KDE Pasword Obfuscation
Friday, 1. February 2008, 20:55:28
I regularly forget passwords. Today I couldn't remember my Jabber password. Fortunately I had it stored in Kopete on another machine. Looking in the .kde/share/config/kopeterc file I found a line
How can I decrypt this? Obviously there must be some simple obfuscation at work. Googling around a bit and looking through Kopete's source I found the function that did this obfuscation: KStringHandler::obscure.
Looking at it's source it's quite obvious how to un-obfuscate the password:
Obviously this algorithm won't work for Unicode strings. If you should find time to write a program to do this, just write a wrapper for the obscure() function. However, if you don't have time or skills to do this, do it by hand as laid out above.
Password=[some unreadable non-letter ASCII]
How can I decrypt this? Obviously there must be some simple obfuscation at work. Googling around a bit and looking through Kopete's source I found the function that did this obfuscation: KStringHandler::obscure.
Looking at it's source it's quite obvious how to un-obfuscate the password:
- Open kopeterc in a hex editor
- Look for the "Password=" string. The following bytes are your password.
- Realize that these are three-byte chunks: [EF][BE][XX]. The first two bytes stay always the same.
- Subtract each third byte from 0x1001F. This will give you a two byte value (0xFFXX)
- strip off the leading 0xFF
- Look up the remaining byte in an ASCII chart
- repeat steps 4-6
Obviously this algorithm won't work for Unicode strings. If you should find time to write a program to do this, just write a wrapper for the obscure() function. However, if you don't have time or skills to do this, do it by hand as laid out above.
WIDGETIZE
Anonymous # 30. April 2008, 22:14
Had exactly the same problem, found this page while googling, thanks for providing the solution.
Anonymous # 17. April 2009, 20:03
everything worked well for me
except numeric value (i have to subtract 0x40 from the calculated value).
my combination of 1st and 2nd was "EF BE"
but i found in the numeric value it was "EF BF"
thanks for the posting password recovered.... :)
Anonymous # 24. May 2009, 16:54
Thanks, I recovered my Gadu-Gadu password thanks to this!
Anonymous # 13. October 2009, 22:47
Hey, great help!
At fist I didn't understand when to subtract 0x40.
Now I got it:
I only have to subtract 0x40, if the chunk consists of "bf" and "ef".
If it is a "be" and "ef" chunk, I must not subtract anything.
Sorry guys, I am a slow thinker... :D