As I understand it, Ekted did all of the gui/windows forms stuff, but I'm still under the impression that Priit wouldn't put his name on something that used just xor for encryption anywhere down the line.
CypherJF - Sat Jun 10, 2006 7:20 pm
Post subject:
Who here is saying the password is XOR? I wish people would get off of it already. lol
BDwinsAlt - Sat Jun 10, 2006 7:53 pm
Post subject:
Wasn't there a program that cracked the old subbill and listed passwords. I know I saw it somewhere. I downloaded all these files (was not looking for anything malicous) and it came up. I tested it out with my password and it got it right. What about the Gashi "cheat" didn't it send the profile.dat information? Did they find out how to decrypt it? I don't really remeber much about what it did, only it stole profile information.
Anyways to help the guy out... Continuum has to send the password to the biller to log in, right. Well if that password is encrypted you could view catid's source and see how it's being decrypted (assuming it doesn't undergo more than one encryption). If passwords in continuum are not encrypted when sent to the biller, then no.
I downloaded a password revealer once because I forgot a password I used but it stayed in the ICQ Box, so I revealed it and found out what it was. It was easier than changing it. The tools works with continuum too. I am assuming the Gashi guys got the profile info and loaded it into their continuum folder. Then they used a revealer and BAM.
Just my thoughts, now you can flame away at me and everything I did wrong.
CommieCausey - Sat Jun 10, 2006 10:39 pm
Post subject:
Maybe I am wrong here but it seems to me Doc Flabby is asking for the encryption used to store the profile's password into the registry.
This is alot simpler than Continuum or even SubSpace's encryption and involves no keys. The password is decrypted from the registry before it is used to login (and encrypted again). It's just encrypted to hide it from the prying eyes of regedit-ers. It's also stored in profile.dat.
I would be willing to help Doc by giving him code to do it. Would anyone have objections to me helping him?
BDwinsAlt - Sat Jun 10, 2006 10:53 pm
Post subject:
Not at all, as long as he releases the source to me . :)
CommieCausey - Sun Jun 11, 2006 4:59 am
Post subject:
I came back to check the topic and noticed he didn't want to decrypt them anyways oops! So I guess it is pretty harmless. C source code attached hope it helps you Doc.
Ok I get an error when I try to upload it so I will just copy/paste it is pretty short.
Code: Show/Hide /* Continuum profile password encryption * * CommieCausey (commiecausey@gmail.com) * 7/10/06 */ #define PLAINTEXT_MAX 32 #define CYPHERTEXT_MAX 72 #include <string.h> long algo(long arg) { long eax, ecx; ecx = arg; eax = ecx << 5; eax -= ecx; eax = ecx + eax * 300 + 0xC091; return eax % 0x38F40; } void encPassword(const char *plaintext, char cyphertext[CYPHERTEXT_MAX+1]) { char padded[PLAINTEXT_MAX+1]; long eax, ebx=1, edx, ebp=0, key=0; int i, write=0; strcpy(padded, plaintext); for(i=strlen(padded); i<=PLAINTEXT_MAX; ++i) padded[i] = 0; for(i=0; i<PLAINTEXT_MAX; ++i) { eax = padded[i]; key ^= eax; ebp += eax * 91; ++eax; ebx *= eax; } key = (algo(ebx + key) << 16) | algo(ebx += ebp); for(i=0; i<0x64; ++i) { ebx = (algo(key >> 16) << 16) ^ algo(key); key = ebx; } /* start writing to string */ for(ebp=key, ebx=i=0; i<PLAINTEXT_MAX; ++i) { key = algo(key); eax = padded[i]; eax ^= (key & 0xFF); sprintf(cyphertext+write, "%02X", eax); write += 2; if(i == 6) { edx = ebp ^ 0x6A93C4F2; sprintf(cyphertext+write, "%08X", edx); write += 8; } } } |
Doc Flabby - Sun Jun 11, 2006 7:47 am
Post subject: