Jump to content

forget/typoed password, have hash info, need advice


Scratch
 Share

Recommended Posts

I have 6 Windows CE 5.0 devices. I configured 1 the way I wanted and made a flash backup on an SD card. I flashed 4 of the remaining devices. I started working on another project before I got to 6th one. I went back to fix a setting on one of the 5 flashed devices to realize that I either forgot the password or typoed it the same way and couldn't figure it out.

My problem is, to get the devices fixed costs $120 each. The devices can't be defaulted until AFTER the password is entered. It's probably worth it in the long run, but I'd like to make this a learning experience.

I found the password in the flash backup. It is a 160bit format. The password is 1-40 characters long and can contain the usual. I know that it's a huge number of combinations. I was hoping to reduce it by using the passwords I knew and keyboard keys near them to account for typoes. Unfortunately, the hash function is not documented one (or I can't find it). It's not SHA-1 or RIPEMD160. With the 6th device I can set a password, copy it to SD card, and use a hex editor to see the resulting 160bit result. It takes about 5 minutes to do each result.

Does anyone know how I would go about trying to figure out how to generate that 160bit result? Some website on the theory or something? Knowing the correct terminology might help as well.

I appreciate any guidence.

Link to comment
Share on other sites

Here's some examples.

139F69C93C042496A8E958EC5930662C6CCCAFBF is 1234

F77054A52C29352ED21BF2F8C6D2D4481C1B7847 is 1235

F7BBF432EDBDA75B23C2104370ECCC6C136AAF72 is 111111111111111111111111111111

05A66B47090F250C008BED796AF6D3AEDF176FF2 is 11111111111111111111111111111

Link to comment
Share on other sites

They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.
I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting.
Link to comment
Share on other sites

They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.
I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting.

best salt to add

md5("1337Pa$$w0rd" + "salt")

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...