#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2010
    Posts
    2
    Rep Power
    0

    Obtaining Password For Firebird Database


    I use a piece of software which stores it's data in a firebird database backend. I would like to have raw access to the database but the software stores it's connection settings internally and I can find no way to discover what they are. I have used WireShark to sniff the username and what I believe to be the password but it doesn't appear to work for connecting to the database. I wonder how the password is sent during a connection attempt, is it hashed? What algorithm is used? Any suggestions on how I might recover the password? I have attempted to use Hydra by THC with no success.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2006
    Posts
    205
    Rep Power
    14
    You could try to disassamble that software with OllyDbg 2.0 or W32Dasm (both are free, i prefer the first one) softwares and there is a big chance that you will find the initial password at the names or constants space unencrypted.


    If you are not familiar with these things then you simply install an FB server (recommended the same version as the software uses) and open the database with your own password.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2010
    Posts
    2
    Rep Power
    0
    I had a fiddle with OllyDbg but didn't have any luck finding the raw password, I've had a bit of an investigation and found some code which hashes the password between the connecting client and the firebird server. Next step is to decypher the code and see if I can reverse it!

    Code:
    void buildKey( char * pass )
    	{
    		int len = (int)strlen(pass);
    
    		if ( !len )
    			return;
    
    		unsigned char p=0;
    		char * beg = securityKey;
    		char * end = beg + sizeof(securityKey);
    		int off = 0;
    
    		while ( beg < end ) 
    		{
    			char * ch1 = pass + off % len;
    			char * ch2 = pass + off++ % len;
    			*beg++ = (char)(*ch1 * (p + (0x11 * (*ch1 + off))) + *ch2);
    		}
    	}

IMN logo majestic logo threadwatch logo seochat tools logo