By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,101 Members | 1,340 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,101 IT Pros & Developers. It's quick & easy.

help with simple password encryptor

P: n/a
Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47 to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?

Regards,
Chris
Dec 31 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Skeleton Man wrote:
Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47 to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?


For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)

Here's javascript code:

var salStr = '';
var pwd = '';
for (var i=0; i<output.length; i++) {
var sal = Math.floor(Math.random()*9);
salStr = salStr+sal.toString();
sal += 47;
var ch = output.charCodeAt(i)+sal+(i+1);
pwd = pwd+ch.toString(16).toUpperCase();
}

document.write(salStr+'...'+pwd+'<br /><br />');

salStr will have those needed sal numbers (salStr follows "PWD=V"), and
pwd is the encrypted password :)
Dec 31 '05 #2

P: n/a
>For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)


Many thanks.. I tried your JS code, but it doesn't produce the right length
salt.. the salt is always 32 characters, regardless of password length
(excluding PWD=V)..

Take the following encrypted password (hispasec):

PWD=V99728E7229A0B92D08CD74092DAE99BCA1A3ACA59D7DA 29C

The salt part is: 99728E7229A0B92D08CD74092DAE99BC

The password part is: A1A3ACA59D7DA29C

Regards,
Chris

Dec 31 '05 #3

P: n/a
Skeleton Man wrote:
For each cleartext character:
Make random 0 < sal < 9
Add it to character
Add counter (1..length of cleartext) to that
Add 47 to that
Save encrypted result and sal
:)


Many thanks.. I tried your JS code, but it doesn't produce the right length
salt.. the salt is always 32 characters, regardless of password length
(excluding PWD=V)..

Take the following encrypted password (hispasec):

PWD=V99728E7229A0B92D08CD74092DAE99BCA1A3ACA59D7DA 29C

The salt part is: 99728E7229A0B92D08CD74092DAE99BC

The password part is: A1A3ACA59D7DA29C

Not true :) If you look at the script, i goes from 0 to encrypted
password length/2, and since each character of the password is in hex (2
characters), i goes from 0 to clear passwod length. Then, for each i,
sal is 1 character. So, if password length is 8, we'll get 8 sal's, etc.
Basically, the encrypted string should look like

"PWD=V"+{salStr goes here}+{something else goes here}+{encrypted pwd
goes here} :)
luph
Jan 1 '06 #4

P: n/a
On 2005-12-31, Skeleton Man <in*****@guestwho.com> wrote:
Hi,

I came across the basic algorithmfor decrypting WS_FTP Pro 6 passwords as
follows, and I'm trying to reverse it to make an encryption function:

function ws_dec()
{
var str = prompt('Enter encrypted password (including PWD=):','');
var output = '';
passw=str.substring(37,str.length);

for (var i = 0; i<passw.length/2; i++){

var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

output = output +String.fromCharCode(claro);
}

document.getElementById('dec').innerHTML = 'Decrypted Password Is: ' +
output;
}
I understand 95% of what is happening in the above code, but this line
puzzles me:
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

I realise the parseInt() is just converting a hex value to integer.. but I
don't get why it adds 47
why not add 47 - AFAICT it's main purpose is some lame attempt at
encryption.
to the number and mods it with 57.. How would I
reverse this line so it took the original ascii code for the character and
encrypted it ?


assuming sal will be the same.

var hexval=parseInt(claro) +i +1 + ((47+parseInt("0x"+sal))%57);

you'll then have to convert hexval to hex...
--

Bye.
Jasen
Jan 1 '06 #5

P: n/a
>Not true :) If you look at the script, i goes from 0 to encrypted
password length/2, and since each character of the password is in hex (2
characters), i goes from 0 to clear passwod length. Then, for each i,
sal is 1 character. So, if password length is 8, we'll get 8 sal's, etc.
Basically, the encrypted string should look like "PWD=V"+{salStr goes here}+{something else goes here}+{encrypted pwd
goes here} :)


Many thanks, and my appologies, you are indeed correct.. it seems that the
rest is padding to make up the 32 chars.. you can put anything in between
the salt and the password and it still works.. That really is weak
encryption !!

Regards,
Chris
Jan 1 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.