[11115] in bugtraq
Re: New Allaire Security Zone Bulletins and KB Articles
daemon@ATHENA.MIT.EDU (Matt Chapman)
Sun Jul 25 01:32:35 1999
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------7651B81CFE09AB90B44643D9"
Message-Id: <3799F807.B96E5190@cse.unsw.edu.au>
Date: Sun, 25 Jul 1999 03:29:43 +1000
Reply-To: Matt Chapman <matthewc@CSE.UNSW.EDU.AU>
From: Matt Chapman <matthewc@CSE.UNSW.EDU.AU>
X-To: James Stephens <james@iperform.net>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------7651B81CFE09AB90B44643D9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
On Tue May 25 1999, James Stephens wrote:
>
> At 03:00 PM 5/24/99 -0700, aleph1@UNDERGROUND.ORG wrote:
>
> > ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted
>
> Has anyone seen the program that can alegedly decrypt encrypted cfml pages?
Indeed I recently needed such a tool to legitimately recover lost source. Since
I couldn't find one on the Internet I ended up writing it myself. The source is
attached.
Matt
--------------7651B81CFE09AB90B44643D9
Content-Type: text/plain; charset=us-ascii;
name="cfdecrypt.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="cfdecrypt.c"
/* CFDECRYPT: Decrypt Cold Fusion templates encrypted with CFCRYPT
Matt Chapman <matthewc@cse.unsw.edu.au>
Usage: cfdecrypt <encrypted.cfm >decrypted.cfm
Requires a DES encryption library to compile.
*/
#include <stdio.h>
#include "des.h"
int main(void)
{
char *header = "Allaire Cold Fusion Template\012Header Size: ";
char buffer[54];
int headsize, outlen;
int skip_header;
int len, i;
char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";
des_cblock key;
des_cblock input;
des_cblock output;
des_key_schedule schedule;
if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42)))
{
fprintf(stderr, "File is not an encrypted template\n");
return 1;
}
if (!memcmp(&buffer[42], "New Version", 11))
{
headsize = 69;
skip_header = 1;
}
else
{
headsize = atoi(&buffer[42]);
skip_header = 0;
}
if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0))
{
fprintf(stderr, "Error in file format\n");
return 1;
}
des_string_to_key(keystr, &key);
des_set_key(&key, schedule);
outlen = 0;
while ((len = fread(input, 1, 8, stdin)) == 8)
{
des_ecb_encrypt(&input, &output, schedule, 0);
outlen += 8;
i = 0;
if (skip_header)
{
while (i < 8)
{
if (output[i++] == 0x1A)
{
skip_header = 0;
break;
}
}
}
fwrite(output + i, 1, 8 - i, stdout);
}
for (i = 0; i < len; i++)
{
output[i] = input[i] ^ (outlen + i);
}
fwrite(output, 1, len, stdout);
return 0;
}
--------------7651B81CFE09AB90B44643D9--
