September 17th, 2010, 09:47 AM
Obtaining Password For Firebird Database
I use a piece of software which stores it's data in a firebird database backend. I would like to have raw access to the database but the software stores it's connection settings internally and I can find no way to discover what they are. I have used WireShark to sniff the username and what I believe to be the password but it doesn't appear to work for connecting to the database. I wonder how the password is sent during a connection attempt, is it hashed? What algorithm is used? Any suggestions on how I might recover the password? I have attempted to use Hydra by THC with no success.
September 18th, 2010, 12:18 AM
You could try to disassamble that software with OllyDbg 2.0 or W32Dasm (both are free, i prefer the first one) softwares and there is a big chance that you will find the initial password at the names or constants space unencrypted.
If you are not familiar with these things then you simply install an FB server (recommended the same version as the software uses) and open the database with your own password.
September 22nd, 2010, 01:42 PM
I had a fiddle with OllyDbg but didn't have any luck finding the raw password, I've had a bit of an investigation and found some code which hashes the password between the connecting client and the firebird server. Next step is to decypher the code and see if I can reverse it!
void buildKey( char * pass )
int len = (int)strlen(pass);
if ( !len )
unsigned char p=0;
char * beg = securityKey;
char * end = beg + sizeof(securityKey);
int off = 0;
while ( beg < end )
char * ch1 = pass + off % len;
char * ch2 = pass + off++ % len;
*beg++ = (char)(*ch1 * (p + (0x11 * (*ch1 + off))) + *ch2);