Skip to content

rcpacini/LabVIEW-VI-Hacker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LabVIEW-VI-Hacker

Unlocks password protected LabVIEW VIs

Disclaimer: This is for demonstration purposes only, not to be used for malicious intent.

Note: This does not support VI's in LLB's, copy the VI out of the LLB first.

Getting Started

Open the /src/VI-Hacker.vi, enter a password protected VI Path (that's not in an llb).

Run the VI to unlock the password protected VI and preview the content in new VI.

Note: The original source VI remains unmodified.

Demo

You are now able to see what's on the block diagram.

Downloads

This project is saved in LabVIEW 2022. Older LabVIEW version zips are located in /builds/:

How does it work?

The VI-Hacker library uses a simplified variation of the VI-Explorer-VI brute force algorithm to calculate the MD5 password salt to regenerate and replace the Block Diagram Password (BDPW) MD5 password hashes. The MD5 of the original password is concatenated with the owning libraries (LIBN) block (as colon delimited qualified library path) and LabVIEW Source (LVSR) data block. The password salt is then calculated by brute force and checked against the first password hash (Hash1). Once the salt if found, the BDPW.Password(MD5) + LIBN.QualifiedPath + LVSR.Content + Salt are concatenated with the uncompressed block diagram heap (BDHc, BDHb, or BDHP) to generate the final hash (Hash2). ZLib is used to uncompress the block diagram heap (BDHc, BDHb) for the final password hash. The Block Diagram Password (BDPW) block is then replaced within the VI file:

BDPW:
  Password (MD5) - 16 bytes
  Hash1 (MD5) - 16 bytes
  Hash2 (MD5) - 16 bytes

The VI is saved to a new path and then loaded as a VI scripting template to avoid application content switching.


Credit

Ryan Pacini (c) 2023

ZLib - Defalte to uncompress block diagram heap LICENSE

VI-Explorer-VI - Salt cracking LICENSE