SmarterMail Password Decryption Updates

Greetings and salutations!

One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough.

So to fix this, I have come up with a half-ass solution.

For those wondering how to decrypt SmarterMail hashes, here’s how: It’s DES encryption with a 14 character key and 4 byte initialization vector.

I started to write a project for decryption, but I never quite finished. Here’s what I put together:
Untitled

The main part of the code is this:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Xml;
using System.Security.Cryptography;
using System.Globalization;
using System.IO;

namespace SmarterMail_Password_Decryptor_v2
{
    public partial class Form1 : Form
    {
        public static string PasswordKey = "03a8ur98qhfa9h";

        public Form1()
        {
            InitializeComponent();
        }

        private void BtnDecrypt_Click(object sender, EventArgs e)
        {
            string hashval = tbHash.Text;
            label2.Text = "";

            if (hashval == "")
            {
                label2.Text = "Error, missing pass hash, try again!";
                return;
            }
            byte[] bytepass = Convert.FromBase64String(tbHash.Text);
            File.WriteAllBytes("temp.wut", bytepass);
            DecryptFile("temp.wut", "temp.huh", PasswordKey);
           // string password = CryptographyHelper.DecodeFromBase64(0, PasswordKey, hashval);
            //label2.Text = "Pass is " + password;
  
        }

        static void DecryptFile(string sInputFilename, string sOutputFilename, string sKey)
        {
            byte[] my_IV = new byte[]
				{
					155,
					26,
					93,
					86
				};
            DESCryptoServiceProvider DES = new DESCryptoServiceProvider();

            DES.Key = UnicodeEncoding.ASCII.GetBytes(sKey);
            DES.IV = my_IV;
            DES.Mode = CipherMode.CFB;
            DES.Padding = PaddingMode.ISO10126;
            FileStream fsread = new FileStream(sInputFilename, FileMode.Open, FileAccess.Read);
            ICryptoTransform desdecrypt = DES.CreateDecryptor();
            CryptoStream cryptostreamDecr = new CryptoStream(fsread, desdecrypt, CryptoStreamMode.Read);
            FileStream fsDecrypted = new FileStream(sOutputFilename, FileMode.Create, FileAccess.Write);
            cryptostreamDecr.CopyTo(fsDecrypted);
            fsDecrypted.Flush();
            fsDecrypted.Close();
        }
       
    }
}

I am of course omitting several classes I derived from the decompiled mail server code, but this is included in the attachment below.

As you can see we have our encryption type type (symmetrical / DES), our key, and our IV, as well as a method to decrypt. This project is not complete, but most of the pieces are here: SmarterMail_Password_Decryptor_v2_pass_12345

Happy hacking!

164-aladdin

7 thoughts on “SmarterMail Password Decryption Updates

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.