Offizielle Tools kenne ich nicht, fand das aber ganz interessant und habe einen C Code gefunden, welcher derartige Hashs berechnet, Bruteforce eben.
Code:
// Tools zur Decodierung von 16stelligen MD5 Hashes
// Verwendet von mySQL OLD_PASSWORT() etc.
#include "stdlib.h"
#include "stdio.h"
#include "string.h"
#define xor ^
void search3_new( );
void search4_new( );
void search5_new( );
void search6_new( );
void search7_new( );
void search8_new( );
void get_old_nr2( );
void init_password( );
void found_footprint( );
int search_extension(unsigned long nrd, unsigned long nr2d, unsigned long add1d);
char footprint_str[32];
int len3=0, len4=0, len5=0, len6=0, len7=0, len8=0, len9=0, len10=0, lenall=1;
unsigned char char1, char2, char3, char4, char5, char6, char7, char8, char9, char10;
unsigned char extension_char1, extension_char2, extension_char3;
unsigned long nr2_g2_expected1_genuine;
unsigned long nr2_g2_expected2_genuine;
unsigned long nr2_g3;
unsigned long nr2_g3plus;
unsigned long nr2_expected;
unsigned long footprint1;
unsigned long footprint2;
int hexdigit_value(char c) {
if (c >= '0' && c <= '9' ) return c - '0';
if (c >= 'a' && c <= 'f' ) return c - 'a' + 10;
if (c >= 'A' && c <= 'F' ) return c - 'A' + 10;
printf("Fehler: '%c' ist kein Hex-Wert\r\n", c);
exit(0);
return 0;
}
int main(int argc, char **argv) {
int p;
if (argc!=2 || (argc >= 2 && strcmp(argv[1], "--help") == 0)) {
printf("Syntax : %s [MD5 Hash]\r\n", argv[0] );
printf("Beispiel: %s 565491d704013245 (liefert das Passwort \"123456\")\r\n", argv[0]);
exit(0);
}
char * args = argv[1];
if (strlen(args) != 16 ) {
printf("Fehler: '%s' ist kein MD5 Hash (16 Hex-Zeichen)\r\n", args);
exit(1);
}
// Hash holen
strcpy(footprint_str, args);
unsigned long f1=0, f2=0;
int q;
for (q = 0; q < 8; q++) {
f1 = (f1 << 4) + hexdigit_value(args[q]);
f2 = (f2 << 4) + hexdigit_value(args[q+8]);
}
footprint1 = f1;
footprint2 = f2;
// Initialisierungen
get_old_nr2();
init_password();
// Suche
search3_new();
search4_new();
search5_new();
search6_new();
search7_new();
search8_new();
printf("Das Passwort hat wohl mehr als 8 Zeichen ...\r\n");
return(0);
}
void init_password( ) {
char1 = 0;
char2 = 0;
char3 = 0;
char4 = 0;
char5 = 0;
char6 = 0;
char7 = 0;
char8 = 0;
char9 = 0;
char10 = 0;
}
void get_old_nr2() {
unsigned long old_nr2_value;
int old_nr2[8] ;
int new_nr2[8] ;
int new_nr[8];
int carry[8] ;
int p;
for (p = 0; p < 8; p++) {
old_nr2[p] = 0;
new_nr2[p] = 0;
new_nr[p] = 0;
carry[p] = 0;
}
new_nr[1] = footprint1 & 255;
new_nr[2] = (footprint1 >> 8 ) & 255;
new_nr[3] = (footprint1 >> 16 ) & 255;
new_nr[4] = (footprint1 >> 24 ) & 255;
new_nr2[1] = footprint2 & 255;
new_nr2[2] = (footprint2 >> 8 ) & 255;
new_nr2[3] = (footprint2 >> 16 ) & 255;
new_nr2[4] = (footprint2 >> 24 ) & 255;
for (p=1; p<=4; p++) {
unsigned long tmp;
tmp = old_nr2[p-1] ^ new_nr[p];
old_nr2[p] = new_nr2[p] - carry[p] - tmp;
if (old_nr2[p] < 0 ) {
carry[p+1] = 1;
old_nr2[p] += 256;
}
}
old_nr2_value = (old_nr2[1] | (old_nr2[2] << |
(old_nr2[3] << 16) | (old_nr2[4] << 24) ) & 0x7FFFFFFF;
nr2_g2_expected1_genuine = old_nr2_value & 0x7FF00000;
nr2_g2_expected2_genuine = (old_nr2_value - 0x100000) & 0x7FF00000;
nr2_expected = old_nr2_value;
nr2_g3 = nr2_g2_expected1_genuine & 0x70000000;
nr2_g3plus = (nr2_g2_expected1_genuine + 0x10000000) & 0x70000000;
}
void found_footprint() {
char password[256], *ps;
int p;
ps = password;
if (char1) *ps++ = char1;
if (char2) *ps++ = char2;
if (char3) *ps++ = char3;
if (char4) *ps++ = char4;
if (char5) *ps++ = char5;
if (char6) *ps++ = char6;
if (char7) *ps++ = char7;
*ps++ = extension_char1;
*ps++ = extension_char2;
*ps++ = extension_char3;
*ps = 0;
// Gefundenes Passwort anzeigen
printf("%s = %s\r\n", footprint_str, password);
exit(0);
}
void search3_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
if (search_extension(nr, nr2, add))
return;
}
void search4_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
if (search_extension(nr, nr2, add))
return;
}
}
void search5_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++)
for (char2 = 33; char2 < 127; char2++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
nr ^= (((nr & 63) + add) * (unsigned long)char2) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char2;
if (search_extension(nr, nr2, add))
return;
}
}
void search6_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++)
for (char2 = 33; char2 < 127; char2++)
for (char3 = 33; char3 < 127; char3++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
nr ^= (((nr & 63) + add) * (unsigned long)char2) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char2;
nr ^= (((nr & 63) + add) * (unsigned long)char3) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char3;
if (search_extension(nr, nr2, add)) return;
}
}
void search7_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++)
for (char2 = 33; char2 < 127; char2++)
for (char3 = 33; char3 < 127; char3++)
for (char4 = 33; char4 < 127; char4++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
nr ^= (((nr & 63) + add) * (unsigned long)char2) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char2;
nr ^= (((nr & 63) + add) * (unsigned long)char3) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char3;
nr ^= (((nr & 63) + add) * (unsigned long)char4) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char4;
if (search_extension(nr, nr2, add)) return;
}
}
void search8_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++)
for (char2 = 33; char2 < 127; char2++)
for (char3 = 33; char3 < 127; char3++)
for (char4 = 33; char4 < 127; char4++)
for (char5 = 33; char5 < 127; char5++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
nr ^= (((nr & 63) + add) * (unsigned long)char2) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char2;
nr ^= (((nr & 63) + add) * (unsigned long)char3) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char3;
nr ^= (((nr & 63) + add) * (unsigned long)char4) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char4;
nr ^= (((nr & 63) + add) * (unsigned long)char5) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char5;
if (search_extension(nr, nr2, add)) return;
}
}
void search9_new() {
unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
for (char1 = 33; char1 < 127; char1++)
for (char2 = 33; char2 < 127; char2++)
for (char3 = 33; char3 < 127; char3++)
for (char4 = 33; char4 < 127; char4++)
for (char5 = 33; char5 < 127; char5++)
for (char6 = 33; char6 < 127; char6++) {
nr = 1345345333L;
add = 7;
nr2 = 0x12345671L;
nr ^= (((nr & 63) + add) * (unsigned long)char1) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char1;
nr ^= (((nr & 63) + add) * (unsigned long)char2) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char2;
nr ^= (((nr & 63) + add) * (unsigned long)char3) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char3;
nr ^= (((nr & 63) + add) * (unsigned long)char4) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char4;
nr ^= (((nr & 63) + add) * (unsigned long)char5) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char5;
nr ^= (((nr & 63) + add) * (unsigned long)char6) + (nr << 8);
nr2 += (nr2 << ^ nr;
add += char6;
if (search_extension(nr, nr2, add)) return;
}
}
int search_extension(unsigned long nrd, unsigned long nr2d, unsigned long add1d) {
unsigned long nre, nrf, nrg;
unsigned long nr2e, nr2f, nr2g;
unsigned long add1e, add1f, add1g;
unsigned long constant1e, constant3e, variable1e;
unsigned long constant1f, constant3f, variable1f;
unsigned long constant1g, constant3g, variable1g;
unsigned long nrdisc1, nrdisc2, nr2disc1, nr2disc2;
unsigned long nr12;
unsigned long delta1, delta2, delta3, delta4;
unsigned long dividende1 , dividende2;
constant1e = (nrd & 63) + add1d;
constant3e = nr2d << 8;
variable1e = (constant1e << 5) + (nrd << 8);
nrdisc1 = nrd xor variable1e;
nrdisc2 = nrdisc1 + 0x100000;
nr2disc1 = nr2d + (constant3e xor nrdisc1);
nr2disc2 = nr2d + (constant3e xor nrdisc2);
nr12 = nrdisc1 << 8;
delta1 = nrdisc1 xor (nr2disc1 << 8);
delta2 = ((delta1 xor (nr12 + 0x10000000)) + nr2disc1) & 0x70000000;
delta1 = ((delta1 xor nr12) + nr2disc1) & 0x70000000;
nr12 = nrdisc2 << 8;
delta3 = nrdisc2 xor (nr2disc2 << 8);
delta4 = ((delta3 xor (nr12 + 0x10000000)) + nr2disc2) & 0x70000000;
delta3 = ((delta3 xor nr12) + nr2disc2) & 0x70000000;
if (delta1 == nr2_g3 || delta2 == nr2_g3 || delta3 == nr2_g3 || delta4 == nr2_g3 ||
delta1 == nr2_g3plus || delta2 == nr2_g3plus || delta3 == nr2_g3plus ||
delta4 == nr2_g3plus)
for (extension_char1 = 33; extension_char1 <= 126; extension_char1++) {
variable1e = variable1e + constant1e;
nre = nrd xor variable1e;
nr2e = nr2d + (constant3e xor nre);
nr12 = nre << 8;
delta1 = nre xor (nr2e << 8);
delta2 = ((delta1 xor (nr12 + 0x100000)) + nr2e) & 0x7FF00000;
delta1 = ((delta1 xor nr12) + nr2e) & 0x7FF00000;
if (delta1 == nr2_g2_expected1_genuine || delta1==nr2_g2_expected2_genuine ||
delta2 == nr2_g2_expected1_genuine || delta2==nr2_g2_expected2_genuine ) {
add1e = add1d + extension_char1;
constant1f = (nre & 63) + add1e;
constant3f = nr2e << 8;
variable1f = (constant1f << 5 ) + (nre << 8);
for (extension_char2 = 33; extension_char2 <= 126; extension_char2++) {
variable1f = variable1f + constant1f;
nrf = nre xor variable1f;
nr2f = nr2e + (constant3f xor nrf);
if ((nr2f & 0x7FFFFFFF) == nr2_expected) {
add1f = add1e + extension_char2;
constant1g = (nrf & 63) + add1f;
constant3g = nr2f << 8;
variable1g = (constant1g << 5 ) + (nrf << 8);
for (extension_char3 = 33; extension_char3 <= 126; extension_char3++) {
variable1g = variable1g + constant1g;
nrg = nrf xor variable1g;
nr2g = nr2f + (constant3g xor nrg);
if ((nrg & 0x7FFFFFFF) == footprint1 && (nr2g & 0x7FFFFFFF) == footprint2) {
found_footprint();
return(1);
}
}
}
}
}
}
return(0);
}
Thank given by![[Bild: fred777.jpg]](http://peterlustig.pytalhost.com/gfx/fred777.jpg)
