Flyff Source Code (Password Protected)

This is the flyff's source code of version 4 or 5.
The archive is password protected and yet nobody knows the password.

http://image-storage.co.uk/nicco/Neurospace.7z
Credits to heathj for finding

I release this because more people can try to find the correct password for it, there's several ways to find it.

Contents of archive:

• Cola - Program to create/convert moving things like monsters and players.
• Accumulator - Logs errors to files with date names.
• BetaPatchClient2 - Patcher/Updater client.
• MakeMap - Program is unknown.
• MergeMaster - merge.exe / merge2.exe
• Neuz - Flyff client.
• ResourceTool - Program to manage flyff resource files (*.res)
• Updater - Deletes Flyff.exe and movies NewFlyff.exe to Flyff.exe
• Server Source - No explanation needed (version less than or equal to 6).

Each directory in the archive that begins with _ is include folders (contains source code files) which is common (used by most programs)

An example of a program to get the password is the following:
- Version 3.0 -

Read assign of roles for a solution how we can get the password:
http://forum.ragezone.com/f457/flyff...4/#post5741873
Currently on the hold since we do not have a good 7z password tester!

Add credits to Heathj?

Quote:

---

Originally Posted by Dell Honne

Add credits to Heathj?

---

Yeah, done that now :P

I will look into this shit when I get home... >>;

Mirrors:
RapidShare: 1-CLICK Web hosting - Easy Filehosting
MEGAUPLOAD - The leading online storage and file delivery service
Deposit Files
Hotfile.com: One click file hosting: Neurospace.7z
Download Neurospace.7z for free on uploading.com
Free File Hosting. SharingMatrix.com file hosting and storage.
2shared - download Neurospace.7z

Nice community release Nicco. My friend gave me a hint about what the password, he said it's 10 characters contained with upper and lowercase letters only (no symbols) I'll try to report the password when I find out what it is :P (unless I receive it from someone who asks me not to)

Quote:

---

Originally Posted by FrostElite

Nice community release Nicco. My friend gave me a hint about what the password, he said it's 10 characters contained with upper and lowercase letters only (no symbols) I'll try to report the password when I find out what it is :P (unless I receive it from someone who asks me not to)

---

10? Other rumors says less than 10 characters and yes its upper and lowercase only.
10 characters will take ....... well let's just say we'r all gona enjoy the archive down in the dirt with a gravestone ontop lol.

a-zA-Z is 52 characters.
10 ^ 52 = 144555105949057024 different passwords :blink::mellow:

password id is 5-10 characters long in UTC-8 to be exact

Updater is most likely the patcher and the MergeMaster is that Merge.exe found in some v14/v11 file releases. Not sure what it does though.

Awesome release too bad i can't crack it :o

actually its not hard if we all work together and not be competitive here is something useful

[url=http://www.mydigitallife.info/2009/01/06/how-to-recover-rar-7z-and-zip-password-with-rarcrack-in-linux/]How to Recover RAR, 7z and ZIP Password with RarCrack in Linux

tell me if u find something useful :)

<.< bad idea remove links plox ?

Quote:

---

Originally Posted by MisterKid

<.< bad idea remove links plox ?

---

Why would you want that?

Quote:

---

Originally Posted by DazHaruhi

Why would you want that?

---

B.c. Alot of people already had this awhile ago. Weeks and weeks.

Quote:

---

Originally Posted by aldieri

B.c. Alot of people already had this awhile ago. Weeks and weeks.

---

Yea the svn wasn't hard to find. I didn't even bother searching because didn't realize that they was so stupid to put a source code online. Maybe they thought that the AES protection was enough. It would be if they used a sufficient password. I suppose its sufficient so far because no publicy known person has cracked it without full proof. We had a screen shot of the neuz source but according to Dellhone that's available on Chinese forums,so that's not exactly proof is it? Xhango is an idiot. The world server source was last edited mid 2005, so that suggest that its late v4/early v5 server files; this will help the developers for v5/v6 servers. The programs have a high edited so they could be recent versions of the program. V6 came out 2006 if I'm not mistaken? Their isn't many windows released crackers that will work for 7zip anymore. Well they will be only if its not the AES encryption. Because the AES encryption asks for the password when extracting the files unlike the other one where you need the password to view the files. The best way would be to create a bruteforcer. or edit the source for one? Correct me if I'm wrong.

Quote:

---

Originally Posted by spikensbror

Updater is most likely the patcher and the MergeMaster is that Merge.exe found in some v14/v11 file releases. Not sure what it does though.

---

Merge.exe makes the datares files flyff.b and flyff.a. Also there is patcher folder for the patcher. Ill get a screen shot for all the folders in the archive. Uploaded.
ColaFolder:
http://i733.photobucket.com/albums/w...ColaFolder.png
MainFolder:http://i733.photobucket.com/albums/w...Mainfolder.png
ProgramFolder: http://i733.photobucket.com/albums/w...Mainfolder.png

Quote:

---

Originally Posted by MisterKid

<.< bad idea remove links plox ?

---

No need the average kiddy isn't going to crack this. Even the flyff developers with years of experience will be having problems.

Quote:

---

Originally Posted by dudekill

password id is 5-10 characters long in UTC-8 to be exact

---

How do you know?

Quote:

---

Originally Posted by funkynicco

10? Other rumors says less than 10 characters
a-zA-Z is 52 characters.
10 ^ 52 = 144555105949057024 different passwords :blink::mellow:

---

Thats when you need 1 google's epic servers to crack that shit. I seen a program on tv where it showed you 1 of them and it was fucking huge. (Like my penis ;)) Also remember rumors could just be rumors.

Maybe the password has something to do with his projects in his svn? Here it is: xahgo - Revision 196: / or Show | xahgobnb | Assembla its the same shit anyway.

:) If you get the source goodluck compiling it xD i already compiled xD toke me 15 minutes lol but some people doesn't know how microsoft visual c++ works or how to compile something xD

Quote:

---

Originally Posted by MisterKid

:) If you get the source goodluck compiling it xD i already compiled xD toke me 15 minutes lol but some people doesn't know how microsoft visual c++ works or how to compile something xD

---

You managed to get it? U used bruteforce? If so its not as hard as i predicted. If a bruteforcer decrypted then the password cant be that complex.

x.x its ...... xD --------------------->dictionary/names etc....
it can't be random things :/

i compiled MAPEDIT xD

Quote:

---

Originally Posted by darkesthour123

You managed to get it? U used bruteforce? If so its not as hard as i predicted. If a bruteforcer decrypted then the password cant be that complex.

---

their is a feature used in the creation of flyff that is not available in the standard express version known as MFC

so it will take extra work to compile it ^^

Quote:

---

Originally Posted by MisterKid

<.< bad idea remove links plox ?

---

It's because there are people like that, there are no trust to developers realising their works....

Quote:

---

Originally Posted by Reimniess

their is a feature used in the creation of flyff that is not available in the standard express version known as MFC

so it will take extra work to compile it ^^

---

Why did you quote me? O.o I didn't ask about the map edit, i was asking about the archive to be honest. I kind of guessed what it was used for.

Quote:

---

Originally Posted by darkesthour123

Why did you quote me? O.o I didn't ask about the map edit, i was asking about the archive to be honest. I kind of guessed what it was used for.

---

he didn't manage to get it map edit was not encrypted and that's what he compiled but the source codes in the archive will have that same requirement

Allright, lets assign roles in the password testings, suggest by Reimniess.
This is on hold currently as rarcrack turned out to be nonworking. We currently have no fast way to test passwords(!)

On 6 letter a-zA-Z, everyone could do different starting letters.
I am running from D***** now at 5000 passwords per second.
Not sure if the password starts with A so I'll need the current roles:

Post your request to assign a role.

[Range]: [Username]
b*****: Divine
c*****: ?
d*****: Nicco
e*****: ?
f*****: Divine
g*****: ?
h*****: ?
i*****: ?
j*****: ?
k*****: ?
l*****: ?
m*****: ?
n*****: ?
o*****: ?
p*****: ?
q*****: ?
r*****: ?
s*****: ?
t*****: darkesthour123
u*****: ?
v*****: ?
w*****: ?
x*****: ?
y*****: ?
z*****: ?

All these are 5 letters to generate, once that's done just swap the first character to uppercase and try again. End it before it changes first character.

Code:

---

  <abc>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
  <current>baaaaa</current>

---

If your speed is like mine, 5000 password per second the estimated passwords and time is as follows:

5 ^ 52 = 380204032 different passwords.
380204032 / 5000 = 76040 seconds
76040 / 60 / 60 = 21 hours

Update: If you use rarcrack then optimize the amount of threads for best performance, usually amount of cores+1 (quadcore means 5 threads).
My speed with 12 threads is 5000 tests per sec, 5 threads is 6000 per sec.

So to cover up aaaaaa to azzzzz aswell as Aaaaaa to Azzzzz would take 42 hours at the speed of 5000 passwords per second.

Any questions just post it below.

Quote:

---

Originally Posted by funkynicco

Allright, lets assign roles in the password testings, suggest by Reimniess.

On 6 letter a-zA-Z, everyone could do different starting letters.
I am running from D***** now at 5000 passwords per second.
Not sure if the password starts with A so I'll need the current roles:

Post your request to assign a role.

[Range]: [Username]
b*****: ?
c*****: ?
d*****: Nicco
e*****: ?
f*****: ?
g*****: ?
... to begin with ...

All these are 5 letters to generate, once that's done just swap the first character to uppercase and try again. End it before it changes first character.

Code:

---

  <abc>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
  <current>baaaaa</current>

---

If your speed is like mine, 5000 password per second the estimated passwords and time is as follows:

5 ^ 52 = 380204032 different passwords.
380204032 / 5000 = 76040 seconds
76040 / 60 / 60 = 21 hours

So to cover up aaaaaa to azzzzz aswell as Aaaaaa to Azzzzz would take 42 hours at the speed of 5000 passwords per second.

Any questions just post it below.

---

Do we know 100%, for sure that it's in the a-Z range?

Also, Serus said in the other thread that rarcrack doesn't like this archive, this could cause problems for everyone, or at least some volunteers if it works for some people.

started at baaaaa and faaaa on other computer

Quote:

---

Originally Posted by funkynicco

Allright, lets assign roles in the password testings, suggest by Reimniess.

On 6 letter a-zA-Z, everyone could do different starting letters.
I am running from D***** now at 5000 passwords per second.
Not sure if the password starts with A so I'll need the current roles:

Post your request to assign a role.

[Range]: [Username]
b*****: ?
c*****: ?
d*****: Nicco
e*****: ?
f*****: ?
g*****: ?
... to begin with ...

All these are 5 letters to generate, once that's done just swap the first character to uppercase and try again. End it before it changes first character.

Code:

---

  <abc>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
  <current>baaaaa</current>

---

If your speed is like mine, 5000 password per second the estimated passwords and time is as follows:

5 ^ 52 = 380204032 different passwords.
380204032 / 5000 = 76040 seconds
76040 / 60 / 60 = 21 hours

So to cover up aaaaaa to azzzzz aswell as Aaaaaa to Azzzzz would take 42 hours at the speed of 5000 passwords per second.

Any questions just post it below.

---

I'd be more than happy to help out here some too, as that's really a brilliant idea and would definitely speed the process up some. But there's just one complication with me helping, and that would be that I already spent several hours messing around earlier trying to start cracking it myself also. But with the lack of available Windows programs that actually SUPPORT cracking 7-z archives, I also had no luck in even starting.

And I'm pretty much totally unfamiliar with the Unix platform. I've only just begun dabbling any in it, and am only familar with a few things, and probably nothing that important at that. And I think the only problem with me using that 7zBruteForce program you suggested at the start, is I have no idea how the syntax goes for it or what the expressions are etc. etc.. So maybe you can help clarify that much for me, and if so I'll join in and help also.

I'll be back and forth between here (my computer/this forum) and other parts of my house for 'bout the next 24-36 hours, so do a lil' clarifying if possible either via a reply back or a PM directly to me, and I'll get started on it right away sir!:thumbup1:

Anyone tried with the password neurospace?

Quote:

---

Originally Posted by krocky10

Anyone tried with the password neurospace?

---

I know aeonsoft is stupid, but I don't think they're that stupid o.o

Lolz but you ever tried?

Quote:

---

Originally Posted by krocky10

Anyone tried with the password neurospace?

---

Yuppp.

Quote:

---

Originally Posted by Reimniess

he didn't manage to get it map edit was not encrypted and that's what he compiled but the source codes in the archive will have that same requirement

---

Thats for clearing that up. (y)

Quote:

---

Originally Posted by krocky10

Anyone tried with the password neurospace?

---

I tryed about 100+ attempts at stupid things like that.

Quote:

---

Originally Posted by Alexsh

I know aeonsoft is stupid, but I don't think they're that stupid o.o

---

Thats aeonsoft in general. I supose the programmers may think different. Unlike aeonsofts incompetence. Then again he does leave the archive on his svn so who knows.

Quote:

---

Originally Posted by krocky10

Anyone tried with the password neurospace?

---

Ofcourse, and all the other things they may have used;
Mudra
Masquerade
Qlord
Eolith
Clockworks
etc etc
+ variations.

I highly doubt it's something we'd know, bruteforce seems the only way now.

Haha well i will try to find the pass later

Quote:

---

Originally Posted by krocky10

Haha well i will try to find the pass later

---

Google won't help you on this one.

Quote:

---

Originally Posted by darkesthour123

Google won't help you on this one.

---

I Keeed :laugh:

Lol for all you know the pass could be in korean letters..

Quote:

---

Originally Posted by Thrinaria

Lol for all you know the pass could be in korean letters..

---

Apparently from a rumor its not. Hey that's just a rumor though.

Quote:

---

Originally Posted by divinepunition

started at baaaaa and faaaa on other computer

---

Updated :wink:

I'm at Dgkijv now going fast :thumbup1:

As I've been told 10 chars lower+upper no korean. but hey who can you trust nowadays.

Quote:

---

Originally Posted by Thrinaria

As I've been told 10 chars lower+upper no korean. but hey who can you trust nowadays.

---

very true, all the people who have meant to have cracked the archive havent showed any proof, theres only been a pic of the neurospace solution and cola but no hard evidence, until someone posts one of the programms running in debug mode out of a compiler then id say to assume it hasn't been cracked yet (not saying it hasn't, it may have been just no proof otherwise right now) so the password could be anything of any length

nono it's cracked. I have seen bullet proof things.. So....

Quote:

---

Originally Posted by heathj

very true, all the people who have meant to have cracked the archive havent showed any proof, theres only been a pic of the neurospace solution and cola but no hard evidence, until someone posts one of the programms running in debug mode out of a compiler then id say to assume it hasn't been cracked yet (not saying it hasn't, it may have been just no proof otherwise right now) so the password could be anything of any length

---

That's what I mean.. We could be making a team effort with only a-Z in, and we could never get the password cause it may be in korean, or may have numbers in. None of us can be 100% sure, until someone has given us some full on hard evidence of that archive extracted, but even then, we have to be able to trust they're giving us true hints. Not likely.

Quote:

---

Originally Posted by Roachy

I'd be more than happy to help out here some too, as that's really a brilliant idea and would definitely speed the process up some. But there's just one complication with me helping, and that would be that I already spent several hours messing around earlier trying to start cracking it myself also. But with the lack of available Windows programs that actually SUPPORT cracking 7-z archives, I also had no luck in even starting.

And I'm pretty much totally unfamiliar with the Unix platform. I've only just begun dabbling any in it, and am only familar with a few things, and probably nothing that important at that. And I think the only problem with me using that 7zBruteForce program you suggested at the start, is I have no idea how the syntax goes for it or what the expressions are etc. etc.. So maybe you can help clarify that much for me, and if so I'll join in and help also.

I'll be back and forth between here (my computer/this forum) and other parts of my house for 'bout the next 24-36 hours, so do a lil' clarifying if possible either via a reply back or a PM directly to me, and I'll get started on it right away sir!:thumbup1:

---

Yeah, I'll try to declare some information on the program I built but it requires a bit knowledge how to compile C# programs, and it also requires .NET 4.0. If you do not want to compile the program then I think the exe is in Debug folder, if you cannot run it then it requires C# .NET 4.0 to be installed otherwise I can see if Release mode works better.

But all in all when the exe works, put the exe in the same folder as 7z.exe (found in C:\Program Files\7-zip) and Neurospace.7z.
This program tests passwords from a file, so you will have to create a file called "names.txt".

PS this is NOT the best way to crack the archive but it's the fastest I could make in Windows and it doesn't have to be ubberly fast if the names.txt is a full list of known aeonsoft stuff/passwords.

PS again, I have created a program in C++ that directly loads 7z libraries and loads Neurospace.7z into memory once and tries passwords but the result was 10 passwords per second, which is not nearly good enough! If only there was a way to load up Neurospace.7z in a buffer and read bytes and compare with password it would do around 20,000 password tests per second I'm sure but that's WAY to much learning about 7z as 7z not only supports 7z archives.

Any other great ideas except using rarcrack in linux are greatly welcome.

Quote:

---

Originally Posted by Mythx

That's what I mean.. We could be making a team effort with only a-Z in, and we could never get the password cause it may be in korean, or may have numbers in. None of us can be 100% sure, until someone has given us some full on hard evidence of that archive extracted, but even then, we have to be able to trust they're giving us true hints. Not likely.

---

actually the rumor is it's less then 10 chars

all evidence points towards is being 6 and I have several credible sources that have solid evidence they cracked it saying it's exactly 6 chars and that the first char is in the first hald of the alphabet

and until we prove that wrong shut up and quit being so pessimistic

Is it combo lower- and uppercase?

//~1500 passwords per second on my test server

Quote:

---

Originally Posted by Reimniess

actually the rumor is it's less then 10 chars

all evidence points towards is being 6 and I have several credible sources that have solid evidence they cracked it saying it's exactly 6 chars and that the first char is in the first hald of the alphabet

and until we prove that wrong shut up and quit being so pessimistic

---

There was no need for that comment, i'm only trying to help by saving time if it happens to be something other than a-Z based.
Really I expect better from a moderator.
Most of us don't have solid evidence do we? Also how was I supposed to know your sources all said 6 characters?

Quote:

---

Originally Posted by Reimniess

actually the rumor is it's less then 10 chars

all evidence points towards is being 6 and I have several credible sources that have solid evidence they cracked it saying it's exactly 6 chars and that the first char is in the first hald of the alphabet

and until we prove that wrong shut up and quit being so pessimistic

---

A bit harsh.

Quote:

---

Originally Posted by Mythx

There was no need for that comment, i'm only trying to help.
Really I expect better from a moderator.
Most of us don't have solid evidence do we? Also how was I supposed to know your sources all said 6 characters?

---

it's more that you all act like rumors are automatically false

it's this kind of pessimism that kills the community when people go into others projects demotivating them

and the comment was basically if you don't have anything nice to say don't say anything at all kind of comment o.o;

Quote:

---

Originally Posted by Blackbox

A bit harsh.

---

perhaps a tad but posts like that don't help in the slightest

I mean seriously the first community project in ages with promise and everyone having a reason to join in, the last thing we need is people coming in trying to kill it

and if the password is "password" or 1234 Lol ;)

Quote:

---

Originally Posted by Reimniess

it's more that you all act like rumors are automatically false

it's this kind of pessimism that kills the community when people go into others projects demotivating them

and the comment was basically if you don't have anything nice to say don't say anything at all kind of comment o.o;

---

How was that demotivating? Really. Alls I said was that it's possible for it to be different to what these rumours are telling us. Y'know, I presumed it all came from one or two sources of evidence, which probably would've lied to throw us all off. It's that sort of thing that happens in this sort of community and you know it. There's more than one possibility in this sort of situation, but if there's several (ie, more than 5) sources of evidence telling us the same information then yes, it's fairly safe to believe.

tbh i think the rumours are nothing more than rumours, due to the way the AES encryption works specifically the way 7zip incorporates it, as Rijndael type encryption uses a key for encrypting and decrypting it gets the key by making a SHA-256 (in 7zips case anyhow) hash from the users password input then itterates (hashes the result of the las hash) around 26k times to strengthen the key then encrypts. The password could be any length and couldn't be guessed by encryption methods etc, also if they had half a brain, its a big IF, they would have used a password length which would be physically impossible to brute force in any one life time like around a length of 15-20 characters long. thats what i would have done id say he could make a similar archive with his bank details in with a password length of 15-20 chars and put that on his svn and still be safe.

conclusion ive come to brute forcing will take ages unless the password is indeed around 6 characters like the rumous say, else you more likely to guess the password in your lifetime than crack it.

whilst writing this i had a thought of how i would do the password long and still remember it, they say in order to crack passwords you have to think like the person who made the password well to make it secure it would need to be long but memorable as you wouldnt want to keep it writeen down ideally, so i though if it were me id think of a password then hash it md5, sha etc i still know the password i just gota has it manually and copy paste it into the password box, now if it was me thats how id do it simple and short but long and secure at the same time.

just an idea

Quote:

---

Originally Posted by heathj

tbh i think the rumours are nothing more than rumours, due to the way the AES encryption works specifically the way 7zip incorporates it, as Rijndael type encryption uses a key for encrypting and decrypting it gets the key by making a SHA-256 (in 7zips case anyhow) hash from the users password input then itterates (hashes the result of the las hash) around 26k times to strengthen the key then encrypts. The password could be any length and couldn't be guessed by encryption methods etc, also if they had half a brain, its a big IF, they would have used a password length which would be physically impossible to brute force in any one life time like around a length of 15-20 characters long. thats what i would have done id say he could make a similar archive with his bank details in with a password length of 15-20 chars and put that on his svn and still be safe.

conclusion ive come to brute forcing will take ages unless the password is indeed around 6 characters like the rumous say, else you more likely to guess the password in your lifetime than crack it.

whilst writing this i had a thought of how i would do the password long and still remember it, they say in order to crack passwords you have to think like the person who made the password well to make it secure it would need to be long but memorable as you wouldnt want to keep it writeen down ideally, so i though if it were me id think of a password then hash it md5, sha etc i still know the password i just gota has it manually and copy paste it into the password box, now if it was me thats how id do it simple and short but long and secure at the same time.

just an idea

---

That's a possibility, I mean surely some of those employees have sense. If that's the case though then lol. :P

Those people with contacts with hard evidence, could try squeeze some more info out of them. If we can get a decent cracking speed (not rarcrack.) going on then we could easily go from 6 characters and see if the rumours are true, really there's quite a few people interested in this, so with a program + more info we could have this soon, providing most if not all of us crack a certain range like the idea suggested before.

Quote:

---

Originally Posted by funkynicco

Yeah, I'll try to declare some information on the program I built but it requires a bit knowledge how to compile C# programs, and it also requires .NET 4.0. If you do not want to compile the program then I think the exe is in Debug folder, if you cannot run it then it requires C# .NET 4.0 to be installed otherwise I can see if Release mode works better.

But all in all when the exe works, put the exe in the same folder as 7z.exe (found in C:\Program Files\7-zip) and Neurospace.7z.
This program tests passwords from a file, so you will have to create a file called "names.txt".

---

I was already wondering why it kept crashing, then i saw:
StreamReader sr = new StreamReader("names.txt");
that explained it pretty much lulz. Although, i'm still searching for a list, any links?

how about we test all possibilities at 6 chars first

and where I heard it from was from multiple (6 to be more accurate) completely unrelated people who have the source and people that are more then adequately credible

Quote:

---

Originally Posted by Reimniess

how about we test all possibilities at 6 chars first

and where I heard it from was from multiple (6 to be more accurate) completely unrelated people who have the source and people that are more then adequately credible

---

Did they show you images?

Quote:

---

Originally Posted by Reimniess

it's more that you all act like rumors are automatically false

it's this kind of pessimism that kills the community when people go into others projects demotivating them

and the comment was basically if you don't have anything nice to say don't say anything at all kind of comment o.o;


perhaps a tad but posts like that don't help in the slightest

I mean seriously the first community project in ages with promise and everyone having a reason to join in, the last thing we need is people coming in trying to kill it

---

No ones trying to kill it. Simply acting outside of the 'rumors'. And just so you know;

Quote:

---

ru·mor
   /ˈrumər/ Show Spelled[roo-mer]
–noun
1.
a story or statement in general circulation without confirmation or certainty as to facts: a rumor of war.
2.
gossip; hearsay: Don't listen to rumor.
3.
Archaic . a continuous, confused noise; clamor; din.

---

Rumor doesn't mean it's right, nor wrong. So you bashing his idea that its NOT what the rumor is, is doing more killing to the community project than him suggesting to think outside the so called box or 'rumor' in this case.

Heath is right, I've never seen a company use random letters for a password to an archive, its not easy to remember unless they wrote it down, which is even less secure.

Whoever created that archive definitely used a word as the password, or maybe a sentence. Also, instead of fighting whether the rumors are true or not, or fighting about what new rumors/info came up, why don't we all just try to brainstorm what the password could be while trying to Brute Force it.

I've already been brute forcing it for a day now, still no password yet.

Also, this whole thread SHOULD have been in the stickied thread.

#Request Merge reimniess

Any way we could get more info on the person whose ftp it came from? I mean if it was me, I would use something personal, like a wife or child's name. Something I could remember easily but no one else would know.

Quote:

---

Originally Posted by ryuchao009

Any way we could get more info on the person whose ftp it came from? I mean if it was me, I would use something personal, like a wife or child's name. Something I could remember easily but no one else would know.

---

for work? doubt it but the person is just known as Xagho

Quote:

---

Originally Posted by Reimniess

for work? doubt it but the person is just known as Xagho

---

Xahgo*

Wrong, got his msn logs, his nickname is Jung on msn lol :tongue:

Rumors could be true but also could be bs, like this whole section. Nico Does your program work from a live cd? If so i could use 3 computers. 2x 2gz duel core laptops 2gb ram. 1 desktop 3ghz quadcore 4gb ram. Thats if you wanted help on the 6x lengths shit. Also Xahgo is the internetname i would call it. Like if it was Reimniess that was the developer and had the name as Reimniess. We would assume that's his name i don't think so. Its also the name for his projects.

Quote:

---

Originally Posted by darkesthour123

Rumors could be true but also could be bs, like this whole section. Nico Does your program work from a live cd? If so i could use 3 computers. 2x 2gz duel core laptops 2gb ram. 1 desktop 3ghz quadcore 4gb ram. Thats if you wanted help on the 6x lengths shit. Also Xahgo is the internetname i would call it. Like if it was Reimniess that was the developer and had the name as Reimniess. We would assume that's his name i don't think so. Its also the name for his projects.

---

actually Reimniess is my last name, my name being Avura Lucifira Reimniess (I know it's weird but at least my girlfriend thinks it's cute)

but yo never know it could be his name how it's pronounced in english

Quote:

---

Originally Posted by Reimniess

actually Reimniess is my last name, my name being Avura Lucifira Reimniess (I know it's weird but at least my girlfriend thinks it's cute)

but yo never know it could be his name how it's pronounced in english

---

Still, you get where i was coming from. Use my name as an example then. Wow nerds can get gfs now? ;)

Quote:

---

Originally Posted by Reimniess

actually Reimniess is my last name, my name being Avura Lucifira Reimniess (I know it's weird but at least my girlfriend thinks it's cute)

but yo never know it could be his name how it's pronounced in english

---

I thought you were female?

Quote:

---

Originally Posted by DazHaruhi

I thought you were female?

---

LOL Epic find that post! Anyways lets get back on topic.

Quote:

---

Originally Posted by darkesthour123

LOL Epic find that post! Anyways lets get back on topic.

---

I didn't ask to be condescending, I asked out of curiosity. Anyways back on topic now.

Quote:

---

Originally Posted by DazHaruhi

I thought you were female?

---

I lol'd.

I'm not gonna explain that. Put your mind in the gutter for a minute or two and it'll make sense :lol:

Quote:

---

Originally Posted by DazHaruhi

I thought you were female?

---

shes a lesbian?

highly dought its random letter of 6x prob a sentence or something

#On topic....

Xahgo (xuzhu74@hotmail.com), the MSN logs I have found from him.
He does not speak anything about Neurospace.7z though from what I can see ...
The logs are in korean, and in msn log format.
I built a program that removed each msn tag in it but I threw it away since I didn't need it anymore after reading all the logs.

http://image-storage.co.uk/nicco/Xah...ftUserData.zip

Someone wanna send him an email asking for the password? :tongue:

Quote:

---

Originally Posted by ryuchao009

I lol'd.

I'm not gonna explain that. Put your mind in the gutter for a minute or two and it'll make sense :lol:

---

I didn't want to jump to conclusions, I already figured it out.

@funkynicco, does he still even come on? The last time he updated his SVN was April.

Quote:

---

Originally Posted by DazHaruhi

@funkynicco, does he still even come on? The last time he updated his SVN was April.

---

No idea I haven't tried to contact him lol.

http://mail.aeonsoft.co.kr/

xuzhu@aeonsoft.co.kr

I'm sure that email, would have info on the source. Maybe not this specifically, but whatever.

I've also heard its exactly 6 characters from a source that I know has cracked it.

Quote:

---

Originally Posted by xsilentx

http://mail.aeonsoft.co.kr/

xuzhu@aeonsoft.co.kr

I'm sure that email, would have info on the source. Maybe not this specifically, but whatever.

---

Yeah but then again that's another password to crack and we don't even know the username which to say will be impossible even with 100,000 tests per second.

But anyone with a general idea or guess can try though, as long as Xahgo has not removed old sent emails the Neurospace.7z password should probably be in there (if he sent it).

Edit: Read some on Microsoft Exchange exploits and it seems that the name before the @ in the email is the username.

Quote: username – can be extracted from the victim’s email address (everything before the at @ sign)

Have some people do a 24/7 bruteforce of the 7zip file and have another set of people do a 24/7 bruteforce of that email.

Lol, memories of Cain & Abel.

Whats the size of the archive ?

Quote:

---

Originally Posted by mcxxcr

Whats the size of the archive ?

---

4142 kb. Unpacked its: 30,065,168 bytes.

Quote:

---

Originally Posted by Dell Honne

Have some people do a 24/7 bruteforce of the 7zip file and have another set of people do a 24/7 bruteforce of that email.

Lol, memories of Cain & Abel.

---

Well it's a website email so brute force would be extremly slow, the only solution is to guess password / exploit website / hack the server lol.

Quote:

---

Originally Posted by funkynicco

Well it's a website email so brute force would be extremly slow, the only solution is to guess password / exploit website / hack the server lol.

---

You missed phishing. That's where most internet uses fail.

Wish I had more time, I'd do it myself. D:

Anyways I figured I'll post a tutorial on how to get started with rarcrack.

You will need linux, but don't fear the need to format the computer because you don't have to.

Linux can be installed as a program in windows and will boot up just like regular linux which has the benefit that whenever you don't want it anymore just uninstall it in windows.

You will be prompted to select operativesystem at the start of your computer.

Linux has a browser (Firefox), an multiprotocol messenger client which supports MSN (Empathy on Ubuntu 10.04). Two things you would require if your a windows user before even trying to install linux.

1. Downloading linux
Go to the follow page.
Download | Ubuntu
Choose either 32-bit or 64-bit depending on your computer and click Download on the right side. This will download an ISO image, this you can either burn to a CD or mount in Daemon Tools in Windows which this tutorial will cover.

2. Mounting and installing linux
So you will need Daemon Tools which emulates cd/dvd drives.
You can download Daemon Tools Lite here.
Disk-Tools - Published Software Download
Install it and rightclick the trayicon and mount the linux ISO image.
Now it should automaticly execute linux preparation window, if it doesn't, go to My Computer and execute it automaticly.
Then simple choose to Install linux in/from windows.
It will now prepare windows and soon ask to reboot your computer, once you are prompted to select operative system, select Ubuntu, it should now continue on it's own until you get to configure Ubuntu (setting language and such).

3. Getting rarcrack and starting cracking
Once linux setup is done, open up terminal, it can be found at Applications -> Accessories -> Terminal.
The first thing you will need is the XML library in order to compile rarcrack, so issue the following command.

Quote:

---

apt-get install libxml2-dev build-essential

---

Then you will need the actual rarcrack program.
Issue the following command to download and save rarcrack in your Places -> Home Folder.

Quote:

---

wget Download rarcrack from SourceForge.net

---

Now we need to extract the archive we just downloaded.

Quote:

---

tar -xjf rarcrack-0.2.tar.bz2

---

And then we will have to set the current working directory to the extracted content's directory done as following.

Quote:

---

cd rarcrack-0.2

---

And now you need to compile the program, easily done as follows.

Quote:

---

make

---

You must also install the program and this command requires administration rights (you will be asked for administrator password after entering the command).

Quote:

---

sudo make install

---

"sudo" is the parameter to put before the actual command to execute it as administrator, note that you only need to enter "sudo" before a command once per console window.
And last but not least lets get the actual Neurospace.7z archive. The following command covers that just fine.

Quote:

---

wget http://image-storage.co.uk/nicco/Neurospace.7z

---

Now you can go on testing if rarcrack works, try the following command.

Quote:

---

rarcrack --threads 1 --type 7z Neurospace.7z

---

Also optimize amount of threads for best performance, max 12 threads.
If it starts to crack the archive it works.

To modify on where to start cracking and how many letters aswell as what characters to include in tests you must first run rarcrack once like the above test of rarcrack as it creates an XML file which contains last position in cracking (you can turn off the program in the middle of the process and continue once you start it again).
Open up the XML file, should be named Neurospace.7z.xml.
Look at the following, and set accordingly to your needing.

Quote:

---

<abc>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
<current>DGYTzA</current>

---

This tells us that it will try a-z and A-Z characters, and it will continue from DGYTzA, the next password test will in this case be DGYTzB and going forward...

I suggest play around with it some :tongue:

QA

• Q: Can you run windows program's on linux?
• A: Yes you can, you need Wine (see Applications -> Ubuntu Software Center, search for and install "Wine").

Hope the tutorial will help someone atleast :tongue:

Quote:

---

Originally Posted by DazHaruhi

I thought you were female?

---

I am but lets get back on topic

it seams pretty consistant that the pass is 6 char long with upper and lowercase letters,

nicco said 6.8 months max at 1.2k/s and I know several who are boasting 5-20k pw/s and from what ive heard the first char is in the first half of the alphabet so if true with cooperation this is a very realisticly acomplishable task

anyone else care to join in?

oh and nice guide nicco! :3

Quote:

---

Originally Posted by funkynicco

Anyways I figured I'll post a tutorial on how to get started with rarcrack.

You will need linux, but don't fear the need to format the computer because you don't have to.

Linux can be installed as a program in windows and will boot up just like regular linux which has the benefit that whenever you don't want it anymore just uninstall it in windows.

You will be prompted to select operativesystem at the start of your computer.

Linux has a browser (Firefox), an multiprotocol messenger client which supports MSN (Empathy on Ubuntu 10.04). Two things you would require if your a windows user before even trying to install linux.

1. Downloading linux
Go to the follow page.
Download | Ubuntu
Choose either 32-bit or 64-bit depending on your computer and click Download on the right side. This will download an ISO image, this you can either burn to a CD or mount in Daemon Tools in Windows which this tutorial will cover.

2. Mounting and installing linux
So you will need Daemon Tools which emulates cd/dvd drives.
You can download Daemon Tools Lite here.
Disk-Tools - Published Software Download
Install it and rightclick the trayicon and mount the linux ISO image.
Now it should automaticly execute linux preparation window, if it doesn't, go to My Computer and execute it automaticly.
Then simple choose to Install linux in/from windows.
It will now prepare windows and soon ask to reboot your computer, once you are prompted to select operative system, select Ubuntu, it should now continue on it's own until you get to configure Ubuntu (setting language and such).

3. Getting rarcrack and starting cracking
Once linux setup is done, open up terminal, it can be found at Applications -> Accessories -> Terminal.
The first thing you will need is the XML library in order to compile rarcrack, so issue the following command.

Then you will need the actual rarcrack program.
Issue the following command to download and save rarcrack in your Places -> Home Folder.

Now we need to extract the archive we just downloaded.

And then we will have to set the current working directory to the extracted content's directory done as following.

And now you need to compile the program, easily done as follows.

You must also install the program and this command requires administration rights (you will be asked for administrator password after entering the command).

"sudo" is the parameter to put before the actual command to execute it as administrator, note that you only need to enter "sudo" before a command once per console window.
And last but not least lets get the actual Neurospace.7z archive. The following command covers that just fine.


Now you can go on testing if rarcrack works, try the following command.

Also optimize amount of threads for best performance, max 12 threads.
If it starts to crack the archive it works.

To modify on where to start cracking and how many letters aswell as what characters to include in tests you must first run rarcrack once like the above test of rarcrack as it creates an XML file which contains last position in cracking (you can turn off the program in the middle of the process and continue once you start it again).
Open up the XML file, should be named Neurospace.7z.xml.
Look at the following, and set accordingly to your needing.

This tells us that it will try a-z and A-Z characters, and it will continue from DGYTzA, the next password test will in this case be DGYTzB and going forward...

I suggest play around with it some :tongue:

QA

• Q: Can you run windows program's on linux?
• A: Yes you can, you need Wine (see Applications -> Ubuntu Software Center, search for and install "Wine").

Hope the tutorial will help someone atleast :tongue:

---

Thanks. Tell me what letters to do i can do 2 maybe 3 at a time. Im guessing you used the idea of livedisk from me? :P

Lol lets wait maybe he reply me the password :P i may made a deal >=D xD

;) don't send him a e mail then he would find it out D: xD

Quote:

---

Originally Posted by MisterKid

Lol lets wait maybe he reply me the password :P i may made a deal >=D xD

;) don't send him a e mail then he would find it out D: xD

---

Cutting a deal with someone? ;)

Great guide nicco, maybe more people will join in with that said.
But does rarcrack work for this archive?

Quote:

---

Originally Posted by SerusUriel

I just noticed that RarCrack is not working for this archive -.-

i got suspicious the moment i saw rarcrack increases the pw/s to avg 60k
then

i made a new 7z archive with the same cryption and pw 123 the tool could not find the PW without having p7zip on Ubuntu. And with this tool installed it always tells me that the correct password was found when trying this with the Neuospace.7z But with every letter.

I dont know where the Problem is. But its realy hard to believe that my CPU even if it is an i7 can handle 60k passwords per second.

---

^Taken from the other thread.
Just wanna make sure it works for everyone else or so. We don't want like loads of us using rarcrack only to find out it doesn't work.

Quote:

---

Originally Posted by Mythx

Great guide nicco, maybe more people will join in with that said.
But does rarcrack work for this archive?



^Taken from the other thread.
Just wanna make sure it works for everyone else or so. We don't want like loads of us using rarcrack only to find out it doesn't work.

---

not entirely sure but i know the 7z cracker for windows does the same thing to the one serus had

4.6k passwords a second. Not bad for 1 computer i supose. That is at 12 threads anyway. Im going to start at t with 1 comp. Then use on other 2 later maybe. Quick question the xml does it start with capital or lowercase? 5 threads i get 5.3k per sec.

Depends on what order you charset is.

Quote:

---

Originally Posted by spikensbror

Depends on what order you charset is.

---

Thanks got it sorted. Starting with taaaaa

i know what serus meant now, linux doesnt have a defualt extractor for 7zip. i made an archive with same encryption and made the password 123456 started it and the cracker went right past 123456 without flagging it had found the password, you need to get something called p7zip if your cracking on linux and install it, then you can open/extract 7zip files only problem is once you can the cracker says every password is correct, either the archive has some antibrute force thing on or i dunno.

anyone have any ideas what would cause the cracker to think everything is the right password on the archive?

else the only way it seems possible to get the pass is guess it

I know the reason.
The reason is, only the files are encrypted, not the archive.
And the bruteforcer only checks the archive.

Quote:

---

Originally Posted by spikensbror

I know the reason.
The reason is, only the files are encrypted, not the archive.
And the bruteforcer only checks the archive.

---

so how would you go about sorting it?

You guys should make a list of what has already been bruteforced.

Quote:

---

Originally Posted by heathj

so how would you go about sorting it?

---

Nicco's program possibly?

Quote:

---

Originally Posted by spikensbror

I know the reason.
The reason is, only the files are encrypted, not the archive.
And the bruteforcer only checks the archive.

---

Then 7z is different on linux than windows.

My program 7zBruteForce runs the following command line.

Quote:

---

7z t -p"password" Neurospace.7z

---

And that tests all files in the archive (in windows), and foreach file it prints out the result to the console, and if a file is corrupted (AKA wrong password), it's gona write that after the file name, sorta like:

Quote:

---

test\file.cpp : Data Error (Wrong Password?)

---

My program checks if the output of the execution of 7z.exe contains the string "Wrong Password?"

However linux rarcrack does the same BUT it checks if the string contains "ok", and if a file is named "ok" its gona return true (that might be the problem?)

I will manually try to see what happens with wrong and correct password and update rarcrack.. But I'll need to sort things out and to make a 7z archive (I'm on linux atm on all pc's and I'd prefer using 7-zip GUI to create an archive, so I'll install that on Wine)

ps, darkesthour, I added you to t***** range. ... Edit: Reim did that for me, thanks :P

Quote:

---

Originally Posted by spikensbror

I know the reason.
The reason is, only the files are encrypted, not the archive.
And the bruteforcer only checks the archive.

---

any suggestions then?

Quote:

---

Originally Posted by heathj

so how would you go about sorting it?

---

Rarcrack is open source and written in C, so it could be rewritten to brute force the files instead of the archive. However, I have no idea how to make it do this =/

The first ever community project that's actually getting somewhere, even if its really slow.

Start getting organized, assign someone the leader to make note of whats done already etc. Write down what letters have been done and whatever, you guys know what to do.