08-14-2025, 12:54 PM
(08-14-2025, 11:54 AM)atom Wrote: This could be interesting from forensic perspective. Would you like to share the details? Like Vendor/Model and the algorithm difference to 24900. Then we could make this a real hash mode for hashcat. Maybe you can generate a hash on that device with password "hashcat" so we can use this as a self-test.
Only difference I found is the masking.
Camera is Besder AliExpress special, using xmey firmware.
The hash in question is U-Boot pre Linux Kernel load password.
So technically that is U-Boot 4.something hash, not necessarily Besder/xmey specific
I tried skipping password verification by replacing funcion call with r0 load - CRC error on boot
Same for injected hash.
But CRC compare function grabs it from address before mapped firmware area...