Wednesday, October 22, 2008

bug in iam-alt makes it fail completely (easy to fix)

Thanks to 'nop' that posted this question in the hexale forums I've found a bug in iam-alt.c that makes it fail miserably every single time :). my bad.

So, if you're having issues with iam-alt.exe where you pass to it a hash, and it says it has successfully changed it in memory, but then you run whosthere/whosthere-alt and the hash you see is nothing like the original hash you provided to iam-alt.exe the source of this issue is this bug.

the bug is very easy to fix, if you want to fix it yourself, you just need to modify the following:

In pshtoolkit_v1.4-src\iam-alt\iam-alt.c:

line 332:
change
memset(nums, 'x00', 3);
for
memset(nums,'\x00',3);

line 337:
change
memset(nums, 'x00', 3);
for
memset(nums,'\x00',3);

and that's it! (feel free to modify the memset() call to include your desired representation of the byte value 0 :))

This fix is gonna be included in the next release; if you're in a hurry and for some reason want to fix this immedately and cannot re-compile the tool by yourself, drop me an email and I'll send youthe fixed version of iam-alt.exe.

No comments: