This is the OLD Rival Rebels forum (Locked). To go to the NEW Forum please click here.

This topic contains 21 replies, has 9 voices, and was last updated by Rodol Profile Avatar Rodol 10 months ago.

Viewing 22 posts - 1 through 22 (of 22 total)
  • I eat MD5 for breakfast
  • #19793
    Orchface Profile Avatar
    Orchface
    29
    Reputation
    0
    Credits
    41 posts

    Rodol once told me that no one could crack his hashes, since he has one rod disk password that he gives out and one that he keeps secret, and people would always claim to have “cracked” the released password. That was three years ago, and I am unsure as to whether anyone has figured out how to crack MD5 since.

    But I am here to tell you that I have successfully cracked all eight of Rodol’s rod disk password hashes.

     

    How I did it (for nerds only):

    MD5 is a pathetic hashing algorithm, since it has one key vulnerability: if MD5(x) == MD5(y), then MD5(x+k) == MD5(y+k). Most MD5 collision calculators use the principle of reduction: start with the set of all real 16-bit sequences, and eliminate sequences that do not contain the 1st, 2nd, 3rd, etc. bytes in the start sequence, until the end collision(s) are found.

    After reading Wang and Yu’s article I discovered that reduction is not the only way to generate a collision for MD5. My algorithm uses construction — build a collision from the ground up. I simply exploited MD5’s crucial weakness by appending the starting byte of each hash to a chain, then adding a new byte to the sequence. I appended the constant k, a byte ranging from -128 to 128. If bytes [1] and [2] of the hash sequence do not match bytes [1] and [2] of the chain, the byte k is incremented. This is done until bytes [1] and [2] of both sequences match. Eventually,  the program will construct a byte array where positions [1] through [16] match in both sequences. After this is done, the collision byte array is converted to a string, AKA the password. My algorithm is also quite fast; I was able to feed in 8 of Rodol’s hashes and get collisions in less than 30 seconds.

     

    Obviously, I won’t release any of the cracked passwords without approval. But Rodol can contact me in private to verify that I have all eight of the rod disk passwords :)

     

    Have a nice day!

    -Orch

     

    OrchfaceImage result for nuclear mushroom cloud

    #19795

    Good job 👏 . Rodol was thinking about having the passwords released anyways but don’t release them unless he say you can.

    ∞ lukep11804 ∞

    Rival Rebels Favorite Zombie Pigman

    #19803
    Shadowkitten Profile Avatar
    Shadowkitten
    434
    Reputation
    0
    Credits
    377 posts

    i personally  hope the passes get released some day…

     

    also hilarios title

    ÖPS

    #19804
    Orchface Profile Avatar
    Orchface
    29
    Reputation
    0
    Credits
    41 posts

    The title is true…

    My algorithm can crack almost any hash that belongs to an alphanumeric string less than 15 characters.

    Waiting for Rodol to see this, because he doubted the efficacy of my cracking algorithm a few years back…
    I want to see his reaction when I tell him all of his ‘secret’ passwords :)

    Please don’t snip.

    OrchfaceImage result for nuclear mushroom cloud

    #19805

    then dont put cuss words in your post

    Because reasons

       
    #19806
    Orchface Profile Avatar
    Orchface
    29
    Reputation
    0
    Credits
    41 posts

    This is quickly diverging from the topic at hand. I wish to discuss MD5 hashes, not debate whether a two-letter abbreviation is profanity.

    OrchfaceImage result for nuclear mushroom cloud

    #19807

    but it means profanity

    just refrain from using it in the future.

    Because reasons

       
    #19812
    Rodol Profile Avatar
    Rodol
    1858
    Reputation
    0
    Credits
    3055 posts

    Good job, its great you have done this!

    I assume you used Java, since you talked about signed byte ranges [-128..127], unsigned ranges would be more customary for working with raw data like this, but Java has no support for unsigned types besides char.

    Are the collisions you found composed of solely lowercase alphabetical characters?

    Great to see you around Orchface!

    ⋰⋮RODOL⋮⋱
    #19813
    Orchface Profile Avatar
    Orchface
    29
    Reputation
    0
    Credits
    41 posts

    I used Java to reverse that pesky getString() method, but I used C++ to perform the chain algorithm. I chose C++ for exactly the reason you said; Java doesn’t support unsigned bytes or integers. Basically, I had a Java program perform all of the basic logic to extract possible combinations of hashes, then I used a C program to attempt to crack the hashes.

    <span style=”-webkit-tap-highlight-color: rgba(0, 0, 0, 0);”>The collisions I found were all lowercase alphabetic strings, except for one. I calculated 8 unique alphabetic strings that sound like passwords. However, I found that one of the hashes has a collision with a 512-character Hex block, but I doubt you would use that as a password.</span>

    Good to see you too, Rodol!

    OrchfaceImage result for nuclear mushroom cloud

    #19814

    I’m honestly surprised  people know Java  (not JavaScript) I can barely figure out what command your trying to enter

    All of your bas are belong to us.

    #19816
    Rodol Profile Avatar
    Rodol
    1858
    Reputation
    0
    Credits
    3055 posts

    Im interested in seeing that 512 character hex block, you can post it here since MC’s text input allows only 100 characters, so its not like anyone could use that password anyways. (and command blocks can’t throw rod disks lol)

    ⋰⋮RODOL⋮⋱
    #19817
    Orchface Profile Avatar
    Orchface
    29
    Reputation
    0
    Credits
    41 posts

    This monster of a block is what my algorithm calculated to be a collision to one of your hashes:

    d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a7007a27ff6b2569f6939388a6bcb12896ce1d08a08076b45ec8ee775f02433f99e0adc842d60369320df30ad784b2e35dd6c919c634dcad6eab5f8436513e3288db5c373082fdbd19df99cdc7f8e521580a514175238884e38203b4f906043da5598f7bf8be3854004bae76421785bacf2c59ffa8960a9d3964cee6e5c20dd131c

    Note that this is purely a hypothetical calculated value, and not a string (so even if MC’s text input allowed 512 characters, this raw block wouldn’t work).
    Essentially, this block represents data, not characters. There is no way to get this block into a usable form to test in Java (hex to string will not work properly due to data loss conversions). But when put through your encrypt() method, the raw data represented by this block will result in a matching hash with one of the eight passwords.

    This block took several minutes to calculate, so there could theoretically be longer strings that collide with your passwords. For time purposes, my algorithm stops at collisions that are greater than 512 characters in length.

    I just tested all 8 passwords in RR singleplayer and they work :)
    (That representative disk makes a killer light show!)

    OrchfaceImage result for nuclear mushroom cloud

    #19820
    brolan22 Profile Avatar
    brolan22
    717
    Reputation
    0
    Credits
    3142 posts

    well shoot

     

    Avoid profanity please. ~Frosti

    #19821

    Oh hey Brolan, what’s up dude?

    ∞ lukep11804 ∞

    Rival Rebels Favorite Zombie Pigman

    #20273
    autogolazzo Profile Avatar
    autogolazzo
    368
    Reputation
    0
    Credits
    1490 posts

    <p style=”text-align: right;”>Hey everyone. I’m surprised. I was actually working on my own RR password cracking algorithm. It’s pathetic compared to this one; it just brute forces with every possible lowercase alpha string of a given length. It took about 70 minutes to find the 7 letter code. I’ll have to try yours.</p>
    <p style=”text-align: right;”>-Ethan</p>

    #20274

    HE’S ALIVE

    lol hi auto welcome back

    ∞ lukep11804 ∞

    Rival Rebels Favorite Zombie Pigman

    #20285
    autogolazzo Profile Avatar
    autogolazzo
    368
    Reputation
    0
    Credits
    1490 posts

    Hey lukep :)

    I cracked 7 of the 8 passwords. For some reason, I haven’t been able to crack the first officer password. I’m working on it. I used a java program to undo the (very annoying) getString(). I then took the hashes generated from that and put them into http://md5decrypt.net .  It worked fine for every code, except said officer code.

    #20286

    I can learn C+ and Python( meh I am okay) but can’t quite figure out java could some one start giving lessons?

    All of your bas are belong to us.

    #20291
    autogolazzo Profile Avatar
    autogolazzo
    368
    Reputation
    0
    Credits
    1490 posts

    Cracked 8 of 8! Had to use a different hash decryption site for the last one.

    Titancon – I learned using both online resources and in-school resources (AP Computer Science). I don’t have the item or incentive to teach anyone, but there are plenty of online resources :)

    #20292
    Rodol Profile Avatar
    Rodol
    1858
    Reputation
    0
    Credits
    3055 posts

    Hey Auto! That’s great! Its quite amazing the stuff thats possible in computer sciences.

    ⋰⋮RODOL⋮⋱
    #20359

    I plan on taking computer science in the future and to learn these things as I progress. However, I’m trying to start off early. Does anyone have any suggestions on where I should actually begin? This would bring great pleasure to me, thanks!

    Warning: SEIZURE ALERT
    #20360
    Rodol Profile Avatar
    Rodol
    1858
    Reputation
    0
    Credits
    3055 posts

    If I was starting fresh today, I would start with something fun, hands on, and with instant feedback (like modding once was, but is no more). I recently got one of my friends into CS by introducing them to GLSL, aka shader or gpu code. Its very satisfying and math loaded (Don’t let math scare you, math rules). ShaderToy is a nice WebGL shader community, look at shadertoy.com. They let you open any shader and modify the code real time and see visual results, in contrast with all the languages that require long set ups, compiling, and no nice graphical results, only boring text xD

    ⋰⋮RODOL⋮⋱
  • I eat MD5 for breakfast
Viewing 22 posts - 1 through 22 (of 22 total)

You must be logged in to reply to this topic.