Autor Thema: Notes.id  (Gelesen 2335 mal)

Offline Dr_Notes

  • Frischling
  • *
  • Beiträge: 9
  • Geschlecht: Männlich
Notes.id
« am: 01.02.02 - 08:18:44 »
Hallo zusammen,

hat schon jemand mal was gehört/gelesen im Zusammenhang mit "Cracken einer Notes.id"?
Gibt es oder gab es mal Versuche?

Gruß DN
« Letzte Änderung: 01.01.70 - 01:00:00 von 1034200800 »
Gruß D_N

Offline _Arne_

  • - Admin Section -
  • Freund des Hauses!
  • Gold Platin u.s.w. member:)
  • *****
  • Beiträge: 992
  • Geschlecht: Männlich
  • Devops Because Even Developers Need Heroes
    • Das Lotus Notes Forum
Re: Notes.id
« Antwort #1 am: 01.02.02 - 08:26:16 »
Hi, hatte mich schonmal umgesehen anscheinend nicht zu machen (zmnd nicht für normale Admins) ..

Gruß,
Arne  8)
« Letzte Änderung: 01.01.70 - 01:00:00 von 1034200800 »

Offline NotesBug

  • Aktives Mitglied
  • ***
  • Beiträge: 129
  • Geschlecht: Männlich
  • Accept it, it is Notes !
Re: Notes.id
« Antwort #2 am: 06.02.02 - 10:17:43 »
Da gab es mal eine Seite, aber die scheint inzwischen tot zu sein.

http://www.landofsilence.com/id.html

Password Recovery in Lotus Notes (or How to crack ID files)

Summary

Although the project is not over, here is some stuff on recovering password from ID file. You may also want to get a look at the paper "Lotus Notes Cracking Library"

I've seen alot of discussion in the past about whether the password was stored in the ID or not. The conclusion I came up with up to now is that it is not. However, there is a part in the ID used by Lotus Notes to determine if the password is good or not. This part is located at offset 0xD8 and is 56 bytes (0x38) long in most case. We'll call this part P.

What follows is a very short summary of how Lotus Notes determine if a password is valid for a specified ID:

1- HASH = H(PASSWORD) [HASH is 16 bytes long]
2- MAC = M(HASH) [MAC is 8 bytes long]
3- KEY128 = MAKEKEY(MAC) [KEY128 is 128 bytes long]
4- KEY256 = EXPAND(KEY128) [KEY256 is 256 bytes long]
5- USE KEY256 and 16 bytes from P to compute checksum #1
6- USE KEY256 and 48 bytes from P to compute checksum #2
7- IF checksum #1 == checksum #2 THEN password is valid
By looking carefully, you can see in step #2 and #3 that you only need to brute-force 64 bits to unlock ID of any password length. Although 64 bits is still considerable, Lotus could have used the output of step #1 as input to step #3 instead of using output of step #2.

Also, it means that there is collisions: two passwords could possibly computes to the same MAC. In fact, I did a program to compute all HASH that output the same MAC. The interesting fact is not that there is collision (because it is normal to have collisions when using 128 bits to generate 64 bits), but that you can calculate them. More to come about this.

Look at the following:

<Hier gehört noch ein Bild aus einer DOS Box rein, war aber im Forum nicht möglich>


Output of TDict is the MAC (in this case, CA9E5C7BE399DE3D = intrusion).

Up to now, I can test around 80,000 passwords per second on a Celeron 650. No optimization has been done yet.

This has been tested on a ID having a single password (as opposed to multiple password) and that has been generated by a Domino server.

signed,
_ck

« Letzte Änderung: 01.01.70 - 01:00:00 von 1034200800 »

 

Impressum Atnotes.de  -  Powered by Syslords Solutions  -  Datenschutz