Encryption Question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sell-traffic
Forum Commoner
Posts: 26
Joined: Thu Aug 05, 2004 9:35 pm

Encryption Question

Post by sell-traffic »

Hi,

I'm trying to remotely add users into the third party billing software I purchased. It's CGI driven, and uses a mysql database. I can add all the fields in just fine, but the password field is encrypted. Is there any way to find out what encryption algorithm was used?

I've put in a test details, and tested against a few encryption algorithms, like MD5, and MD4, but none of them match up.

123 became AJv7d2hNaRyJA

Of course, if he's using a custom encryption algorithm I can't accomplish this, but I thought maybe one of you experts would recognize the encryption.

Josh
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

It could be DES. The simple suggestion would be to either ask the company you bought it from, or have a look at their code if you can.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Yea, just duplicate the method they use to check passwords..
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

give some other examples to attack using known plaintext.
i dont think it is DES.(just a feeling), let me do some further cheks.
sell-traffic
Forum Commoner
Posts: 26
Joined: Thu Aug 05, 2004 9:35 pm

Post by sell-traffic »

thanks...

bye becomes EK9sKj32hh0Po
123 becomes AJv7d2hNaRyJA
test becomes ANrVgKZtJMzvA
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

It is not an encryption algorithm, it is just hashing.
MD5 and MD4 is not encyption methods. They are just hashing functions.
They are used to verify data integrity.
Can i see your interface, if i can try, it will be easy to find the method.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

It's using crypt() (standard DES) to produce a password in .htaccess format.
I can't see how 123 becomes AJv7d2hNaRyJA but the other two match up ok.

Code: Select all

$salt = 'EK'; //in reality this is probably randomly generated
$password = 'bye';
$hash = crypt($password, $salt);
echo $hash; //outputs EK9sKj32hh0Po
The first 2 letters (AJ, EK and AN) are randomly generated salts by the look of it.
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

how did you guess the salt?

crypt -- One-way string encryption (hashing)
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

bye becomes EK9sKj32hh0Po
123 becomes AJv7d2hNaRyJA
test becomes ANrVgKZtJMzvA
In standard DES crypt the salt is the first 2 characters ;)
The 123 one doesn't add up though, if the salt was AJ then it would produce AJC5kb1wg2bVw not AJv7d2hNaRyJA ... might have just been a typo *shrug*
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

you are smart :)
i observed the behaviour of crypt function and found followings

1) if you dont use a salt, function choose it randomly.
2) if you give a salt to the function, and just first two characters of the salt considered.
3)empty character is $

and wrote the following code for 123, but i got many NOT FOUND :(

Code: Select all

<?php
	$arr="ABCDEFGHIJKLMNOPQRSTUVWYZXabcdefghijklmnopqrstuvwyz1234567890";
	$text = "123";
	$result = "AJv7d2hNaRyJA";

	for($i=0;$i<strlen($arr);$i++){
		for($j=0;$j<strlen($arr);$j++){
			$salt = '$arr[$i]$arr[$j]';
			$hashv = crypt($text,$salt);
			if(strcmp($result,$hashv) == 0){
				echo $salt;
				exit;
			}else{
				echo "NOT FOUND\n";
			}
				
		}
	}
?>
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Yeah, i'm pretty sure 123 didn't produce that hash that it claimed to ;)
Post Reply