FengDe Posted December 21, 2009 Report Share Posted December 21, 2009 Hello, Last month, I writed some vi to calculate the paramaters of the atmospheric. Now, I forgetted the password to accesee the block diagram. I'm wondering a method to remove the password, I don't know about it, so if anyone can help me, or anyone can sure that there is no method to remove the password? Quote Link to comment
Grampa_of_Oliva_n_Eden Posted December 21, 2009 Report Share Posted December 21, 2009 Hello, Last month, I writed some vi to calculate the paramaters of the atmospheric. Now, I forgetted the password to accesee the block diagram. I'm wondering a method to remove the password, I don't know about it, so if anyone can help me, or anyone can sure that there is no method to remove the password? This question comes up often here and elsewhere and the answers (after endurring a series of one-liners about backups, bit buckets, and leasons learned) are always. If you don't have a non-password protected backup version, you are doomed to re-write it. Ben Quote Link to comment
Black Pearl Posted December 21, 2009 Report Share Posted December 21, 2009 There is a tool (search the forums) that is trying brute force attack. If your pw is weak enough, you might give it a try. But it also might be dependend on your LV version, if it is still possible or blocked by the dev enviornment. Felix Quote Link to comment
Francois Normandin Posted December 21, 2009 Report Share Posted December 21, 2009 Hello, Last month, I writed some vi to calculate the paramaters of the atmospheric. Now, I forgetted the password to accesee the block diagram. I'm wondering a method to remove the password, I don't know about it, so if anyone can help me, or anyone can sure that there is no method to remove the password? You have to know that even with a weak password, there's still at least a 100ms lag between each successive password trials... so you might want to follow on Ben's advice and start over. Quote Link to comment
vugie Posted December 22, 2009 Report Share Posted December 22, 2009 You have to know that even with a weak password, there's still at least a 100ms lag between each successive password trials... so you might want to follow on Ben's advice and start over. It is possible to lower this lag down to 10 ms (if memory serves) by writing passwords directly to password cache (there are privete methods for this). Quote Link to comment
FengDe Posted December 22, 2009 Author Report Share Posted December 22, 2009 Thanks, Maybe I have to re-write the vi. thanks for all advise. Quote Link to comment
Guruthilak Posted December 22, 2009 Report Share Posted December 22, 2009 send you vi to local NI and prove them that its your vi..bingo they will do the needful Quote Link to comment
Rolf Kalbermatter Posted December 22, 2009 Report Share Posted December 22, 2009 send you vi to local NI and prove them that its your vi..bingo they will do the needful Wouldn't count on that. In the begin days of the password protection they did that sometimes but after some time they cleanly discontinued that service for all and everyone, because it was unmanageable, unmaintainable, legally very questionable (how to proof that you are the one owning the copyright to it, etc). and simply a to big support burden. Would be surprised if they came back from that decision since. Of course if you do know someone at NI and know their weak spot the above may not apply. Quote Link to comment
hooovahh Posted December 22, 2009 Report Share Posted December 22, 2009 Just my 2 cents, I did experiment was password cracking of VI block diagrams. If the VI is saved in LabVIEW 6.1 or older the possibility of brute force goes up alot. With a VI saved in 6.1 I could over 30,000 passwords a second!!! So lets say you had a VI that was yours, and you knew the password was all lower case, and it was less than 6 characters. It would take less than 3 hours to find the password. Now lets make it realistic and say the password is upper and lower case with numbers, but no special characters, and lets make the password 10 characters. At that rate it would take you 887,134 years to guess every possibility. Keep in mind this is at 30,000 tries a second, if we were using LabVIEW 7.0 or newer we could only get about 10 tries a second. As an example lets say we have a newer VI, 6 characters only lower case. Previously this only took 3 hours to figure out now it takes almost a year. So brute force is only possible with small passwords, and preferable in 6.1 or older. There is a slight possibility that the MD5 of the password could be reversed, but again this is only possible with usually single words that are all lower case as the password. I've only been able to do this with very basic tests. I would set the password as "1234" then I found MD5 of this password "81dc9bdb52d04dc20036dbd8313ed055", then I searched the VI in a hex editor for this key and found the offset. I then made another VI who's password was "abcd". I then opened this VI with a hex editor and took the key found at the offset that the old one was at. This key was "e2fc714c4727ee9395f324cd2e7f331f" I then went to md5Crack.com, and entered my new key and clicked crack that hash. It then said that "abcd" was a key whos MD5 was that key. This method has several flaws. First the offset to the MD5 in the VI is not always in the same place. It can change based on LabVIEW version number, or just the format of the VI may cause the structure to change. But if you got a large enough sample a set of offsets could be used. Another problem with this is that it only works for MD5s that other people have used, and know what the key are. Go here and generate a MD5 by typing in some junk, then copy that MD5 into here and crack the hash. Did it guess the right password? Odds are it said it couldn't guess it. If you stick with one word passwords that are all lower case this method is the fastest to test, but probably the least likely to work. Quote Link to comment
labviewsolutions Posted December 27, 2011 Report Share Posted December 27, 2011 (edited) This method has several flaws. First the offset to the MD5 in the VI is not always in the same place. It can change based on LabVIEW version number, or just the format of the VI may cause the structure to change. But if you got a large enough sample a set of offsets could be used. hooovahh is right. The password is saved as a md5 hash. The problem is that the offset differs from file to file. A few days ago I was looking for a way get the hash from the VI-file. After some time of searching i find this website. There, you can upload a VI file and the page extracts/finds the password-hash. But this site makes me scared because you can simply overwrite the file-password - so no need to crack/brute force the password at all. Happy New Year! Edited December 27, 2011 by labviewsolutions Quote Link to comment
Saverio Posted January 3, 2012 Report Share Posted January 3, 2012 A few days ago I was looking for a way get the hash from the VI-file. After some time of searching i find this website. This was actually discussed in this thread and in this thread. Quote Link to comment
hooovahh Posted January 3, 2012 Report Share Posted January 3, 2012 This was actually discussed in this thread and in this thread. Yeah it was and it was even posted by the same user. It would not surprise me if our labviewsolutions was the owner of the domain. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.