Greetings and salutations!
One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough.
So to fix this, I have come up with a half-ass solution.
For those wondering how to decrypt SmarterMail hashes, here’s how: It’s DES encryption with a 14 character key and 4 byte initialization vector.
I started to write a project for decryption, but I never quite finished. Here’s what I put together:
The main part of the code is this:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using System.Xml; using System.Security.Cryptography; using System.Globalization; using System.IO; namespace SmarterMail_Password_Decryptor_v2 { public partial class Form1 : Form { public static string PasswordKey = "03a8ur98qhfa9h"; public Form1() { InitializeComponent(); } private void BtnDecrypt_Click(object sender, EventArgs e) { string hashval = tbHash.Text; label2.Text = ""; if (hashval == "") { label2.Text = "Error, missing pass hash, try again!"; return; } byte[] bytepass = Convert.FromBase64String(tbHash.Text); File.WriteAllBytes("temp.wut", bytepass); DecryptFile("temp.wut", "temp.huh", PasswordKey); // string password = CryptographyHelper.DecodeFromBase64(0, PasswordKey, hashval); //label2.Text = "Pass is " + password; } static void DecryptFile(string sInputFilename, string sOutputFilename, string sKey) { byte[] my_IV = new byte[] { 155, 26, 93, 86 }; DESCryptoServiceProvider DES = new DESCryptoServiceProvider(); DES.Key = UnicodeEncoding.ASCII.GetBytes(sKey); DES.IV = my_IV; DES.Mode = CipherMode.CFB; DES.Padding = PaddingMode.ISO10126; FileStream fsread = new FileStream(sInputFilename, FileMode.Open, FileAccess.Read); ICryptoTransform desdecrypt = DES.CreateDecryptor(); CryptoStream cryptostreamDecr = new CryptoStream(fsread, desdecrypt, CryptoStreamMode.Read); FileStream fsDecrypted = new FileStream(sOutputFilename, FileMode.Create, FileAccess.Write); cryptostreamDecr.CopyTo(fsDecrypted); fsDecrypted.Flush(); fsDecrypted.Close(); } } }
I am of course omitting several classes I derived from the decompiled mail server code, but this is included in the attachment below.
As you can see we have our encryption type type (symmetrical / DES), our key, and our IV, as well as a method to decrypt. This project is not complete, but most of the pieces are here: SmarterMail_Password_Decryptor_v2_pass_12345
Happy hacking!