You might want to rethink that, and save yourself some time. A method I've recently been playing around with, and have found to work quite nicely, doesn't involve converting their code at all. If you're able to load one of their lockdown files into your app's address space, and are able to create function pointers, then you might want to put two and two together. :P
Here's a quick example app, and ida database for one of the lockdown files.
Download (http://rafm.org/files/checkrevision%20studies.rar)
Taken from my lockdown implementation:
http://www.userloser.org/stuff/StandardHashingAlgorithm.cpp
http://www.userloser.org/stuff/StandardHashingAlgorithm.h
Quote from: betawarz on May 01, 2007, 08:04 PM
You might want to rethink that, and save yourself some time. A method I've recently been playing around with, and have found to work quite nicely, doesn't involve converting their code at all. If you're able to load one of their lockdown files into your app's address space, and are able to create function pointers, then you might want to put two and two together. :P
Here's a quick example app, and ida database for one of the lockdown files.
Download (http://rafm.org/files/checkrevision%20studies.rar)
Is lockdown's SHA-1 nonstandard?
And whose code are you talking about?
Quote from: MyndFyre[vL] on May 02, 2007, 11:25 AM
Quote from: betawarz on May 01, 2007, 08:04 PM
You might want to rethink that, and save yourself some time. A method I've recently been playing around with, and have found to work quite nicely, doesn't involve converting their code at all. If you're able to load one of their lockdown files into your app's address space, and are able to create function pointers, then you might want to put two and two together. :P
Here's a quick example app, and ida database for one of the lockdown files.
Download (http://rafm.org/files/checkrevision%20studies.rar)
Is lockdown's SHA-1 nonstandard?
That's what I was wondering too.
Did anyone even look at the code I posted or take a hint from the filenames?
Quote from: UserLoser on May 02, 2007, 12:17 PM
Did anyone even look at the code I posted or take a hint from the filenames?
Sorry, I don't know SHA-1 well enough to determine whether the implementation is standard just by taking a look at your code. I mean, if I sat down and spent 15-20 minutes comparing it against the RFC I'm sure I could. But if that's your question, no, I haven't.
As to the filenames as "hints" why would you bother posting a standard, well-known algorithm? Hence why I asked. :P
Quote from: MyndFyre[vL] on May 02, 2007, 12:50 PM
Quote from: UserLoser on May 02, 2007, 12:17 PM
Did anyone even look at the code I posted or take a hint from the filenames?
Sorry, I don't know SHA-1 well enough to determine whether the implementation is standard just by taking a look at your code. I mean, if I sat down and spent 15-20 minutes comparing it against the RFC I'm sure I could. But if that's your question, no, I haven't.
As to the filenames as "hints" why would you bother posting a standard, well-known algorithm? Hence why I asked. :P
The question should be, why is warz wasting his time loading a library, searching for the address of a function, and calling it when he could just get the open source free code off the internet (or write his own).
I figured posting it would save everyone the time, stress and effort
Could have sworn somewhere down the road I was told it wasn't a standard implementation, so I never spent time looking at it. I just figured whoever told me was correct, because it was from a reliable source, which sort of confuses me. After looking at it though, for a few minutes, it does use all the same constant values, and looks to be a regular sha1.
Quote from: betawarz on May 02, 2007, 02:29 PM
Could have sworn somewhere down the road I was told it wasn't a standard implementation, so I never spent time looking at it. I just figured whoever told me was correct, because it was from a reliable source, which sort of confuses me. After looking at it though, for a few minutes, it does use all the same constant values, and looks to be a regular sha1.
Who told you this?
OK, so this has nothing to do with actually implementing Lockdown, just SHA-1 for it?
Most of bnet uses a Broken SHA that LShifts instead of RShifts and uses different values. Lockdown uses the original SHA-1. Apparently, it's in the DLLs, and it's being noted you can call it instead of doing it yourself. Not sure why you'd want to...
This reminds me... I can't seem to find a good copy of the Broken SHA-1 function in VB6. The one copy I found on here uses some odd functions that aren't explained.
Why not find a version in another language and convert that to *shudder* VB?
I was under the impression that Lockdown had a non-standard implementation of SHA-1, like Blizzard's BrokenSHA-1 because IIRC when I looked at warz's incomplete work it consisted of him converting the file hashing functions from ASM to C++. Heh.
But anyways, if it's just the standard SHA-1 algorithm I guess I'll take another crack at lockdown after I finish this goddamn week... finals blow.
No, it is standard. The only thing wrong with the "broken" SHA1 is they swapped the values for the bitwise rotations to the left, otherwise it's the same thing--a standard SHA1.
To MyndFyre: to implement lockdown you need to use SHA1 :o
Quote from: UserLoser on May 02, 2007, 06:19 PM
No, it is standard. The only thing wrong with the "broken" SHA1 is they swapped the values for the bitwise rotations to the left, otherwise it's the same thing--a standard SHA1.
I'm fairly certain they changed at least one of the four values at the beginning, too...
Quote from: Warrior on May 02, 2007, 05:41 PM
Why not find a version in another language and convert that to *shudder* VB?
Cause I haven't found a good copy that doesn't use some other functions. Found a Java copy that used some Packet buffer class that I couldn't find, and all the C++ copies I find use some functions I don't know.
Quote from: UserLoser on May 02, 2007, 03:23 PMWho told you this?
Not sure if he'd want me to say, but his reply was the following...
QuoteIt is non-standard. Standard SHA1 of "The quick brown fox jumps over the lazy dog" is 2f d4 e1 c6 7a 2d 28 fc ed 84 9e e1 bb 76 e7 39 1b 93 eb 12. Lockdown's is a8 68 fb 6c 0d 95 c4 8d 03 7e 9f 08 ce 6e 42 00 fd 43 5f a4.
@Reality: Then learn how it works. UL posted SHA1, port it then break it.
Quote from: betawarz on May 02, 2007, 06:59 PM
Quote from: UserLoser on May 02, 2007, 03:23 PMWho told you this?
Not sure if he'd want me to say, but his reply was the following...
QuoteIt is non-standard. Standard SHA1 of "The quick brown fox jumps over the lazy dog" is 2f d4 e1 c6 7a 2d 28 fc ed 84 9e e1 bb 76 e7 39 1b 93 eb 12. Lockdown's is a8 68 fb 6c 0d 95 c4 8d 03 7e 9f 08 ce 6e 42 00 fd 43 5f a4.
I'm gonna guess iago, and how did he come up with lockdown's version there?
No, it wasn't iago. Not sure how he's producing those, but I too am producing results that differ from a standard sha1 implementation, using the method i described above.
Quote from: Warrior on May 02, 2007, 07:10 PM
@Reality: Then learn how it works. UL posted SHA1, port it then break it.
The links don't work for me...
It's not standard SHA1.
Quote from: iago on May 03, 2007, 10:51 AM
It's not standard SHA1.
...
Who to believe >_<;
Quote from: Sorc.Polgara on May 03, 2007, 12:51 PM
Quote from: iago on May 03, 2007, 10:51 AM
It's not standard SHA1.
...
Who to believe >_<;
It isn't standard. Userloser said he was wrong on bnet yesterday, and that there's a few changes in the SHA1Final routine, apparently.
Still can't nav to UL's links in the second post :( .
Anyways, I updated the program linked in the first post (source included). You can modify the code to pass whatever you like through the appropriate hasher. You can see the example "The quick brown fox jumps over the lazy dog" result.
The only difference I have found with the lockdown implementation of SHA1 is in the SHA1Final procedure. I have just completed reversing this function.
http://www.onlythechosen.com/sha1_ld.zip
Enjoy.
Just one question, has anyone confermed that the 64-byte buffer in Final stays constant throughout the eintire process?
~Hdx
Quote from: Hdx on May 07, 2007, 12:11 PM
Just one question, has anyone confermed that the 64-byte buffer in Final stays constant throughout the eintire process?
~Hdx
im pretty sure it is. look at the above code, and see what rob has done.
Quote from: rob on May 07, 2007, 04:12 AM
The only difference I have found with the lockdown implementation of SHA1 is in the SHA1Final procedure. I have just completed reversing this function.
http://www.onlythechosen.com/sha1_ld.zip
Enjoy.
Thank you sir.