PSP NID request - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html) +--- Forum: Feature Requests (https://hashcat.net/forum/forum-7.html) +--- Thread: PSP NID request (/thread-99.html) |
PSP NID request - Orphis - 07-31-2010 Hello, I've tried hashcat and it's a really interesting program supporting many algorithms. Congratulation for it. I've been interested in making such a program specialized for cracking PSP NID, but since you're accepting requests and you've got lots of functionalities it could be great if you add it to the supported hashing functions. Everything is explained there : http://my.malloc.us/silverspring/nid-explained/ To summarize, a NID is a hash of a function name visible in the libraries Sony distributes used for dynamic linking. It's made by the first 4 bytes of the SHA1 hash in little endian (reversed). The goal is to find the function name of some shared libraries to use them in homebrews or by emulators like the one I'm working on called Jpcsp. Usually, we manage to find the function name using a dictionary attack with a fixed prefix corresponding to the library we're targeting. The attack program then tries all the variations up to 4 words of the dictionnary to find matches. Sure, the hack is weak and there are some collisions but a developer can easily figure the good matches. For example : "sceIo" for prefix and a dictionary with words like "Open" "Close" "Read" "File" "Dir"... Such a program exists and is called nidattack that you can find there : http://psp.jim.sh/svn/filedetails.php?repname=psp&path=%2Ftrunk%2Fnidattack%2Fsrc%2Fmain.c If hashcat supported this kind of hashes, it would help to search for function names a lot with bigger dictionaries with a prefix and maybe 4/5 names. It's slow on a CPU but it can be blazing fast on GPU. Tell me if you have some questions about it, I'd be glad to answer them ! RE: PSP NID request - atom - 08-02-2010 ok i understand what you need and this sounds interessting but i will not add this to hashcat because of two reasons. the first is that this "problem" have an ending. so there will be (hopefully) a point in time when you have found all functions and then there is no more need for it. this means a quick hack would do it, too. the other is that it is not of much need for the most hashcat users since hashcat is designed to crack hashes that are made of passwords. if i had some free time i could write a special gpu based version of the program nidattack but i am currently very busy with hashcat. RE: PSP NID request - Orphis - 08-02-2010 I understand your point and understand that you don't have the time nor the need to do it since it's very specialized. Would you mind then sharing some code or accepting patches to implement this feature ? I currently have lot of free time and I'll gladly help you with this. |