home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chaos Computer Club 1997 February
/
cccd_beta_feb_97.iso
/
chaos
/
ds54
/
ds54_13.txt
< prev
next >
Wrap
Text File
|
1997-02-28
|
4KB
|
151 lines
Seite 12 Aus~be 54
From: Frank Andrew Stevenson
cfrank@ funcom.no~
TQ. cypherpunks@toad.com
Subject: Cracked: WINDOWS,PWL
Date: Mon, 4 Dec 1995 17:51:36 +0100
(ME~
A few days ago Peter Gutmann posted a
description on how Windews 95 produces
RC4 keys of 32 bits size to protect the .pwl
files. I verif~ed the information and wrote a
program to decrypt ,pwl files with a known
password, I then discovered that the .pwl files
where well sulted for a known plaintext
attack as the 20 D~rst bytes are completely pre-
dictable.
The 20 first bytes of any .pwl files contains
the username, which is the same as the f~lena-
me, in capitals, padded with 0x00. From then
I wrote a program to bruteforce the .pwl file
and optimized it so it would run in less than
24 hours on an SGI. I run a test of the bruter
software and recovered an untnown rc4 key
in 8 hours, but the decrypted f~le was still lar-
gely uninteligeble, I then proceeded to
decrypt the file at all possible starting points,
and discovered valuable information
(cleartext passwords) offset in the file. This
has enormous implications: RC4 is a stream
cipher, it generates a long pseudo randor,n
stream that it uses to XOR the data byte by
byte. This isn't neccecaraly weak encryption
if you don't use the same strearn twice: howe-
ver WIN95 does, every resource is XORed
with the sarne pseudo random stream. What's
more the 20 first bytes are easy to ,guess. This
is easy to exploit: XOR the 20 bytes starting
at position 0x20X with the user name in
uppercase, and slide this string through the
rest of the file (xoring it with whatever is
there) this reveal,s the 20 f~rst bytes of the dif-
ferent resources.
From there I went on to study the structure of
the .pwl file it is something like this (decryp-
ted):
USERNA}4E WPWPWPWPWPWPWPWP
wpwp
rs???????
rs
rs
rs?7?????????
rs???????
where wp is i word pointer to the different
resoürces (from start of pwl file) The 2 first
bytes of the resource (rs) is its length in bytes
(of course XOR with RC4 outpüt) It is the
fairly easy to find all the resource pointers by
jumping from start of resource to next resour-
ce, had it not been for the fact that the size
sometimes is incorrect (courtesy of M$)
What follows is a short c program that tries to
remedy this and reconstruot the pointertable
thüs generating at least 54 bytes of the pseu-
dorandom stream, and then proceedes to
decrypt as much as possible from the
different resources.
What does this show? Although RC4 is a fair-
ly strong cipher, it has the same limitations as
any XOR streamcipher, and implementing it
without sufficient knowledge can have dire
consequences. I stron.gly suggest that the pro-
grarnmers at Microsoft do their homework
before trying anything like this again!
DISCLAIMER:
This is a quick hack, I don't make any claims
about usefulness for any purpose, nor do I
take responsibility for use nor consequences
of use of the software. F[JNCOM of Norway
is not ~esponsible for any of this,
(I speak for myself, and let others speak for
themselves)
This source is hereby placed in the public
domain, please improve if you can.
~c ~sicnie~ku~cr - Das wissenschaftliche Fachblatt fÜr Daterueisende [ -
~f. £st - - Ial~cr - Das wissenschaftliche Fachblatt fUr Datenreisende.
Aüsgabe 54
Seite 13
glide c ---
#include cstdio.h~
#include cstrTng h>
unsigned char Data[100001 l;
unsigned char keystream[1001];
int Rpointl300];
main (int argc,char ~argv~)
FILE *fd;
int i,j,k;
int size;
char ch;
char *name;
int cracked;
int sizemask;
int maxr;
int rsz;
int pos;
int Rall[300]; /* resource allocation table */
if (argcc2) ~
prinff(''usage: glide filename (usemame)");
exit(1 );
t. read PWL file ./
fd=fopen(argvl1 ],"rb");
if(fd--NULL) (
printf(''can't open file %s",argv[2]);
exit(1 );
)
size=0;
while(ffeof(fd))
stze--;
fciose(fd);
Datalsize++]=fgetc(fd);
/* find usemame */
name=argv|1];
if(argc>2) name=argv|2];
pRntf("Use mame: %sYn",name);
/* copy encrypted text inlo keystream */
[^