LabVIEW

---

@TorPedoCXC wrote:

You could try to overwrite the hash with a known hash like '5F4DCC3B5AA765D61D8327DEB882CF99' (which is the hash for "password").

 

But if I remember correctly VI's are also protected against tampering by a checksum (another hash).

---

Save your time for better things. It won't work, since there are indeed double hashes that make it useless to overwrite the hash in the VI. And in recent LabVIEW versions, this has been made even more complicated especially when one uses libraries.

Rolf Kalbermatter  My Blog DEMO, Electronic and Mechanical Support department, room 36.LB00.390

---

@rolfk wrote:

 

Save your time for better things. It won't work, since there are indeed double hashes that make it useless to overwrite the hash in the VI. And in recent LabVIEW versions, this has been made even more complicated especially when one uses libraries.

---

Okay, then the best bet would be an attack on the MD5-hash. Modern hardware components like graphic cards enable you to generate at least around 300 million hashes per second. Depending on the complexity of your forgotten password this allows you to effectively attack the protection. Using uppercase, lowercase and numeric characters for an eight character password results in a key space of 218.340.105.584.896 possible passwords and thus hashes. Dividing this by roughly 300 million hashes per second results in a maximum needed time of 727.800 seconds or less than 8,5 days (in average the password will be found in half of that time). If you still know certain things about the password the key space can be significantly reduced. For example: You know that the password begins with an uppercase letter and ends with a numeric and has a maximum lenght of 10 characters (Example: Spasswort1). This results in only 54.295.036.789.760 possible passwords - even less than a complex password of eight characters.

Just compare this method to the usual method of trying passwords directly in LabVIEW by the use of the Lock state:Set method which allows something between 10 and 30.000 passwords per second (depending on the LabVIEW version).

Another advantage of this method: it scales perfectly. Just install another GPU and you are able to generate 600 million hashes per second, effectively halving the amount of time needed.

I believe this is the most efficient way to break the password protection scheme. I don't know about the exact format of the VI-files yet and the way LabVIEW creates executable code. There is a chance that LabVIEW stores the source code unencrypted because you are able to compile each password-protected VI without providing the password. If (big IF) this is the case (and LabVIEW doesn't instead use some kind of platform-independent intermediate bytecode to create it's excutable code) then there exists another possibility: Manipulate the LabVIEW executable so it doesn't care about the correct password and goes on to show the block-diagram.

TorPedroCXC,

Do you realize you have bumped an 5 year old thread?

i hope they have rewritten the VI since then.

Ben

---

@Ben wrote:

TorPedroCXC,

 

Do you realize you have bumped an 5 year old thread?

 

i hope they have rewritten the VI since then.

 

Ben

---

Sorry for bumping such an old thread. I just checked the diagram-password-protection. It's still a regular MD5-hash. Out of curiosity I just opened some of the built-in password-protected VIs. Too easy...

I also created some own password-protected VIs to make sure that this is not a problem of some old file-formats. At least the LabVIEW 2010 format still uses this simple protection.

Oh, and I have to correct my statement about being able to create about 300.000.000 hashes per second. I just ran some tests and found out that even my single GPU system is able to create almost 6.000.000.000 hashes per second.

Got an e-mail today... many happy hours passed back then and perhaps forgotten

Thanks guys for reminding me of one of the happiest periods in my past..

I teach some students LabVIEW now occasionally but don't use it myself other than on Mindstorms with the kids.

From Ben -about 5 years agoe

"Now now I think we have said quite enough on this topic.

Let us sufice to say that that it is quite secure and is suficient to thwart the attacks of even the most knowledgable amoung us. "

Ben,

This person seems to have a mission to respond to all the password threads and state how he has figured out the secret to the NI's password scheme.  I'm not sure if he is legitimate, or just someone out trolling.  I don't know what else you can say about some who has been on the forums for only 5 days, and his only contribution is 4 messages bragging about how he is able to break NI's password protection scheme.

Let's find out.

Torpedo, I have attached a LV2011 VI that is password protected.  Unlock the password and tell me what the constant on the block diagram says.  If you are able to tell me word for word, then I'll believe you do know how to break the password.

---

@Ravens Fan wrote:

Ben,

 

This person seems to have a mission to respond to all the password threads and state how he has figured out the secret to the NI's password scheme.  I'm not sure if he is legitimate, or just someone out trolling.

 

 

Let's find out.

 

Torpedo, I have attached a LV2011 VI that is password protected.  Unlock the password and tell me what the constant on the block diagram says.  If you are able to tell me word for word, then I'll believe you do know how to break the password.

---

I'm not trolling. I just want to show you the weaknesses of the protection LabVIEW implements. I cannot open your VI because it's created with LV2011. Please convert it to LV2010 and I'll give it a try.

Edit: Oh, and by the way. I only wanted to make clear that not everything is lost for people who forgot THEIR password of a specific VI. Especially because these people know at least some facts about their used passwords like approximate lenght and characters used. That was the main intention of my first reply.

Are you saying the protection changed between LV 2010 and LV 2011?

Or is it that you just don't happen to have LV2011?

Here is the LV2010 version of the VI.

---

@Ravens Fan wrote:

Are you saying the protection changed between LV 2010 and LV 2011?

 

Or is it that you just don't happen to have LV2011?

 

Here is the LV2010 version of the VI.

---

I don't know about the protection used in LV2011, but I doubt that it changed. I just don't have LV2011.

Without knowing anything about the password I am not able to crack it. I ran a bruteforce attack on the hash (which was again easily obtained with a hex-editor) but I cannot allow my PC to do such unproductive work and waste energy when I have better things to do, so I cancelled it. I suppose you used a "special" password like 20 characters mixed with special characters just to annoy me.

But I never said that I am able to crack every password, nor did I say or brag with my skills in doing so. I just thought out loud that the protection is not safe anymore when you use passwords up to a certain amount of characters. I am able to test 6.000 million passwords with my method which is a lot more than the former "lock state:set" method and enough to crack passwords that are usually used. No one uses something like "##sf934dn9ESWSg'#§§w45r__ds" for his passwords when he protects his OWN block-diagrams. You use passwords like "<InsertRandomWordHereWithAbout8To10Characters><InsertRandomNumberHereFrom0To9999Here>". And it's these passwords that get into reach when you attack the hash instead of the LabVIEW protection. Especially when you help a legitimate owner of a VI, since he can tell you the maximum lenght of the password and if he mixes up upper- and lowercase letters and so on.

I could prove this by posting some block-diagrams of the built-in VIs of National Instruments. They used "normal" passwords that often took only minutes to crack. Again: I don't care about bragging, nor do I consider myself very smart, but if you start thinking about my statements you'll have to admit that I am right.

Attached block diagram's VI used a password of 11 lowercase letters.