I noticed Perl 5.20.0’s PRNG implementation can’t be used to find seeds for the other leaked passwords (e.g. ZFdLqEM2QMVe) or to bruteforce IDA 7.0-7.2 setup passwords. I assume different algorithms/charsets/etc. were used for these?
7.0 and the other non-working passwords are using the pre-5.20 logic. I’ve sifted through the perl code reimplemented it in rust:
All in all a nice educational challenge, learned a lot!
EDIT: Oh yeah, the 7.2 installer uses the unicode variant of Inno Setup, so I’ve tried encoding the password as UTF16 as well, without any success though.
Yeah, it looks like Perl (or their usual Perl generator code) wasn’t used to generate IDA 7.2 passwords (tried Perl pre-5.20 on Windows/Linux and Perl 5.20). The disclosure timeline in the article implies it may still be vulnerable to a similar attack, though.
EDIT: Something makes me think 7.2 isn’t vulnerable (and the disclosure timeline is inaccurate) ¯_(ツ)_/¯
ugghhh, same here i got 7.0 to work, but couldn’t get 7.2, even though i looked over my c++ utf16 brute forcer many times
i think you need to omit the first rand.
this article doesn’t mention this.
The strange thing is that it seems that innosetup is using rc4 to hash the password.