This kid was on my comp once and went on aim and mistakenly saved his pass but the pass doesn't show up, only the ******. And now he's being a dick and talking shit behind my back, so he's gonna get it. For now I changed account email, but its gonna take 72 hrs.

I was wondering if theres any way to recover the pass or if there a hash recovery that I can do and how to do it?

thx

oh he's gonna get it?

i wish i had those 500 funbux for feeling up

Fuck you Boz. I can buy some funbux right now and ban your ass. Stay out of my threads if you are going to be a dick.

stay off out of this forum if your gonna be an idiot

do it jamal ban his ass

go away trolls

jamal DG isn't gonna help in your wanna-be hacker bullshit. you obviously know dick about computers and the innanets, so dont fucking waste your time.

There was/is one other possible way, but you already updated it so you'd might as well wait.

This kid was on my comp once and went on aim and mistakenly saved his pass but the pass doesn't show up, only the ******. And now he's being a dick and talking shit behind my back, so he's gonna get it. For now I changed account email, but its gonna take 72 hrs.

I was wondering if theres any way to recover the pass or if there a hash recovery that I can do and how to do it?

thx

STOP ACTING NEW DUDE!

jamal is a faggot.
/thread

im hoping if he gets the balls to ban me the badmins will let me back in just to push him over the edge

ass kisser

lol, nah, im just not a complete faggot

Im new to Aol.

Anyways.

Boz, I'm making profit off that ebook shit, I sold some so far, when I get extra money, I'm banning your ass.

Peace.

lol, go for it, like im worried about being banned from this website, my life doesnt revolve around DG, its just a cool place with a few cool people

Man when jamal gets this dudes aim pass he can IM his WHOLE BUDDY LIST saying things like "I AM A GAY PERSON AND JAMAL GETS LAID ALL THE TIME BUT I DON'T UNLESS IT'S IN THE BUTT BY DUDES"

Man when jamal gets this dudes aim pass he can IM his WHOLE BUDDY LIST saying things like "I AM A GAY PERSON AND JAMAL GETS LAID ALL THE TIME BUT I DON'T UNLESS IT'S IN THE BUTT BY DUDES"

that'll show him!

This is from 2004. And its now 2008...

If you're on Windows, and your version of AIM is 5.9 or lower

http://tsourceweb.com/files/uaimpass.zip

Get the hash from regedit then use that to convert the AIM hash to md5. Then go to http://md5decrypter.com/ enter the new md5 you just got into the input box and out comes the password (if the password is common). If not, you have to use rainbow tables to crack the md5.

THANKS MX I LOVE YOU!

I got it, I had to use www.passcracking.com

The MD5 site's hash system wasn't good enough.

THANKS MX I LOVE YOU!

faggot ass newbie itt

time to check out

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

A+

lol i don't think theres a way to recover a password like that anymore.

you cant talk shit if your new

cunts

lolol

back in 2k I used to have a program that you dragged soemthing into the window and it turned the pass from stars to actual letters, or copy and paste it into some box, I don't remember.

That was on windows 98 though, someone told me XP has something built in to disallow that stuff

back in 2k I used to have a program that you dragged soemthing into the window and it turned the pass from stars to actual letters, or copy and paste it into some box, I don't remember.

That was on windows 98 though, someone told me XP has something built in to disallow that stuff

haha yeah thats what i was thinking of. but i think that was in the late 90's.

AIM passwords are stored in memory at a specific offset in plaintext.

jamal is a big man now

.686
.model flat,stdcall
include \masm32\include\include\windows.inc
include \masm32\include\stdio.inc
include \masm32\include\msvcrt.inc
Blowfish_SetKey PROTO :DWORD, :DWORD
Blowfish_Encrypt PROTO :DWORD, :DWORD
Blowfish_Decrypt PROTO :DWORD, :DWORD
Blowfish_Clear PROTO
Base64Decode proto pInputStr:DWORD,pOutputData:DWORD
.data
blowfish_key label dword
db 8 dup (0) ; user_salt
db 099h,000h,086h,0A5h,027h,0AAh,09Dh,07Fh
db 058h,0AAh,0AEh,0B9h,00Bh,047h,03Ah,035h
db 0AAh,0E0h,0EAh,095h,066h,0FBh,0E4h,09Fh
db 0CBh,0F7h,016h,01Ch,0A3h,092h,0E6h,01Ch
db 096h,006h,09Bh,05Bh,029h,030h,0BFh,0AFh
db 0ECh,011h,029h,0C8h,089h,05Bh,0B8h,057h
key_len equ $-blowfish_key
format dw 10,'A','I','M','6',' ','P','a','s','s','w','o','r','d',':','%','s',10,0
main proto :dword,:dword
.code
start proc
local stinfo :STARTUPINFO
local bWildCard :dword
local pEnv :dword
local pArgv :dword
local nArgc :dword
mov bWildCard,FALSE
invoke __getmainargs,addr nArgc,addr pArgv,addr pEnv,[bWildCard],addr stinfo
invoke main,nArgc,pArgv
invoke exit,0
start endp
main proc private uses esi ebx edi argc:dword, argv:dword
local b64_aim_pass[64] :byte
local ciphertext[64] :byte
local aim_pass[64] :byte
mov ebx,[argv]
.if [argc] == 2
invoke ZeroMemory,addr ciphertext,64
invoke ZeroMemory,addr aim_pass,64
invoke ZeroMemory,addr b64_aim_pass,64
invoke lstrcpyn,addr b64_aim_pass,dword ptr[ebx+4],48
invoke Base64Decode,addr b64_aim_pass,addr ciphertext
lea esi,[ciphertext]
lea edi,[blowfish_key]
movsd ; 1st 4 bytes of salt
movsd ; 2nd 4 bytes
sub edi,8
invoke Blowfish_SetKey, edi, key_len
lea edi,[aim_pass] ; for plaintext..
mov ebx,24/8 ; decrypt remaining bytes
decrypt_loop:
invoke Blowfish_Decrypt,edi,esi
add esi,8
add edi,8
dec ebx
jnz decrypt_loop
invoke wprintf,addr format,addr aim_pass ; print unicode password
.else
invoke printf,CStr(<10,'Usage:%s <AIM6 PASSWORD STRING>',10>),dword ptr[ebx]
.endif
ret
main endp
.data
align 4
b64table label byte
db 0,42 dup (-1)
db 62; + ; [02Bh]
db 3 dup(-1)
db 63; / ; [02Fh]
db 52,53,54,55,56,57,58,59,60,61; 0..9 ;30-39
db 3 dup(-1)
db 0 ; = ; [03Dh]
db 3 dup(-1)
db 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25; A..Z
db 6 dup(-1)
db 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51; a..z
db 133 dup (-1)
.code
OPTION PROLOGUE:NONE
OPTION EPILOGUE:NONE
Base64Decode proc pInputStr:DWORD,pOutputData:DWORD
push ebp
push esi
push edi
push ebx
mov edi,[esp+1*4][4*4];pInputStr
xor eax,eax
mov esi,edi
.repeat; strlen
mov al,[edi]
add edi,4
test al,al
.until zero?
lea ebp,[edi-4]
mov eax,'='
sub ebp,esi; 4parts
jz @F
cmp al,[esi+ebp-1]; padd?
sete dl
.if zero?;equal?
mov [esi+ebp-1],ah
.endif
cmp al,[esi+ebp-2]
sete al
.if zero?;equal?
mov [esi+ebp-2],ah
.endif
add al,dl
mov edi,[esp+2*4][4*4];pOutputData
shr ebp,2
lea edx,[ebp*2+ebp]
sub edx,eax
push edx; result = length
.repeat
; CCDDDDDD BBBBCCCC AAAAAABB
mov ecx,[esi]
movzx edx,cl
movzx ebx,ch
mov al,[edx+b64table]; ..AAAAAA
mov ah,[ebx+b64table]; ..BBBBBB
shr ecx,16
add esi,4
movzx edx,cl
movzx ecx,ch
mov bl,[edx+b64table]; ..CCCCCC
mov bh,[ecx+b64table]; ..DDDDDD
mov dl,ah
mov dh,bl
shl al,2;AAAAAA..
shr bl,2;....CCCC
shl dh,6;CC......
shl ah,4;BBBB....
shr dl,4;......BB
or bh,dh
or al,dl
or ah,bl
mov [edi+0],al
mov [edi+2],bh
mov [edi+1],ah
dec ebp
lea edi,[edi+3]
.until zero?
pop eax
@@: pop ebx
pop edi
pop esi
pop ebp
ret 2*4
Base64Decode endp
OPTION PROLOGUE:PROLOGUEDEF
OPTION EPILOGUE:EPILOGUEDEF
Blowfish_Decrypt proc uses esi edi ebp ebx ptrOut:DWORD, ptrIn:DWORD
;pushad
mov edi, dword ptr [ptrIn] ;ptrIn
xor ebx, ebx
mov eax, dword ptr [edi ]
mov edx, dword ptr [edi+4]
xor ecx, ecx
mov edi, offset _PBox + 16*4
.repeat
xor eax, dword ptr [edi+4]
rol eax, 16
mov cl, al
mov bl, ah
mov esi, dword ptr [_SBox2+4*ecx]
rol eax, 16
add esi, dword ptr [_SBox1+4*ebx]
mov cl, ah
mov bl, al
xor esi, dword ptr [_SBox3+4*ecx]
add esi, dword ptr [_SBox4+4*ebx]
xor edx, esi
xor edx, dword ptr [edi]
rol edx, 16
mov cl, dl
mov bl, dh
mov esi, dword ptr [_SBox2+4*ecx]
rol edx, 16
add esi, dword ptr [_SBox1+4*ebx]
mov cl, dh
mov bl, dl
xor esi, dword ptr [_SBox3+4*ecx]
add esi, dword ptr [_SBox4+4*ebx]
sub edi, 8
xor eax, esi
cmp edi, offset _PBox
.until zero?
mov esi, dword ptr [ptrOut] ;ptrOut
xor eax, dword ptr [edi+4] ;L = L ^ Pbox[1]
xor edx, dword ptr [edi ] ;R = R ^ Pbox[0]
mov dword ptr [esi+4], eax
mov dword ptr [esi ], edx
;popad
ret ;8
Blowfish_Decrypt endp

ahhh f it
here

ps. i have asm add coding style so sush

But jamal you're pretty new so that won't do you much good. You're better off googling "Free aim password recovery tool"

theres also some program that will remove any *** on any screen. I forgot the name though, if I find it I will let you know

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

lolz

theres also some program that will remove any *** on any screen. I forgot the name though, if I find it I will let you know

AIM Revolution or some shit
copies out there have trojans in them

i bet you could get it with softice or windbg really easily tho

it didnt have AIM in the name, but I guess yeah were talking about the same stuff. It goes by API to any window, and searches for ** and tells you the direct password on the program screen

Here is something that is SORT OF like what I am talking about

http://www.sharewareconnection.com/asterisk-password.htm

it does work, ive tried it before

old versions below 5.x you used to be able to decrypt by loading oscore.dll in the aim directory
and calling the CryptDecodeString function


invoke SetCurrentDirectory, addr AimDir
push OFFSET TheDLL
call LoadLibrary ;/// Load the AIM DLL(oscore.dll) into our process
push OFFSET TheFunction ;"CryptDecodeString"
push eax
call GetProcAddress ;/// Get address of CryptDecodeString function
push 16
push OFFSET RetAddress
push OFFSET EncPass ;/// Encrypted pass from registry
call eax ;/// Call CryptDecodeString function (returned from GetProcAddress)

illwill, from illmob?


Hi :D

i don't think that is the same illwill.

old versions below 5.x you used to be able to decrypt by loading oscore.dll in the aim directory
and calling the CryptDecodeString function


invoke SetCurrentDirectory, addr AimDir
push OFFSET TheDLL
call LoadLibrary ;/// Load the AIM DLL(oscore.dll) into our process
push OFFSET TheFunction ;"CryptDecodeString"
push eax
call GetProcAddress ;/// Get address of CryptDecodeString function
push 16
push OFFSET RetAddress
push OFFSET EncPass ;/// Encrypted pass from registry
call eax ;/// Call CryptDecodeString function (returned from GetProcAddress)

thats pretty slick.

you do this to irl friends too?

you do this to irl friends too?


rofl yeah I do this to irl friends too, I don't play and they know better not to mess with me...at least I hope so.

this thread is so old, I was so new back in January compared to the amount I've learned now. Anyways, the person I was talking about itt, I took his paypal, comcast email and aim sn until he cried for it and threatened to send the cops to my house rofl

Net Tools by M.A.B. has a built in password unmasker if that's what you need as well as an IE password revealer

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

what is the keyword or where do you get it for the blowfish algorithm

bump

http://tsourceweb.com/index.php?p=m3

this has some well written easy login info on a few different versions written by our friend unfair

I still don't know what the keyword is

as i recall in the older versions it was "AOL Instant Messenger (SM)" (5.x)

i made a thread about this once

http://www.digitalgangster.com/4um/showthread.php?t=11256

illwill wtf, i thought you were in jail. are you still friends with morning_wood?

http://www.digitalgangster.com/4um/showthread.php?t=11256

is that for the old aim pw or for the new aim6.x??

obviously it is not to hard to crack the aim6 stored pw. I need the source to do it in vb6. If someone can do it and wants some $$ hit me up.

sohov you said alot of wrong things in that thread

5.x

? zain

i didn't re-read the thread but w/e it was it worked :P

lol @ talkin ish on aim

signon it and go auto instant update the email

i dont think the actually password is behind the ***
on aim so its not possible to recover it that way
the asm code above does work its console only
it was part of a gui app i was making for a software company that sells it for $4.99
http://www.whatsmypass.com/?cat=10
if anyone wants to check it out


AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

i dont think it is either, but i know in aim <6 it does go into memory plaintext at a static offset when you click signon. if you spent half the time you spend trolling, in olly, this thread would never have been made jamfk.

uhm...chances are if hes a fag think this:

aol pass is probably email pass..a little unmasking may help the situation.

or quit being such a troll


-.-

figured it out
kind of (really just found a work around)

go to http://www.nirsoft.net get mspass it has a command line interface.
grab the file it creates and boom you have their pw