This is a C function to crack SecureW2 hashes, which are stored in the windows registry in the "SoftwareSecureW2MethodsDefaultProfilesDEFAULTCredentialsUserPassword" key. Change the last DEFAULT with the username, if you need to. The hash looks like this:

4C4626383636374644375043514458344D...(truncated)

Two characters make one character and every other combined character is added crap. It's much more clearer with this schematic:

4C | 46 | 26 | 38 | 36 | 36 | 37 | 46 | 44 | 37 | 50 | 43 | 51 | 44 | 58 | 34 | 4D...(truncated)

Where the normal parts are useless, the bold ones are the individual characters in the hash.

This function is used in a loop, where you feed it the individual non-crap characters through the hashChar argument, and the corresponding characters from the key below as keyChar.

   /* This returns the cracked character from the cleaned hash.
       arguments:
       char hashChar: the current character taken from the hash
       char keyChar: the current character taken from the key
   */
   char crackCharacter(char hashChar, char keyChar)
   {
       return hashChar + (keyChar - ((hashChar & keyChar) << 1 ));
   }

The key:

8CEC31209B238FA76D0E0613248C6B3C3E4ABE6619C2CD51E610FD4E1B51BAC7F4E5847CD6A9

This is split the same way the hash is split (8C | EC | 31 etc), but without the added crap.


Comments