Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Allaire Security Zone Bulletins and KB Articles

From: matthewc () CSE UNSW EDU AU (Matt Chapman)
Date: Sun, 25 Jul 1999 03:29:43 +1000

On Tue May 25 1999, James Stephens wrote:


At 03:00 PM 5/24/99 -0700, aleph1 () UNDERGROUND ORG wrote:


ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted


Has anyone seen the program that can alegedly decrypt encrypted cfml pages?


Indeed I recently needed such a tool to legitimately recover lost source. Since
I couldn't find one on the Internet I ended up writing it myself. The source is
attached.

        Matt

/* CFDECRYPT: Decrypt Cold Fusion templates encrypted with CFCRYPT
   Matt Chapman <matthewc () cse unsw edu au>

     Usage: cfdecrypt <encrypted.cfm >decrypted.cfm

   Requires a DES encryption library to compile.
*/

#include <stdio.h>
#include "des.h"

int main(void)
{
        char *header = "Allaire Cold Fusion Template\012Header Size: ";
        char buffer[54];
        int headsize, outlen;
        int skip_header;
        int len, i;

        char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";
        des_cblock key;
        des_cblock input;
        des_cblock output;
        des_key_schedule schedule;

        if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42)))
        {
                fprintf(stderr, "File is not an encrypted template\n");
                return 1;
        }

        if (!memcmp(&buffer[42], "New Version", 11))
        {
                headsize = 69;
                skip_header = 1;
        }
        else
        {
                headsize = atoi(&buffer[42]);
                skip_header = 0;
        }

        if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0))
        {
                fprintf(stderr, "Error in file format\n");
                return 1;
        }

        des_string_to_key(keystr, &key);
        des_set_key(&key, schedule);
        outlen = 0;

        while ((len = fread(input, 1, 8, stdin)) == 8)
        {
                des_ecb_encrypt(&input, &output, schedule, 0);
                outlen += 8;
                i = 0;

                if (skip_header)
                {
                        while (i < 8)
                        {
                                if (output[i++] == 0x1A)
                                {
                                        skip_header = 0;
                                        break;
                                }
                        }
                }

                fwrite(output + i, 1, 8 - i, stdout);
        }

        for (i = 0; i < len; i++)
        {
                output[i] = input[i] ^ (outlen + i);
        }

        fwrite(output, 1, len, stdout);

        return 0;
}
Previous By Date Next
Previous By Thread Next

Current thread: