Security Basics mailing list archives

Re: Cracking simple password encryption

From: David Hogue <davehogue () gmail com>
Date: Fri, 23 Dec 2005 18:37:41 -0800

On 12/22/05, S.A.B.R.O. Net Security <sabronet () indy rr com> wrote:

It almost appears to be or very close to a simple Base64 scheme with
maybe a shift or substitution somewhere.

For example, your patterns :

a        aQ==
b        cg==
c        ew==

Now heres the results of a true Base64 encrypt :

a       YQ==
b       Yg==
c       Yw==


As you see the results are very close.  Hope this helps some.


Yes it does look like it is base64 now.  I have a few more passwords
that I put into html at http://vorpal.cc/~david/samples.html.  Also on
that page is the base64 decoded values and hex values of the
passwords.

I feel like I am very close to getting this.  It looks like each
character is 3bits left and XORed with itself.  Characters after the
first are XORed with the previous shifted right 5 bits.  However every
fourth character is treated differently if the password is longer than
3 characters.  I haven't figured that part out yet.

Here is some C# code that correctly encodes up to 3 characters:

private static byte[] Encode(byte[] a)
{
        byte[] c = new byte[a.Length];
        for (int i = 0; i < a.Length; i++)
        {
                c[i] = (byte)(a[i] ^ (a[i] << 3));
                if (i > 0)
                        c[i] = (byte)(c[i] ^ (a[i - 1] >> 5));
        }
        return c;
}

Since we found a utility that will reverse the encoding, this I don't
really need to get this anymore.  At this point it is purely for
entertainment :)

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

Cracking simple password encryption David Hogue (Dec 21)
- Re: Cracking simple password encryption Kaushik (Dec 26)
- Re: Cracking simple password encryption Gilles DEMARTY (Dec 26)
- Re: Cracking simple password encryption Alexander Klimov (Dec 26)
- Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption S.A.B.R.O. Net Security (Dec 26)
  - Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption jim (Dec 26)
- Re: Cracking simple password encryption Chris Largret (Dec 26)
- Re: Cracking simple password encryption Thomas Muders (Dec 26)
- <Possible follow-ups>
- Re: Cracking simple password encryption securityfocus (Dec 26)
- Re: Cracking simple password encryption warl0ck (Dec 26)