10-25-2011 02:20 PM
Thanks Hoovah.
I was actually trying to figure out how I could backsave it to 8.0 with a password to give Ben the challenge. The oldest LV version I have installed anywhere right now is 8.2.
That website was able to crack the password for me as well.
I don't know what happened to Torpedo. He hasn't been around in this thread for awhile. I was really rooting for him to actually succeed since he was so adamant that he could do it. But then when restrictions were put on the password to make things easier, then I started to doubt his abilities. Maybe he could, maybe he couldn't. That website was also able to break my original password which was definitely more difficult and I had to write down so I wouldn't forget it.
So now we know the VI's can be cracked. But I'd still be interested to know if anybody can figure out what my password is that I used in the VI in message 31. I actually think Ben has a chance to figure it out based on the rules that Torpedo gave us and the clarification I added in message 47. (Ben, if I get a chance to install LV8 anywhere, I'll try to create it in LV8 with that password so you can try.)
Christian, perhaps next time I ought to put in two sequence frames to make it a double thick sturdy wall.
I actually through some extra stuff in the VI just for the sake of making the VI a bit bigger so that if anyone was doing some byte scanning of the VI file, they might have a harder time picking out the constant. (Although I didn't want to spend all day just trying to clutter up the VI to make it humongous.)
10-25-2011 02:34 PM
Ravens Fan wrote:
So now we know the VI's can be cracked. But I'd still be interested to know if anybody can figure out what my password is that I used in the VI in message 31. I actually think Ben has a chance to figure it out based on the rules that Torpedo gave us and the clarification I added in message 47. (Ben, if I get a chance to install LV8 anywhere, I'll try to create it in LV8 with that password so you can try.)
You mean XLVI wasn't a big enough hint even for you? I'll admit it was mostly a victory for social engineering and that your guess that Ben would figure it out was the biggest hint. I would not have associated the password with the Ravens (moreso after last night), but certainly with the Steelers.
As to just figuring out the constants, that was a simple matter and did not even require cracking or looking at the passwords.
I should have posted the screenshot, I had a simple VI to test a bunch of compound words with 0-4 digits afterwards. I was in the process of choosing the words by randomly selecting from a spellcheck dictionary, but had to test the code so I manually entered one value into the array of possible words. Of course it hit, but it still took a moment to figure out what had happened. I was like why did the loop stop early and the boolean turn on? Oh yeah.
10-25-2011 03:01 PM
@Darin.K wrote:
Ravens Fan wrote:
So now we know the VI's can be cracked. But I'd still be interested to know if anybody can figure out what my password is that I used in the VI in message 31. I actually think Ben has a chance to figure it out based on the rules that Torpedo gave us and the clarification I added in message 47. (Ben, if I get a chance to install LV8 anywhere, I'll try to create it in LV8 with that password so you can try.)
You mean XLVI wasn't a big enough hint even for you? I'll admit it was mostly a victory for social engineering and that your guess that Ben would figure it out was the biggest hint. I would not have associated the password with the Ravens (moreso after last night), but certainly with the Steelers.
...
I know binary octal hex and decimal and a bit of ASCII but my knowlege of Roman numerals is generally limited to what I learned from the side of a six-pack.
Judging by your post the Raven must have done well last night. I was distracted with catching up on my favorite program followed by the new Alice in Wonderland (which I enjoyed).
Ben
10-25-2011 03:40 PM
I'm sorry Darin, I forgot that you posted that which clued me in you had figured it out. Nice job!
Last night's performance was absolutely horrible and doesn't get us anywhere close to deserving to play the password. The Jax defense definitely outplayed our offense. Our defense played well and kept us in the game. And as bad as our offense was, we still had a chance to win the game at the end and went and blew that.
10-28-2011 01:28 PM
Ohh no, what shame now everyone will know. I thought I could hide it but now the entire world can see it for themselves.
I don't know how to face the world any more.
I will have to tell the whole world my dirty little secret. I will have to own up to it.It's out now anyway.The shame!
I, I, I have yes its true CND
CND (compulsive neatness disorder) http://en.wikipedia.org/wiki/Orderliness
Well everyone has to have a label for something these days, don't they?
11-01-2011 09:58 AM
We've posted a Knowledge Base (KB) article on this subject; Security of LabVIEW VI Password Protection vs. Removing VI Block Diagrams, which explains, in some detail, why the VI password protection feature is implemented as it is and the alternative available when stronger protection is required. We also plan to add a link to this KB in our product and/or help documentation, where appropriate, as part of our next major release. Our aim is to do our best to help users be aware of the issue and understand their options. I will monitor this thread for a bit and respond to questions or concerns as needed.
Sincerely,
Roy Faltesek
Senior Group Manager
LabVIEW R&D
National Instruments
11-01-2011 10:11 AM
Roy F,
Thank you for the link to the KB article. I think it clearly explains the philosophy behind the decisions NI has made in regard to security and the limitations consequential to those decisions.
Lynn
11-06-2011 12:49 PM
Looks like NI must be leaning on this guy. His website has been updated to not allow abuse and points to the KB Roy linked to.
11-06-2011 01:22 PM
Well, he's not the sharpest knife in the drawer, otherwise he would not host this on a German server. Germany has one of the toughest law (introduced in 2007) with repect to such activities.
Strafgesetzbuch 202c threatens fines and up to 1 year.
(It is clear that solely relying on passwords has never been a good security stance. I still lock my front door, even though 3 years of motion activated security footage tells me that nobody ever even tries to open it, and every little kid knows how to throw a rock through a window. ;))
11-07-2011 08:37 AM
Yeah so he has put restrictions in place so it changes the password to a random one, and doesn't say what the md5 is of the new one. Of course you could just put that new VI through it again to get the new MD5, and then he added a link to that googles the MD5 in an attempt to find the password to it.
He also left the source code up so it's not like someone couldn't just put that on any PHP enabled site and run it on a batch of VIs.
Unofficial Forum Rules and Guidelines
Get going with G! - LabVIEW Wiki.
16 Part Blog on Automotive CAN bus. - Hooovahh - LabVIEW Overlord