forget/typoed password, have hash info, need advice

[Scratch]

I have 6 Windows CE 5.0 devices. I configured 1 the way I wanted and made a flash backup on an SD card. I flashed 4 of the remaining devices. I started working on another project before I got to 6th one. I went back to fix a setting on one of the 5 flashed devices to realize that I either forgot the password or typoed it the same way and couldn't figure it out.

My problem is, to get the devices fixed costs $120 each. The devices can't be defaulted until AFTER the password is entered. It's probably worth it in the long run, but I'd like to make this a learning experience.

I found the password in the flash backup. It is a 160bit format. The password is 1-40 characters long and can contain the usual. I know that it's a huge number of combinations. I was hoping to reduce it by using the passwords I knew and keyboard keys near them to account for typoes. Unfortunately, the hash function is not documented one (or I can't find it). It's not SHA-1 or RIPEMD160. With the 6th device I can set a password, copy it to SD card, and use a hex editor to see the resulting 160bit result. It takes about 5 minutes to do each result.

Does anyone know how I would go about trying to figure out how to generate that 160bit result? Some website on the theory or something? Knowing the correct terminology might help as well.

I appreciate any guidence.

[kz26]

Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll:

[Scratch]

Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll:

Which is exactly what I need help figuring out. Any suggestions?

[sneaky_rupert]

Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll:

Which is exactly what I need help figuring out. Any suggestions?

Sometimes you can see what kind of hash it is by looking at the first few characters. Can you post the hashed password?

[Scratch]

Here's some examples.

139F69C93C042496A8E958EC5930662C6CCCAFBF is 1234

F77054A52C29352ED21BF2F8C6D2D4481C1B7847 is 1235

F7BBF432EDBDA75B23C2104370ECCC6C136AAF72 is 111111111111111111111111111111

05A66B47090F250C008BED796AF6D3AEDF176FF2 is 11111111111111111111111111111

[psychoaliendog]

They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.

[Scratch]

They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.

I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting.

[SomeoneE1se]

They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.

I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting.

best salt to add

md5("1337Pa$$w0rd" + "salt")

[xxAtimiskxx]

http://www.loginrecovery.com

ive used this to get my admin password at my school

it does take two days unless you pay for it

[a5an0]

wait. so, you got it?

[Scratch]

Yeah, I got it.

I was putting 3.1415926 and the passwords was 3.14159

Easy as Pi my ass. Don't take a network admins advice.