begood Posted January 22, 2013 Report Posted January 22, 2013 (edited) Cracks a Mega password from a confirmation link. Do NOT post your confirmationlink because it contains not only a hash of your password but your encryptedmaster key. Once the master key is disclosed all your file can be decrypted../megacracker-64 [options] -h|--hash=<string> Confirmation link. -H|--hash-file=<file> File with confirmation links. --help Display help and exit. -i|--input=<file> File with passwords to test [default is stdin]. -I|--input-precomp=<file> File with pregenerated data. -o|--output=<file> Output data to use later.Copyright © 2013 Steve Thomas <steve AT tobtu DOT com> This is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. There is NO WARRANTY, to the extent permitted by law.---------------There are at least six things in the confirmation link: * Encrypted master key (16 bytes) * Password hash (16 bytes) * Unknown field (15 bytes?) * Email address * Name * Unknown field (8 bytes?)This will extract the password hash and crack it.This will except confirmation links in these forms (You can truncate the data after #confirm to 43 characters): * https://mega.co.nz/#confirm........................................... * mega.co.nz/#confirm........................................... * #confirm........................................... * ...........................................If you want to generate some you can run this in your web browser's console:var pw_aes = new sjcl.cipher.aes(prepare_key_pw("password"));base64urlencode( a32_to_str( encrypt_key(pw_aes, [rand(0x100000000),rand(0x100000000),rand(0x100000000),rand(0x100000000)]))+ a32_to_str( encrypt_key(pw_aes, [rand(0x100000000),0,0,rand(0x100000000)])));dqKqDkwkeaJZCSm8gOUTRsgil2fSec1H4J0i2Z8aIbgThis is a precomputed list of passwords. You can use this with -I|--input-precomp:https://mega.co.nz/#!rYkkTYzA!B_qWf18rDV4NrXAFM4vwwCdYhvRY14zkFyMITAMQSeYhttp://www.tobtu.com/files/megacracker.zipwebsite : https://mega.co.nz/ Edited January 22, 2013 by begood Quote
