The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘md5’ Category

The Blast-RADIUS bomb logo reminded me of “Kaputt” in the original Castle Wolfenstein game

Posted by jpluimers on 2024/07/12

There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.

The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):

The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at

[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf

Screenshot

The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.

Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.

Back to Blast RADIUS

Read the rest of this entry »

Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »

“error: invalid object 100644” “git svn”

Posted by jpluimers on 2020/07/14

A while back, while using “git svn”, on a Windows system, I got [Archive.is“error: invalid object 100644” “git svn” – Google Search after statements like this:

# git svn rebase
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

# git svn fetch
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

In my case, regular git operations (like branching, committing, pushing, etc) worked fine, but git svn would fail.

One problem was that [Archive.is“error: refs/remotes/git-svn does not point to a valid object” – Google Search only returned one un-meaningful result: [WayBack] gist:87613 · GitHub.

Luckily, I had a backup (though it was from a while ago as that VM had not been in use for quite some time) which is the first part in [WayBack] Git FAQ – Git SCM Wiki: How to fix a broken repo?.

Since I was still interested finding out how to resurrect, just in case this happens at a time the backups do not go back far enough, I tried the steps below.

The very first fixing step is to ensure you can quickly restore things, or even better: operate on a copy of the broken pieces. On Windows, robocopy /mir is my friend for this, in Linux rsync -avloz (although on some systems, -z crashes).

TL;DR from the fixing steps

Find out what problems you have, and in which order to fix them. Otherwise you will break more stuff and take longer to fix it.

In this case, two things failed: one on the git side, and one on the git svn side. Since git svn depends on git, the best approach is to fix the git problem first, then the git svn thing.

Fixing this manually try 1

Read the rest of this entry »

Posted in CertUtil, Development, DVCS - Distributed Version Control, git, Hashing, md5, Power User, Security, SHA, SHA-1, SHA-256, SHA-512, Software Development, Source Code Management, Subversion/SVN, Windows | Leave a Comment »

A cheat-sheet for password crackers

Posted by jpluimers on 2018/07/30

Interesting: [WayBackA cheat-sheet for password crackers

Via: [WayBackJoe C. Hecht – Google+

–jeroen

Posted in *nix, *nix-tools, Hashing, md5, Power User, Security, SHA, SHA-256, SHA-512 | Leave a Comment »

OpenSuSE Tumbleweed – testing the password of any user with getent and openssl

Posted by jpluimers on 2017/06/21

For one of my VMs I forgot to note which of the initial password I had changed, so I wanted to check them.

Since I didn’t have a keyboard attached to the console and ssh wasn’t allowing root, I needed an alternative than actual login to test the passwords.

Luckily /etc/shadow, with getent and openssl came to the rescue.

Since getent varies per distribution, here is how it works on OpenSuSE:

Read the rest of this entry »

Posted in *nix, *nix-tools, ash/dash, bash, bash, Development, Encoding, Hashing, Linux, md5, openSuSE, Power User, Scripting, Security, SHA, SHA-256, SHA-512, Software Development, SuSE Linux | Leave a Comment »

~650-thousand accounts exposed because of md5 hashing: Font sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

Posted by jpluimers on 2017/05/19

Over 98 percent of the passwords were cracked, thanks to the site’s poor password security.

No this isn’t just the hacked font

Source: [WayBackFont sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

via: [Archive.isFont Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts – Slashdot

–jeroen

Read the rest of this entry »

Posted in Encryption, Hashing, md5, Power User, Security | Leave a Comment »

Hash Toolkit – Reverse MD5 / SHA1 Hashes

Posted by jpluimers on 2015/11/11

Interesting: Hash Toolkit – Reverse MD5 / SHA1 Hashes

They generate and allow you to generate various hashes, and store both the hash and original so you can reverse it.

Not meant for production data, but an approach for verifying if you do hashing correctly.

–jeroen

via: Hash Toolkit – Reverse MD5 / SHA1 Hashes.

Posted in Development, Hashing, md5, Power User, Security, Software Development | Leave a Comment »

Mac OS X: Replicating md5sum Output Format (via: Raam Dev)

Posted by jpluimers on 2015/02/18

Mac OS X has md5, but no md5sum.

I agree with Mac OS X: Replicating md5sum Output Format that the second way of emulating md5 is better than the first one.

So here it is:


#!/bin/bash
/sbin/md5 -r "$@"

view raw

md5sum.bash

hosted with ❤ by GitHub

–jeroen

via: Mac OS X: Replicating md5sum Output Format – Raam Dev

Posted in Apple, bash, Development, Hashing, Mac, Mac OS X / OS X / MacOS, Mac OS X 10.4 Tiger, Mac OS X 10.5 Leopard, Mac OS X 10.6 Snow Leopard, Mac OS X 10.7 Lion, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, md5, OS X 10.8 Mountain Lion, Power User, Scripting, Security, Software Development | Leave a Comment »

Delphi – MD5: the MessageDigest_5 unit has been there since Delphi 2007

Posted by jpluimers on 2009/12/11

I still see a lot of people crafting their own MD5 implementation.
A lot of the existing MD5 implementations do not work well in Delphi 2009 and later (because they need to be adapted to Unicode).
Many of those existing implementations behave differently if you pass the same ASCII characters as AnsiString or UnicodeString.

The MessageDigest_5 unit has been available in Delphi since Delphi 2007.
This is the location relative to your installation directory: source\Win32\soap\wsdlimporter\MessageDigest_5.pas

(Edit: 20091223:  Since Delphi 7.01, Indy has provided the unit IdHashMessageDigest which also does md5, see the comments below)

So this unit used by the WSDL, and more importantly: works with Unicode (if you pass it a string with Unicode characters, it will convert them to UTF-8 first).
The unit is not in your default search path, and has not been very well promoted (the only link at the Embarcadero site was an article by Pawel Glowacki), so few people know about it.

Now you know too :-)

Note that MD5 is normally used to hash binary data.
It is not wise to send a non ASCII string through both the AnsiString and UnicodeString versions: because of the different encoding (and therefore a different binary representation), you will get different results depending on the Delphi version used.

A sample of the usage showing the above AnsiString/UnicodeString issue is not present for ASCII strings, nor for ANSI strings: this is because both get encoded using UTF-8 before hashing.
Delphi 2007 did not do the UTF-8 encoding, so you will see different results here.
You will also see that Writeln uses the Console for encoding, and those are different than the code editor.

Edit: 20091216 – added RawByteString example to show that the conversion does not matter.

<br />program md5;<br /><br />{$APPTYPE CONSOLE}<br /><br />uses<br /><%%KEEPWHITESPACE%%>  SysUtils,<br /><%%KEEPWHITESPACE%%>  MessageDigest_5 in 'C:\Program Files\Embarcadero\RAD Studio\7.0\source\Win32\soap\wsdlimporter\MessageDigest_5.pas';<br /><%%KEEPWHITESPACE%%>  // Vista/Windows 7: MessageDigest_5 in 'C:\Program Files (x86)\Embarcadero\RAD Studio\7.0\source\Win32\soap\wsdlimporter\MessageDigest_5.pas';<br /><br />function GetMd5(const Value: AnsiString): string; overload;<br />var<br /><%%KEEPWHITESPACE%%>  hash: MessageDigest_5.IMD5;<br /><%%KEEPWHITESPACE%%>  fingerprint: string;<br />begin<br /><%%KEEPWHITESPACE%%>  hash := MessageDigest_5.GetMD5();<br /><%%KEEPWHITESPACE%%>  hash.Update(Value);<br /><%%KEEPWHITESPACE%%>  fingerprint := hash.AsString();<br /><%%KEEPWHITESPACE%%>  Result := LowerCase(fingerprint);<br />end;<br /><br />function GetMd5(const Value: UnicodeString): string; overload;<br />var<br /><%%KEEPWHITESPACE%%>  hash: MessageDigest_5.IMD5;<br /><%%KEEPWHITESPACE%%>  fingerprint: string;<br />begin<br /><%%KEEPWHITESPACE%%>  hash := MessageDigest_5.GetMD5();<br /><%%KEEPWHITESPACE%%>  hash.Update(Value);<br /><%%KEEPWHITESPACE%%>  fingerprint := hash.AsString();<br /><%%KEEPWHITESPACE%%>  Result := LowerCase(fingerprint);<br />end;<br /><br />var<br /><%%KEEPWHITESPACE%%>  SourceAnsiString: AnsiString;<br /><%%KEEPWHITESPACE%%>  SourceUnicodeString: UnicodeString;<br /><%%KEEPWHITESPACE%%>  SourceRawByteString: RawByteString;<br /><br />begin<br /><%%KEEPWHITESPACE%%>  try<br /><%%KEEPWHITESPACE%%>    SourceAnsiString := 'foobar';<br /><%%KEEPWHITESPACE%%>    SourceUnicodeString := 'foobar';<br /><%%KEEPWHITESPACE%%>    SourceRawByteString := 'foobar';<br /><br /><%%KEEPWHITESPACE%%>    Writeln(GetMd5(SourceAnsiString));<br /><%%KEEPWHITESPACE%%>    Writeln(GetMd5(SourceUnicodeString));<br /><%%KEEPWHITESPACE%%>    Writeln(GetMd5(SourceRawByteString));<br /><br /><%%KEEPWHITESPACE%%>    SourceAnsiString := 'föøbår';<br /><%%KEEPWHITESPACE%%>    SourceUnicodeString := 'föøbår';<br /><%%KEEPWHITESPACE%%>    SourceRawByteString := 'föøbår';<br /><%%KEEPWHITESPACE%%>    Writeln(SourceAnsiString, ' ', GetMd5(SourceAnsiString));<br /><%%KEEPWHITESPACE%%>    Writeln(SourceUnicodeString, ' ', GetMd5(SourceUnicodeString));<br /><%%KEEPWHITESPACE%%>    Writeln(SourceRawByteString, ' ', GetMd5(SourceRawByteString));<br /><%%KEEPWHITESPACE%%>  except<br /><%%KEEPWHITESPACE%%>    on E: Exception do<br /><%%KEEPWHITESPACE%%>      Writeln(E.ClassName, ': ', E.Message);<br /><%%KEEPWHITESPACE%%>  end;<br />end.<br />


–jeroen

Posted in Delphi, Development, Encoding, Hashing, md5, Power User, Security, Software Development, Unicode, UTF-8, UTF8 | 28 Comments »