My Opera is closing 3rd of March

Raphael's Pflock

miscellaneous Opera, Debian, Media and German posts

KDE Pasword Obfuscation

Friday, February 1, 2008 8:55:28 PM

, , , , ,

I regularly forget passwords. Today I couldn't remember my Jabber password. Fortunately I had it stored in Kopete on another machine. Looking in the .kde/share/config/kopeterc file I found a line 

Password=[some unreadable non-letter ASCII]


How can I decrypt this? Obviously there must be some simple obfuscation at work. Googling around a bit and looking through Kopete's source I found the function that did this obfuscation: KStringHandler::obscure.
Looking at it's source it's quite obvious how to un-obfuscate the password:

  1. Open kopeterc in a hex editor
  2. Look for the "Password=" string. The following bytes are your password.
  3. Realize that these are three-byte chunks: [EF][BE][XX]. The first two bytes stay always the same.
  4. Subtract each third byte from 0x1001F. This will give you a two byte value (0xFFXX)
  5. strip off the leading 0xFF
  6. Look up the remaining byte in an ASCII chart
  7. repeat steps 4-6


Obviously this algorithm won't work for Unicode strings. If you should find time to write a program to do this, just write a wrapper for the obscure() function. However, if you don't have time or skills to do this, do it by hand as laid out above.

[I document this here because I already forgot how to do this once]

Intelligent DesignOrtsfrequenz

Comments

Unregistered user Wednesday, April 30, 2008 10:14:56 PM

Anonymous writes: Had exactly the same problem, found this page while googling, thanks for providing the solution.

Unregistered user Friday, April 17, 2009 8:03:06 PM

salahuddin66 writes: everything worked well for me except numeric value (i have to subtract 0x40 from the calculated value). my combination of 1st and 2nd was "EF BE" but i found in the numeric value it was "EF BF" thanks for the posting password recovered.... :)

Unregistered user Sunday, May 24, 2009 4:54:29 PM

FreeFull writes: Thanks, I recovered my Gadu-Gadu password thanks to this!

Unregistered user Tuesday, October 13, 2009 10:47:22 PM

Anonymous writes: Hey, great help! At fist I didn't understand when to subtract 0x40. Now I got it: I only have to subtract 0x40, if the chunk consists of "bf" and "ef". If it is a "be" and "ef" chunk, I must not subtract anything. Sorry guys, I am a slow thinker... :D

Unregistered user Saturday, July 31, 2010 10:27:15 AM

corny writes: Thanks a lot for this article. I have just written a ruby function to unobfuscate these strings: http://gist.github.com/502029

Write a comment

New comments have been disabled for this post.