Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:51

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 01:13 

Joined: 30 Apr 2009 21:06
Posts: 22
What algorithm does IPSwitch WS_FTP use to encrypt their stored passwords?
the password show look like this :
_oEEbbzFf0RwTeVzP1MnsYYAwMcERCjz6tn9WJAs9LKV5aDNbZSAfmw==
not crypted is :
3907841

Thanks


Top
 Profile  
 
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 16:56 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
get my decoder from http://aluigi.org/pwdrec/wsftppwd.zip
then create a new file (for example call it test.txt) and put that password in it using a syntax like the following:
Code:
PWD="_oEEbbzFf0RwTeVzP1MnsYYAwMcERCjz6tn9WJAs9LKV5aDNbZSAfmw=="


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 17:36 

Joined: 30 Apr 2009 21:06
Posts: 22
Thanks aluigi didnt saw this but yeah i have a hard work ...
as i dont know the c langage is hard for me to convert it to c
altought i may need the password algo in theory...

Thanks


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 17:48 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the algorithm is very trivial because it's just the usage of some openssl functions.
first you must decode the string with base64 to obtain the sequence of bytes (remember to skip the first _ char of the string before you decode it) and then:
Code:
    unsigned char       key[] =
                        "\xE1\xF0\xC3\xD2\xA5\xB4\x87\x96\x69\x78\x4B\x5A\x2D\x3C\x0F\x1E"
                        "\x34\x12\x78\x56\xab\x90\xef\xcd";
    EVP_CIPHER_CTX      ctx;

    EVP_CIPHER_CTX_init(&ctx);
    EVP_DecryptInit(&ctx, EVP_des_ede3_cbc(), key, key + 16);
    EVP_DecryptUpdate(&ctx, pwd, &len, pwd, len);
    EVP_CIPHER_CTX_cleanup(&ctx);
where:
- key is that sequence of 24 bytes
- pwd is the sequence of bytes
- len is their length

that's all :)


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 22:46 

Joined: 30 Apr 2009 21:06
Posts: 22
ok Thanks aluigi i hope i understand what you mean
ok first step done
old
Code:
PWD="_oEEbbzFf0RwTeVzP1MnsYYAwMcERCjz6tn9WJAs9LKV5aDNbZSAfmw=="

remove the first _ char of the string and decode it it show now
Code:
PWD="Ao1_??y\????????a???01??
<????V$ =,??yh3[e ???"


ok now i dont have any idea how to implement cipher on vb6 :s
hope you can help me to sort this cause i really need to decrypt it


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 22:57 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I know only C and the openssl functions are there so I can't do much.
anyway the resulted string you have pasted is ok so the first part is done.


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 11 Jun 2009 23:18 

Joined: 30 Apr 2009 21:06
Posts: 22
hmm searching around on some forums via google , and found a guy who is searching the same as me
Code:
http://www.xtremevbtalk.com/showthread.php?t=304177


but doesnt help...
i really appreciate your help Aluigi but the bad luck is that you dont code on vb6...
i hope someone here with vb6 knowledge can help to bypass this

Thanks


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 12 Jun 2009 15:03 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmm let me resume: I have made the reversing job, I have released the decoder, I have released the full source code of the decoder, I have even highlighted the part of code which does the job which simply uses the functions of one of the most used libraries on the world... a cappuccino? coffee and brioches, no? :)

oh come on, never let the other people to do the work you can do alone otherwise it's better to disconnect the brain because becomes useless.


Top
 Profile  
 
 Post subject: Re: IPSwitch WS_FTP ?
PostPosted: 17 Nov 2010 10:46 

Joined: 08 Nov 2010 11:36
Posts: 2
Please, tell me, can i decrypt ws_ftp pass with the help of wincrypt functions (CryptAcquireContext, CryptDecrypt and etc.) ?

OpenSSL static lib is too big for me :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: