Scratch Posted February 3, 2007 Share Posted February 3, 2007 I have 6 Windows CE 5.0 devices. I configured 1 the way I wanted and made a flash backup on an SD card. I flashed 4 of the remaining devices. I started working on another project before I got to 6th one. I went back to fix a setting on one of the 5 flashed devices to realize that I either forgot the password or typoed it the same way and couldn't figure it out. My problem is, to get the devices fixed costs $120 each. The devices can't be defaulted until AFTER the password is entered. It's probably worth it in the long run, but I'd like to make this a learning experience. I found the password in the flash backup. It is a 160bit format. The password is 1-40 characters long and can contain the usual. I know that it's a huge number of combinations. I was hoping to reduce it by using the passwords I knew and keyboard keys near them to account for typoes. Unfortunately, the hash function is not documented one (or I can't find it). It's not SHA-1 or RIPEMD160. With the 6th device I can set a password, copy it to SD card, and use a hex editor to see the resulting 160bit result. It takes about 5 minutes to do each result. Does anyone know how I would go about trying to figure out how to generate that 160bit result? Some website on the theory or something? Knowing the correct terminology might help as well. I appreciate any guidence. Quote Link to comment Share on other sites More sharing options...
kz26 Posted February 4, 2007 Share Posted February 4, 2007 Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll: Quote Link to comment Share on other sites More sharing options...
Scratch Posted February 4, 2007 Author Share Posted February 4, 2007 Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll:Which is exactly what I need help figuring out. Any suggestions? Quote Link to comment Share on other sites More sharing options...
sneaky_rupert Posted February 4, 2007 Share Posted February 4, 2007 Until you figure out the hash type, there's really not much you can do in terms of PW cracking... :roll:Which is exactly what I need help figuring out. Any suggestions? Sometimes you can see what kind of hash it is by looking at the first few characters. Can you post the hashed password? Quote Link to comment Share on other sites More sharing options...
Scratch Posted February 4, 2007 Author Share Posted February 4, 2007 Here's some examples. 139F69C93C042496A8E958EC5930662C6CCCAFBF is 1234 F77054A52C29352ED21BF2F8C6D2D4481C1B7847 is 1235 F7BBF432EDBDA75B23C2104370ECCC6C136AAF72 is 111111111111111111111111111111 05A66B47090F250C008BED796AF6D3AEDF176FF2 is 11111111111111111111111111111 Quote Link to comment Share on other sites More sharing options...
psychoaliendog Posted February 4, 2007 Share Posted February 4, 2007 They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce. Quote Link to comment Share on other sites More sharing options...
Scratch Posted February 4, 2007 Author Share Posted February 4, 2007 They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 5, 2007 Share Posted February 5, 2007 They could be salted hashes, in which you would have to find out what the salt is and the algorithm used to salt it with. The salt is usually stored with the hashes on unix machines, but I don't know anything about windows ce.I remembered the password! I feel like an idiot. Thanks for the suggestion. You actually gave me a good idea for a future project. I forgot all about salting. best salt to add md5("1337Pa$$w0rd" + "salt") Quote Link to comment Share on other sites More sharing options...
xxAtimiskxx Posted February 5, 2007 Share Posted February 5, 2007 http://www.loginrecovery.com ive used this to get my admin password at my school it does take two days unless you pay for it Quote Link to comment Share on other sites More sharing options...
a5an0 Posted February 10, 2007 Share Posted February 10, 2007 wait. so, you got it? Quote Link to comment Share on other sites More sharing options...
Scratch Posted February 10, 2007 Author Share Posted February 10, 2007 Yeah, I got it. I was putting 3.1415926 and the passwords was 3.14159 Easy as Pi my ass. Don't take a network admins advice. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.