07-31-2010, 07:24 PM
Hello, I've tried hashcat and it's a really interesting program supporting many algorithms. Congratulation for it.
I've been interested in making such a program specialized for cracking PSP NID, but since you're accepting requests and you've got lots of functionalities it could be great if you add it to the supported hashing functions.
Everything is explained there : http://my.malloc.us/silverspring/nid-explained/
To summarize, a NID is a hash of a function name visible in the libraries Sony distributes used for dynamic linking. It's made by the first 4 bytes of the SHA1 hash in little endian (reversed).
The goal is to find the function name of some shared libraries to use them in homebrews or by emulators like the one I'm working on called Jpcsp.
Usually, we manage to find the function name using a dictionary attack with a fixed prefix corresponding to the library we're targeting. The attack program then tries all the variations up to 4 words of the dictionnary to find matches. Sure, the hack is weak and there are some collisions but a developer can easily figure the good matches.
For example : "sceIo" for prefix and a dictionary with words like "Open" "Close" "Read" "File" "Dir"...
Such a program exists and is called nidattack that you can find there : http://psp.jim.sh/svn/filedetails.php?re...c%2Fmain.c
If hashcat supported this kind of hashes, it would help to search for function names a lot with bigger dictionaries with a prefix and maybe 4/5 names. It's slow on a CPU but it can be blazing fast on GPU.
Tell me if you have some questions about it, I'd be glad to answer them !
I've been interested in making such a program specialized for cracking PSP NID, but since you're accepting requests and you've got lots of functionalities it could be great if you add it to the supported hashing functions.
Everything is explained there : http://my.malloc.us/silverspring/nid-explained/
To summarize, a NID is a hash of a function name visible in the libraries Sony distributes used for dynamic linking. It's made by the first 4 bytes of the SHA1 hash in little endian (reversed).
The goal is to find the function name of some shared libraries to use them in homebrews or by emulators like the one I'm working on called Jpcsp.
Usually, we manage to find the function name using a dictionary attack with a fixed prefix corresponding to the library we're targeting. The attack program then tries all the variations up to 4 words of the dictionnary to find matches. Sure, the hack is weak and there are some collisions but a developer can easily figure the good matches.
For example : "sceIo" for prefix and a dictionary with words like "Open" "Close" "Read" "File" "Dir"...
Such a program exists and is called nidattack that you can find there : http://psp.jim.sh/svn/filedetails.php?re...c%2Fmain.c
If hashcat supported this kind of hashes, it would help to search for function names a lot with bigger dictionaries with a prefix and maybe 4/5 names. It's slow on a CPU but it can be blazing fast on GPU.
Tell me if you have some questions about it, I'd be glad to answer them !