Thanks to 'nop' that posted this question in the hexale forums I've found a bug in iam-alt.c that makes it fail miserably every single time :). my bad.
So, if you're having issues with iam-alt.exe where you pass to it a hash, and it says it has successfully changed it in memory, but then you run whosthere/whosthere-alt and the hash you see is nothing like the original hash you provided to iam-alt.exe the source of this issue is this bug.
the bug is very easy to fix, if you want to fix it yourself, you just need to modify the following:
In pshtoolkit_v1.4-src\iam-alt\iam-alt.c:
line 332:
change
memset(nums, 'x00', 3);
for
memset(nums,'\x00',3);
line 337:
change
memset(nums, 'x00', 3);
for
memset(nums,'\x00',3);
and that's it! (feel free to modify the memset() call to include your desired representation of the byte value 0 :))
This fix is gonna be included in the next release; if you're in a hurry and for some reason want to fix this immedately and cannot re-compile the tool by yourself, drop me an email and I'll send youthe fixed version of iam-alt.exe.
No comments:
Post a Comment