Homebrew Security



  • I found this stuffed in a custom database driven report generation script. Aside from the obvious WTF of the lack of real security, this code was interesting because it made me do a Google search to see if 'uncryption' is a real word.

    package PassEncrypt;

    use strict;

    my $xor = 0xEDB88320;
    my $maxint = 4294967295;

    sub encrypt {
      my $class = shift;
      my $pass = shift;
     
      my $passnumber = "";
      my @passarray;
      foreach (split //,$pass) {
        my $tempnumber;
        $tempnumber = $passnumber . sprintf "%03s",ord $_;
        if ($tempnumber > $maxint) {
          push @passarray, $passnumber;
          $passnumber = "";
        }
        $passnumber = $passnumber . sprintf "%03s",ord $_;
      }
      push @passarray, $passnumber;
     
      my @enpassarray;
      foreach (@passarray) {
        push @enpassarray, $_ ^ $xor;
      }
     
      return @enpassarray;
    }

    sub decrypt {
      my $class = shift;
      my $enpassarray = shift;
     
      my @passarray = ();
     
      foreach (@$enpassarray) {
        push @passarray, $_ ^ $xor;
      }
     
      my $uncrypted = "";
     
      foreach (@passarray) {
        my $uncryptedpiece = "";
        my $passpiece = $_;
        my $length = length $passpiece;
        
        while ($length % 3 != 0) {
          $passpiece = "0" . $passpiece;
          $length = length $passpiece;
        }
        foreach ($passpiece =~ /(...)/g) {
          $uncryptedpiece = $uncryptedpiece .chr $_;
        }
        $uncrypted = $uncrypted . $uncryptedpiece;
      }
     
      return $uncrypted;
    }

    1;

     



  • @mjk340 said:

    Google search to see if 'uncryption' is a real word

    Now that it's here, it's a real word shown in Google.

     



  • sub decrypt {

    (snip 6 whole lines of code!)

    my $uncrypted = ""; 


     WTF? Short term memory loss?



  • @mjk340 said:

    my $xor = 0xEDB88320;

    oh no! you posted your secret key!

    While guessing if that number may have a meaning I stumbled over the well known opcode B8, but than the ED is only done for its side effects on the hardware?

    00000000  ED                in ax,dx
    00000001  B88320            mov ax,0x2083
    


  • @strcmp said:

    @mjk340 said:
    my $xor = 0xEDB88320;
    oh no! you posted your secret key! While guessing if that number may have a meaning I stumbled over the well known opcode B8, but than the ED is only done for its side effects on the hardware?
    00000000  ED                in ax,dx
    00000001  B88320            mov ax,0x2083
    

    That's CRC-32 polynome.

     



  • @strcmp said:

    @mjk340 said:
    my $xor = 0xEDB88320;

    oh no! you posted your secret key!

    While guessing if that number may have a meaning I stumbled over the well known opcode B8, but than the ED is only done for its side effects on the hardware?

    00000000  ED                in ax,dx
    00000001 B88320 mov ax,0x2083

    Heh.

    int [ ] codez = { 0xffb002b4, 0xc93180b2, 0x13cdf630, 0x909090c3 }

    int main(int argc, char **argv) {

         codez();

    }

     Guess what this does. For extra points, guess what would happen if I change the first int to 0xffb003b4.

    Ah, the joys of x86 assembly.



  • @danixdefcon5 said:

    int [ ] codez = { 0xffb002b4, 0xc93180b2, 0x13cdf630, 0x909090c3 }

    int main(int argc, char **argv) {

         codez();

    }

     Guess what this does.

    I know what it doesn't do — compile. Here, FTFY:

    [code]int main[]] = { 0xffb002b4, 0xc93180b2, 0x13cdf630, 0x909090c3 };
    [/code]


Log in to reply