AIM 5.x

Login information

Aim 5.x login sequences use salt and hash the password - this is adequately secure. Here is the format:

md5(SignonChallenge & md5(password) & "AOL Instant Messenger (SM)")

Keep in mind that if your md5 function returns an enhexed string you need to dehex it before hashing it the second time. The login server uses the oscar protocol.


Saved password information

The AIM 5.x hashes in the registry are actually formatted in such a way that they are extremely easy to crack, even for longer passwords.

Let's look at an example hash:

KiXrSfv5vY+aublU5zh0L3M+cqJ/3HBOX+Sb/7r8iK4=

This hash represents the password:

08-L7TwCzFc9j\'6

Now, lets de-Base64 it and enhex it so it's easier to read:

2a25eb49fbf9bd8f9ab9b954e738742f    733e72a27fdc704e5fe49bffbafc88ae

Note how I've split it into two segments - the first half is just the md5 hash of the password, plain and simple. The second half is the md5 hash of the first eight characters, in lowercase. One caveat though, any characters that are not alphanumeric are discarded, so in this case the actual password we are hashing is:

08l7twc

If five of the first eight characters had been non-alphanumeric we would have only hashed the remaining three in lowercase form. This makes cracking exceptionally easy for passwords eight characters or less, because you only have to crack the alphanumeric password, then if that doesn't work it's just a matter of determining where the extra symbols fit. With passwords longer than eight characters it reduces the number of possibilities you have to try by the billions, since you can find the first eight alone. It makes it the equivalent of cracking two eight character passwords instead of one sixteen character password.

This is the difference between 43608742899428874059776 and 417654129152 possibilities to try (based on all combinations of lowercase letters) - as you can see, it's many magnitudes easier to crack two smaller passwords. Enjoy! :)


Stability

These versions tend to be fairly stable, though extremely fast scrolling with plenty of clones will cause the server to disconnect clients from chat rooms.


Documents