Security Basics mailing list archives
Re: Cracking simple password encryption
From: David Hogue <davehogue () gmail com>
Date: Fri, 23 Dec 2005 18:37:41 -0800
On 12/22/05, S.A.B.R.O. Net Security <sabronet () indy rr com> wrote:
It almost appears to be or very close to a simple Base64 scheme with maybe a shift or substitution somewhere. For example, your patterns : a aQ== b cg== c ew== Now heres the results of a true Base64 encrypt : a YQ== b Yg== c Yw== As you see the results are very close. Hope this helps some.
Yes it does look like it is base64 now. I have a few more passwords that I put into html at http://vorpal.cc/~david/samples.html. Also on that page is the base64 decoded values and hex values of the passwords. I feel like I am very close to getting this. It looks like each character is 3bits left and XORed with itself. Characters after the first are XORed with the previous shifted right 5 bits. However every fourth character is treated differently if the password is longer than 3 characters. I haven't figured that part out yet. Here is some C# code that correctly encodes up to 3 characters: private static byte[] Encode(byte[] a) { byte[] c = new byte[a.Length]; for (int i = 0; i < a.Length; i++) { c[i] = (byte)(a[i] ^ (a[i] << 3)); if (i > 0) c[i] = (byte)(c[i] ^ (a[i - 1] >> 5)); } return c; } Since we found a utility that will reverse the encoding, this I don't really need to get this anymore. At this point it is purely for entertainment :) --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Cracking simple password encryption David Hogue (Dec 21)
- Re: Cracking simple password encryption Kaushik (Dec 26)
- Re: Cracking simple password encryption Gilles DEMARTY (Dec 26)
- Re: Cracking simple password encryption Alexander Klimov (Dec 26)
- Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption S.A.B.R.O. Net Security (Dec 26)
- Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption jim (Dec 26)
- Re: Cracking simple password encryption Chris Largret (Dec 26)
- Re: Cracking simple password encryption Thomas Muders (Dec 26)
- <Possible follow-ups>
- Re: Cracking simple password encryption securityfocus (Dec 26)
- Re: Cracking simple password encryption warl0ck (Dec 26)