-1

I've found a function which takes as input an ASCII type string and return a value (as string). Doing some strings on the DLL I was able to find a couple of keys, however I would like to discover other possibilities.

The function is:

long    GetValue(LPCSTR in_key, LPSTR out_value, long in_buflen);

to test the key is valid:

char buf[512];
long ret;
const char ref[] = "ABC";
ret = GetValue(ref, b, 512);
if( ret )
  {
  printf( "Ok: [%s -> %s]\n", ref, b );
  }

Doing exhaustive search is too slow. What tools can I use (I am on linux+wine) to setup a dictionary based attack on this function ?

So far all keys I've found are upper Camel Case (no space).

tibar
  • 375
  • 4
  • 18

1 Answers1

2

Dictionary attacks are not good for this. It is not uncommon for the key to be generated during execution, preventing you from finding the correct key (as it is not written in the binary).

I think that the best way to do that is follow the binary's execution stepping over at first sight (to get a better idea of that piece of code) and only then go stepping into the calls.

If you're lucky (and the developer was lazy), you will find a point where the key is strcmp'ed (or something like that) with the input string, relieving you from the task of digging deep into the key generation algorithm.

DarkLighting
  • 198
  • 1
  • 3