Thread: One Function MD5
View Single Post
  #1  
Old 02-06-2009, 03:18 AM
Alkatraz Alkatraz is offline
Administrator
  
Join Date: Jan 2007
Posts: 72
Default One Function MD5
The UC Forum Discussion thread is
http://www.uc-forum.com/forum/showthread.php?t=56361




Credits to uNrEaL


I was bored the other day, and so I figured it was time to toy with Punkbuster a little bit. In doing so, I've uncovered some very, very interesting information. I won't say too much here, but, perhaps this will provoke some very deep discussion about their great spyware, while generating some activity on the board and topic. All I did was log all of the strings that they are passing through their MD5 hashing function. Simple enough, ya? Well. It's extremely interesting about what's going on. Check out some very interesting things that were passed through the function to be MD5'd. This bit is passed through repeatedly on my computer, just while sitting at the menu.

Quote:
Originally Posted by Punkbuster
String: my44uj2eqywgljgp
MD5: 93385DD2B976B1841818AE66018170B4
Hmmm.. Want to know something interesting? That md5 hash, is my account GUID! Hah! Wanna know something even more interesting? The string that was encrypted, was the first 20 characters of my CD-key! Just use your imagination on this one. =] Next bit:

Note: For the sake of my own security and avoiding a hardware ban, I've changed a few characters in this next bit.

Quote:
Originally Posted by Punkbuster
String: [ N90AV26L][TS240527A4 S ][.3HA H ]
MD5: F0C8E96109153A42B2FA637EF61D955F


String: [ W -DCWUA1F117089][DW CDW0600ADSC0-G0B8 1 ][500.C450]
MD5: 9CC28CAE7367f6A6B3630CD7F9549711
Hmm.. Those strings that are passed look one hell of a lot like my Hard Drive serials... Wait, they are! The characters are just swapped!

Analysis:

Character one takes the place of character two, and character two takes the place of character one.
Character three takes the place of character four, and character four takes the place of character three.
etc.

Proof of this...

My first hard drive serial number is: ST4250724AS
My second hard drive serial number is: WDC WD6000DACS-00G8B1

Now, also remember that the hashes of the bytes of the games memory (in large chunks) are read, and then a hash of that is created, and that's what is being sent to the Punkbuster server. Imagine now powerful this function is. This one function, you could quite possibly do GUID faking, Hardware Ban protection, Memory Bypasses (DirectX included), as well as even MD5 scan bypassing. Please, let's get some good discussion going here.

Cheers.
Reply With Quote