Thursday, November 18, 2010
Anu
The password option in MS Win iseasily defeated, but there are those of us who really want to know how MS doesthis. There are many reasons why knowing the actual password can be useful.
Suppose a sysamin used the same password in the windows screen saver as hisroot account on a unix box.
Anyway, I will attempt to relay whatI have learned about this algorithm.
I will describe the process startingafter you've entered the password and hit the [OK] button.
I will make the assumtion that everyone(at least those interested) know what the XOR operation is.
First, the length of the password issaved. We'll call this 'len'. We will be moving characters from the enteredstring into another string as they are encrypted. We'll call the originallyentered password 'plaintext' and the encrypted string(strings--there are twopasses) 'hash1' and 'hash2.' The position in the plaintext is important duringthe process so we'll refer to this as 'pos.' After each step of the hashingprocess, the character is checked against a set of characters that windowsconsiders 'special.' These characters are '[ ] =' and any character below ASCII33 or above ASCII 126. I'll refer to this checking operation as 'is_ok.' Allindecies are zero-based (i.e. an 8 character password is considered chars 0 to7).
Now, the first character of'plaintext' is xor'd with 'len' then fed to 'is_ok'. if the character is notvalid, it is replaced by the original character of 'plaintext' before going tothe next operation. The next operation is to xor with 'pos' (this is uselessfor the first operation since 'len' is 0 and anything xor'd with zero isitself) then fed to 'is_ok' and replaced with the original if not valid. Thefinal operation (per character) is to xor it with the previous character of'plaintext'. Since there is no previous character, the fixed value, 42, is usedon the first character of 'plaintext'. This is then fed to 'is_ok' and if OK,it is stored into the first position of 'hash1' This process proceeds until allcharacters of plaintext are exhausted.
The second pass is very similar,only now, the starting point is the last character in hash1 and the results areplaced into hash2 from the end to the beginning. Also, instead of using theprevious character in the final xoring, the character following the currentcharacter is used. Since there is no character following the last character inhash1, the value, 42 is again used for the last character.
'hash2' is the final string and thisis what windows saves in the file CONTROL.INI.
To 'decrypt' the password, the aboveprocedure is just reversed.
Now, what you've all been waitingfor. Here is some C code that will do the dirty work for you:
#include<stdlib.h>#include<stdio.h>#include<string.h>intxor1(int i,int j){int x;x=i^j;return(x>126||x<33||x==91||x==93||x==61)?i:x;}voidmain(){FILE *f;int i,l;char s[80],s1[80];printf("Please enter the path to yourWindows directory\n");gets(s1);sprintf(s,"%s%scontrol.ini",s1,s1[strlen(s1)-1]=='\\'?"":"\\");if((f=fopen(s,"rt"))==NULL){printf("File Error :%s\n",sys_errlist[errno]);exit(0);}while(strnicmp(fgets(s1,70,f),"password",8)!=0&&!feof(f));fclose(f);strtok(s1,"=\n");strcpy(s,strtok(NULL,"\n"));i=strlen(s)-1;for(l=i;l>-1;l--)s1[l]=xor1(xor1(xor1(s[l],l==i?42:s[l+1]),l==i?0:l),i+1);for(l=0;l<i+1;l++)s[l]=xor1(xor1(xor1(s1[l],l?s1[l-1]:42),l?l:0),i+1);printf("The Password is: %s\n",s);}
Posted in
7 comments:
Where is the "C" code?????
If u want 2 see the code, thn plz hold your mouse button under the blank area n drag it over the code....
or press Ctrl+A
Its a little trick to hide characters...
recently we enable right click button after many requestes, so you can enjoy it...
thanks 'Anu'
can you provide me some another n a easy technique for that n also for cracking that enccryption or some softwares to do that
inspiredhacker@gmail.com
many tools n techiniques are on that site for cracking the encryption
"Code Mobile "
thr r many techniques to crack/hack windows passwords, like chntpw (linux) or DPL or dos bootable cd/usb or ntpasswd or sam cracker or microsoft third party.... etc
so, cn u tell me tht Y WE NEED TO KNOW THE ENCRYPTION TEC OF MICROSOFT ....?
hmmmmm technique to sikh li ab kya isse todnan bhi btaoge JNAB...
yours old friend, Bharat (Gujarat)
Post a Comment