01-06-2015, 10:07 AM
(01-06-2015, 09:49 AM)Sc00bz Wrote: Azren, I think epixoip missed this line:
Code:$key = trim($username).trim($cleartext_password);
This is a very weird construction it's encrypting the password with the password. You can think of this like the LM hash. It would be interesting to know what the decrypt function does to the key. I assume SHA256 (or some other hash) or padding. Also if you can find the "encrypt" function just to make sure the IV isn't stupid, but this might be apparent from the decrypt function (ie null or fixed IV). Nice thing is it leaks the password length. So cracking can go much faster by dropping incorrect length passwords.
Anyway this is probably not a common hash so it would be unlikely for Atom to add it.
This is the whole functions if you're interested to know... Please fire at will
Code:
function setCipherModeKey($cipher, $mode, $encryptkey) {
$key = '';
if (!empty($encryptkey)) {
// get the size of the encryption key
$keysize = mcrypt_get_key_size ($cipher, $mode);
// if the encryption key is less than 32 characters long and the expected keysize is at least 32 md5 the key
if ((strlen($encryptkey) < 32) && ($keysize >= 32)) {
$encryptkey = md5($encryptkey);
// if encryption key is longer than $keysize and the keysize is 32 then md5 the encryption key
} elseif ((strlen($encryptkey) > $keysize) && ($keysize == 32)) {
$encryptkey = md5($encryptkey);
} else {
if ($keysize > strlen($encryptkey)) {
// if encryption key is shorter than the keysize, strpad it with space
$encryptkey = str_pad($encryptkey, $keysize);
} else {
// if encryption key is longer than the keysize substr it to the correct keysize length
$encryptkey = substr($encryptkey, 0, $keysize);
}
}
$key = $encryptkey;
}
return $key;
}
function decrypt($encrypted, $key, $cipher, $mode) {
if (0 == strlen($encrypted)) return ''; //nothing to decrpyt or encrypt....
$key = setCipherModeKey($cipher, $mode, $key); // set key
// extract encrypted value from base64 encoded value
$data = base64_decode($encrypted);
// open encryption module
$td = @mcrypt_module_open($cipher, '', $mode, '');
// get what size the IV should be
$ivsize = mcrypt_enc_get_iv_size($td);
// get the IV from the encrypted string
$iv = substr($data, 0, $ivsize);
// remove the IV from the data so we decrypt cleanly
$data = substr($data, $ivsize);
// initialize decryption
@mcrypt_generic_init ($td, $key, $iv);
// decrypt the data
$decrypted = mdecrypt_generic ($td, $data);
// cleanup
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// get rid of original data
unset($data);
return $decrypted;
}
Best regards,
Azren