There are a ton of password recovery tools for this program, so how hard can the storage algorithm be?
Homemade schemes can be very interesting. Here, in the registry is stored one dword for each of the password characters.
The username and is interleaved with the volume serial number. Like "myuser" and volume serial DEADBEEF come to: "mDyEuAsDeBrEEF". That is then trippled: "mDyEuAsDeBrEEFmDyEuAsDeBrEEFmDyEuAsDeBrEEF".
The registry value is then used to subtract values from certain characters, resulting in the password. It is easier to convey in code: see paltalk_pw_recover.cpp in filedump.
No comments:
Post a Comment
thanks for commenting!