Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Apr 2014 22:54:12 +0200
From: Nicolas RUFF <nicolas.ruff@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: BMC Patrol password representations

Acta Est Fabula

I downloaded the tool from:
ftp://ftp.bmc.com/pub/patrol/COMMON_INSTALL7.5.62/Windows/

Both CTLTOOL.EXE and BMCPWK.DLL files were present in archive.

The key is hardcoded indeed.

The following Python script will successfully decrypt all provided
hashes - please let me know if it does not work for you.

If you wonder where 'key' and 'iv' come from, they were generated by
OpenSSL 0.9.7c EVP_BytesToKey() routine called as such:

    cipher = EVP_get_cipherbyname("des-cbc");

    dgst=EVP_get_digestbyname("md5");

    EVP_BytesToKey(cipher, dgst, salt,
        (unsigned char *) password,
        strlen(password), 1, key, iv);

... where password is 'Acta Est Fabula'.

@ Nicolas Collignon: you wasted 15 minutes of my holiday time. Luckily
for you, I accept compensations both in bitcoins and beers :)

Regards,
- Nicolas RUFF

-----8<----------8<----------8<----------8<----------8<----------8<-----
#!/usr/bin/env python

from Crypto.Cipher import DES

h_list = [ "qRvQlJa8fP2coTEKUS3GMpP+JgOI++Vu", # password
"mXO2dM2nG8ycoTEKUS3GMpP+JgOI++Vu", # password
"yqPtMPfb2O+coTEKUS3GMpP+JgOI++Vu", # password
"Jx/+e9ELvnacoTEKUS3GMpP+JgOI++Vu", # password
"MNCeVG86eAGcoTEKUS3GMjOl7fkSjnT55U4ERhrW2PQ=", # passwordpassword
"uPef75JsmPScoTEKUS3GMjOl7fkSjnT55U4ERhrW2PQ=", # passwordpassword
"9DlFoY5JCzycoTEKUS3GMjOl7fkSjnT5IEoCjMbsWAL25GCJKOLe0A==", #
passwordpasswordpassword
"MFy1FKeQXWycoTEKUS3GMjOl7fkSjnT5IEoCjMbsWAL25GCJKOLe0A=="  #
passwordpasswordpassword
]

def my_decrypt(data):
    keybin = "9927cf23060444d9".decode("hex")
    iv ="f7f7b3785607488a".decode("hex")
    c = DES.new(keybin, DES.MODE_CBC, iv)
    return c.decrypt(data)

# also removes the padding
def check_padding(data):
    last = ord(data[-1])
    if ((last < 1) and (last > 8)):
        raise PaddingError
    else:
        for i in range(last):
            if (ord(data[-(i+1)]) != last):
                raise PaddingError
    return data[:-(last)]

def full_decrypt(data):
    step0 = data.decode('base64')
    step1 = my_decrypt( step0[8:] )
    step2 = check_padding(step1)
    print data, " = ", step2
    return

for h in h_list:
    full_decrypt(h)
-----8<----------8<----------8<----------8<----------8<----------8<-----

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.