to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy
Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
aaii wrote:to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy
Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
You sound like you know what you're talking about. You into programming or the sort?
ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......
if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
aaii wrote:to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy
Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
You sound like you know what you're talking about. You into programming or the sort?
Plasma2002b wrote:ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......
if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
It does very much depend on whether the client sends the password in its encoded form (as I stated ). If it does then my method is pretty meaningless. Perhaps it's time to fire up my packet sniffer and API hooker . Though, I really can't be arsed as I have no use for hacking passwords
I'm sure they have thought it through a lot more after what happened in the previous versions.
Well, considering the fact that sending an unencrypted password over the net isnt the kind of thing done these days, its highly unlikely that the passwords for your AIM profile go out plain-text.
xWastedMindx, I think you need to relax a little on the "Post Reply" button, as most of your posts make little or no sense.
It may be all find and dandy to figure out how the passwords are encrypted, then crack your own (as you conveniently have access to your own registry, where this encrypted password is stored). You now need to find a way to obtain this information from the person's password you are trying to crack.
Are you going to physically get into their computer and snag this information from their registry? Given the nature of the original question, its highly unlikely people doing this are doing it to people that live down their street. Doubtful.
ziekke wrote:xWastedMindx, I think you need to relax a little on the "Post Reply" button, as most of your posts make little or no sense.
They make perfect sense!! ...most of the time anyways. Sometimes I just ramble on, but I went back and reread this thread from almost a month ago, and it makes sense to me!
There's also a 'tool' you can download called Advanced IM Password Recovery.. by ElcomSoft. Same company that has pass recovery for .zip and .rar archiving as well.
Alright, my findings on the program Advanced IM Password Recovery.
I downloaded the newest version available, 1.50 and it unfortunately does not support AIM 4.8.2790 and I assume the 5.x series as well. I don't want to downgrade to figure out what's the lowest version of AIM it supports.
The only limitation of the trial version program is that you can't decode passwords longer than 3 characters.
Anyways, I did happen to find a crack for it, which then I installed Advanced IM PR version 1.21, with crack applied. It still didn't offer me any luck as the AIM version I have is still unsupported. (4.8.2790).
Although it is a very good program, as it was able to tell me my Yahoo Password, I would wait a bit longer for anything new for higher AIM versions to be supported. It's still a fairly new program by ElcomSoft. This cracked version I have now 1.21 is the first public release. Just give it some time and keep checking back on it and I'll report the progress if any in the future of this nice little tool.
Plasma2002b wrote:ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......
if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
It does very much depend on whether the client sends the password in its encoded form (as I stated ). If it does then my method is pretty meaningless. Perhaps it's time to fire up my packet sniffer and API hooker . Though, I really can't be arsed as I have no use for hacking passwords
I'm sure they have thought it through a lot more after what happened in the previous versions.
AIM passwords are only ENCRYPTED by the AIM software. When you change your password, it is encrypted and saved in the registry. When you log in, the encrypted version of the password you enter is compared to the encrypted version on the server. However...the encryption IS reversible or at least the old version was. Not too long ago, they changed the method of encrypting passwords because the old one was so easy to crack. I haven't managed an inverse for the new one...I'm beginning to think it's just a textual representation of an irreversible password hash.
I might sound like an idiot for saying this...I don't know anything about programming or encryption or anything like that...but if the password that needs hacking is on your own computer, you can always download a key logger.
*shrug*
~Kevin
"Why is it that we rejoice at a birth and grieve at a funeral? It is because we are not the person involved."
got mojo wrote:I might sound like an idiot for saying this...I don't know anything about programming or encryption or anything like that...but if the password that needs hacking is on your own computer, you can always download a key logger.
I've tried it before.. a few different apps actually. None of them seem to work properly.