469,306 Members | 1,987 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,306 developers. It's quick & easy.

help with simple password encryptor

Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47 to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?

Regards,
Chris
Dec 31 '05 #1
5 1540
Skeleton Man wrote:
Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47 to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?


For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)

Here's javascript code:

var salStr = '';
var pwd = '';
for (var i=0; i<output.length; i++) {
var sal = Math.floor(Math.random()*9);
salStr = salStr+sal.toString();
sal += 47;
var ch = output.charCodeAt(i)+sal+(i+1);
pwd = pwd+ch.toString(16).toUpperCase();
}

document.write(salStr+'...'+pwd+'<br /><br />');

salStr will have those needed sal numbers (salStr follows "PWD=V"), and
pwd is the encrypted password :)
Dec 31 '05 #2
>For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)


Many thanks.. I tried your JS code, but it doesn't produce the right length
salt.. the salt is always 32 characters, regardless of password length
(excluding PWD=V)..

Take the following encrypted password (hispasec):

PWD=V99728E7229A0B92D08CD74092DAE99BCA1A3ACA59D7DA 29C

The salt part is: 99728E7229A0B92D08CD74092DAE99BC

The password part is: A1A3ACA59D7DA29C

Regards,
Chris

Dec 31 '05 #3
Skeleton Man wrote:
For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)


Many thanks.. I tried your JS code, but it doesn't produce the right length
salt.. the salt is always 32 characters, regardless of password length
(excluding PWD=V)..

Take the following encrypted password (hispasec):

PWD=V99728E7229A0B92D08CD74092DAE99BCA1A3ACA59D7DA 29C

The salt part is: 99728E7229A0B92D08CD74092DAE99BC

The password part is: A1A3ACA59D7DA29C

Not true :) If you look at the script, i goes from 0 to encrypted
password length/2, and since each character of the password is in hex (2
characters), i goes from 0 to clear passwod length. Then, for each i,
sal is 1 character. So, if password length is 8, we'll get 8 sal's, etc.
Basically, the encrypted string should look like

"PWD=V"+{salStr goes here}+{something else goes here}+{encrypted pwd
goes here} :)
luph
Jan 1 '06 #4
On 2005-12-31, Skeleton Man <in*****@guestwho.com> wrote:
Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47
why not add 47 - AFAICT it's main purpose is some lame attempt at
encryption.
to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?


assuming sal will be the same.

var hexval=parseInt(claro) +i +1 + ((47+parseInt("0x"+sal))%57);

you'll then have to convert hexval to hex...
--

Bye.
Jasen
Jan 1 '06 #5
>Not true :) If you look at the script, i goes from 0 to encrypted
password length/2, and since each character of the password is in hex (2
characters), i goes from 0 to clear passwod length. Then, for each i,
sal is 1 character. So, if password length is 8, we'll get 8 sal's, etc.
Basically, the encrypted string should look like "PWD=V"+{salStr goes here}+{something else goes here}+{encrypted pwd
goes here} :)


Many thanks, and my appologies, you are indeed correct.. it seems that the
rest is padding to make up the 32 chars.. you can put anything in between
the salt and the password and it still works.. That really is weak
encryption !!

Regards,
Chris
Jan 1 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Cergon | last post: by
6 posts views Thread by \jason via DotNetMonster.com\ | last post: by
22 posts views Thread by j1mb0jay | last post: by
1 post views Thread by dan.cawthorne | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by harlem98 | last post: by
1 post views Thread by Geralt96 | last post: by
reply views Thread by harlem98 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.