UNLHA32.TXT) of version 1.47.1.7. Luckily I found it (same CRC32 as the one in the encrypted archive).
I tried to zip that (simply using Windows build-in zipper), and it came out exactly as what was needed (compressed size 12 bytes smaller than its encrypted counter part which means it is a potential match)

So, all what needed to be done now was to load up AZPR,
- select the encrypted archive (1)
- select the "plain-text" attack (2)
- select the normal unencrypted zip with UNLHA32.TXT in it ("plain-text path")
- press start button

40 seconds later: "Encryption keys successfully recovered"

Then:
- save the unencrypted archive
- select the second encrypted archive (assuming the used password is the same... it was... if it wasn't I could have done another new "plain-text" attack since UNLHA32.TXT is also in the second encrypted archive)
- by now the found encrypted keys are saved in their respective boxes (3), so all you need to do now is press the "decrypt zip using encryption keys" button (4)
- save the second unencrypted archive

done

;-)

.png File Attachment: tadaaaaaa.png (24.9 KB)
This file has been downloaded 872 time(s).

This post was edited on 08-03-2013 at 02:44 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
08-03-2013 03:54 AM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Download a bit of the forums' history right here - by Chrono on 07-31-2013 at 06:59 AM
RE: Download a bit of the forums' history right here - by Mnjul on 07-31-2013 at 02:19 PM
RE: Download a bit of the forums' history right here - by prashker on 08-01-2013 at 12:26 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-01-2013 at 12:39 AM
RE: Download a bit of the forums' history right here - by blessedguy on 08-01-2013 at 01:14 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-01-2013 at 01:28 AM
RE: Download a bit of the forums' history right here - by MeEtc on 08-01-2013 at 01:35 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-01-2013 at 01:39 AM
RE: RE: Download a bit of the forums' history right here - by CookieRevised on 08-03-2013 at 03:54 AM
RE: Download a bit of the forums' history right here - by prashker on 08-01-2013 at 03:15 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-01-2013 at 05:19 AM
RE: Download a bit of the forums' history right here - by CookieRevised on 08-01-2013 at 06:01 AM
RE: Download a bit of the forums' history right here - by CookieRevised on 08-01-2013 at 06:57 AM
RE: Download a bit of the forums' history right here - by Menthix on 08-01-2013 at 11:30 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-01-2013 at 06:17 PM
RE: Download a bit of the forums' history right here - by lopardo on 08-01-2013 at 11:14 PM
RE: Download a bit of the forums' history right here - by Nagamasa on 08-02-2013 at 02:00 AM
RE: Download a bit of the forums' history right here - by traxor on 08-03-2013 at 01:48 AM
RE: Download a bit of the forums' history right here - by MeEtc on 08-03-2013 at 01:52 AM
RE: Download a bit of the forums' history right here - by traxor on 08-03-2013 at 02:11 AM
RE: Download a bit of the forums' history right here - by traxor on 08-03-2013 at 02:12 AM
RE: Download a bit of the forums' history right here - by MeEtc on 08-03-2013 at 02:13 AM
RE: Download a bit of the forums' history right here - by Menthix on 08-03-2013 at 03:57 AM
RE: Download a bit of the forums' history right here - by prashker on 08-03-2013 at 07:08 AM
RE: Download a bit of the forums' history right here - by Chrono on 08-04-2013 at 06:25 AM
RE: Download a bit of the forums' history right here - by CookieRevised on 08-04-2013 at 07:27 AM
RE: Download a bit of the forums' history right here - by felipEx on 08-09-2013 at 07:22 AM
RE: Download a bit of the forums' history right here - by Menthix on 08-13-2013 at 05:46 PM
RE: Download a bit of the forums' history right here - by traxor on 08-15-2013 at 07:40 PM
RE: Download a bit of the forums' history right here - by blessedguy on 08-18-2013 at 12:07 AM
RE: Download a bit of the forums' history right here - by YottabyteWizard on 08-20-2013 at 05:51 AM
RE: Download a bit of the forums' history right here - by Tochjo on 08-20-2013 at 08:52 AM
RE: Download a bit of the forums' history right here - by Menthix on 08-20-2013 at 11:53 AM
RE: Download a bit of the forums' history right here - by YottabyteWizard on 08-21-2013 at 01:05 AM
RE: Download a bit of the forums' history right here - by Menthix on 08-21-2013 at 09:35 AM
RE: Download a bit of the forums' history right here - by calvin on 08-31-2013 at 05:53 AM
RE: Download a bit of the forums' history right here - by traxor on 09-11-2013 at 08:48 PM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On