search

namreeb / wowreeb

An intelligent, versatile, and multi-versioned World of Warcraft launcher
MIT License
58 stars 32 forks source link

Use an external tool to decrypt passwords #23

Open Pysis868 opened 9 months ago

Pysis868 commented 9 months ago

Is there a way to verify the data stored in the configuration file? Made some trials to test this, but still not successful. Not familiar with encryption technology, but think I got something close.

⋊> echo -n "$pwh" | openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv"
bad magic number

⋊> echo -n "$k"
<abcdefg>⏎

⋊> echo -n "$k" | xxd
00000000: #### #### #### ##                        <abcdefg>
<no return codes/chars>

⋊> echo -n "$pwh" | xxd
00000000: #### #### #### #### #### #### #### ####  <1234567890abcdef>
00000010: #### #### #### #### #### #### #### ####  <1234567890abcdef>
<no return codes/chars>

<addr  >: <asc ii c odes                        >  <chars          >
<addr  >: <asc ii c odes                        >  <chars          >

⋊> echo -n "$iv"
DEADBEEFFEEDFACE0102030408070605

⋊> echo -n "$iv" | xxd
00000000: 4445 4144 4245 4546 4645 4544 4641 4345  DEADBEEFFEEDFACE
00000010: 3031 3032 3033 3034 3038 3037 3036 3035  0102030408070605
<no return codes/chars>

.../wowreeb/config.xml:

<?xml version="1.0" encoding="utf-8"?>
<wowreeb>
  <Realm Name="Classic - ...">
    <Exe Path="F:\Games\Blizzard\WoW\Classic - 1.12.1.587\Source\WoW.exe" SHA256="b4756d38ef207c02ed651f4952bd89a70b4857b73a33413339e1b285b28d2dc7" />
    <AuthServer Host="......." />
    <Credentials Username="..." Password="<1234567890abcdef1234567890abcdef>" />
  </Realm>
</wowreeb>
⋊> begin
  echo -n "$pwh" |             openssl aes-128-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | base64 -d | openssl aes-128-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | xxd -p -r | openssl aes-128-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" |             openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | base64 -d | openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | xxd -p -r | openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv";

  echo -n "$pwh" |             openssl aes-192-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | base64 -d | openssl aes-192-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | xxd -p -r | openssl aes-192-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" |             openssl aes-192-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | base64 -d | openssl aes-192-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | xxd -p -r | openssl aes-192-cbc -d -in - -pass 'env:k' -iv "$iv";

  echo -n "$pwh" |             openssl aes-256-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | base64 -d | openssl aes-256-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" | xxd -p -r | openssl aes-256-cbc -d -in - -pass 'env:k'          ;
  echo -n "$pwh" |             openssl aes-256-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | base64 -d | openssl aes-256-cbc -d -in - -pass 'env:k' -iv "$iv";
  echo -n "$pwh" | xxd -p -r | openssl aes-256-cbc -d -in - -pass 'env:k' -iv "$iv";
end
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number
bad magic number

⋊> echo -n "$pwh" | openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv" -v -bufsize=16 -debug -nosalt;
bufsize=16
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
BIO[0x1a5e790]: ctrl(6) - cipher
BIO[0x1a5e710]: ctrl(6) - FILE pointer
BIO[0x1a5e710]: ctrl return 0
BIO[0x1a5e790]: ctrl return 0
BIO[0x1a5ebd0]: read(0,16) - FILE pointer
BIO[0x1a5ebd0]: read return 16
BIO[0x1a5e790]: write(0,16) - cipher
BIO[0x1a5e790]: write return 16
BIO[0x1a5ebd0]: read(0,16) - FILE pointer
BIO[0x1a5ebd0]: read return 16
BIO[0x1a5e790]: write(0,16) - cipher
BIO[0x1a5e710]: write(0,16) - FILE pointer
BIO[0x1a5e710]: write return 16
BIO[0x1a5e790]: write return 16
BIO[0x1a5ebd0]: read(0,16) - FILE pointer
BIO[0x1a5ebd0]: read return 0
BIO[0x1a5e790]: ctrl(11) - cipher
BIO[0x1a5e790]: ctrl return 0
bad decrypt
140543310804800:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:570:
BIO[0x1a5ebd0]: Free - FILE pointer
BIO[0x1a5e710]: Free - FILE pointer
BIO[0x1a5e790]: Free - cipher
...???.?.?.????⏎

⋊> echo -n "$pwh" | /usr/bin/openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv" --nosalt;
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
hex string is too long, ignoring excess
bad decrypt
006E130D187F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:124:
...???.?.?.????⏎

echo -n "$pwh" | /usr/bin/openssl aes-128-cbc -d -in - -pass 'env:k' -iv "$iv" --nosalt | xxd
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
000E7B47237F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:124:
00000000: #### #### #### #### #### #### #### ####  ...???.?.?.????⏎

wowreeb/wowreeb/Config.cpp:

#include "tiny-AES-c/aes.hpp"

bool Config::VerifyKey

https://github.com/kokke/tiny-AES-c/

default key-size of 128 bit No padding is provided so for CBC and ECB all buffers should be multiples of 16 bytes. For padding PKCS7 is recommendable.

⋊> openssl version
OpenSSL 1.1.1b  26 Feb 2019

⋊> /usr/bin/openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
namreeb commented 9 months ago

I don't understand what you're trying to do. What are you wanting to verify? That the password in its encrypted form has not been corrupted?

namreeb commented 9 months ago

If so, you might want to look here. I added this to ensure that what we were dealing with was indeed an encrypted password and not plaintext password which happened to be a hex string. It also has the benefit of salting it to prevent the encrypted form of dictionary words from being searchable.

Pysis868 commented 8 months ago

I saw that portion of the function, but understand it to be added to the plaintext, so I should still be able to recognize my password after decryption, even with the prefix added.

My problem is trying to find a command string that allows me to successfully decrypt to a plaintext, using the data that I have entered and saved by this program.