{"id":1244,"date":"2016-05-24T18:12:19","date_gmt":"2016-05-24T18:12:19","guid":{"rendered":"http:\/\/www.gironsec.com\/blog\/?p=1244"},"modified":"2016-05-24T18:12:19","modified_gmt":"2016-05-24T18:12:19","slug":"smartermail-password-decryption-updates","status":"publish","type":"post","link":"https:\/\/www.gironsec.com\/blog\/2016\/05\/smartermail-password-decryption-updates\/","title":{"rendered":"SmarterMail Password Decryption Updates"},"content":{"rendered":"

Greetings and salutations!<\/p>\n

One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough.<\/p>\n

So to fix this, I have come up with a half-ass solution. <\/p>\n

For those wondering how to decrypt SmarterMail hashes, here’s how: It’s DES encryption with a 14 character key and 4 byte initialization vector. <\/p>\n

I started to write a project for decryption, but I never quite finished. Here’s what I put together:
\n\"Untitled\"<\/a><\/p>\n

The main part of the code is this:<\/p>\n

<\/p>\n

\n
using<\/span> System;\r\nusing<\/span> System.Collections.Generic;\r\nusing<\/span> System.ComponentModel;\r\nusing<\/span> System.Data;\r\nusing<\/span> System.Drawing;\r\nusing<\/span> System.Linq;\r\nusing<\/span> System.Text;\r\nusing<\/span> System.Threading.Tasks;\r\nusing<\/span> System.Windows.Forms;\r\nusing<\/span> System.Xml;\r\nusing<\/span> System.Security.Cryptography;\r\nusing<\/span> System.Globalization;\r\nusing<\/span> System.IO;\r\n\r\nnamespace<\/span> SmarterMail_Password_Decryptor_v2\r\n{\r\n    public<\/span> partial<\/span> class<\/span> Form1<\/span> : Form\r\n    {\r\n        public<\/span> static<\/span> string<\/span> PasswordKey = "03a8ur98qhfa9h"<\/span>;\r\n\r\n        public<\/span> Form1()\r\n        {\r\n            InitializeComponent();\r\n        }\r\n\r\n        private<\/span> void<\/span> BtnDecrypt_Click(object<\/span> sender, EventArgs e)\r\n        {\r\n            string<\/span> hashval = tbHash.Text;\r\n            label2.Text = ""<\/span>;\r\n\r\n            if<\/span> (hashval == ""<\/span>)\r\n            {\r\n                label2.Text = "Error, missing pass hash, try again!"<\/span>;\r\n                return<\/span>;\r\n            }\r\n            byte<\/span>[] bytepass = Convert.FromBase64String(tbHash.Text);\r\n            File.WriteAllBytes("temp.wut"<\/span>, bytepass);\r\n            DecryptFile("temp.wut"<\/span>, "temp.huh"<\/span>, PasswordKey);\r\n           \/\/ string password = CryptographyHelper.DecodeFromBase64(0, PasswordKey, hashval);<\/span>\r\n            \/\/label2.Text = "Pass is " + password;<\/span>\r\n  \r\n        }\r\n\r\n        static<\/span> void<\/span> DecryptFile(string<\/span> sInputFilename, string<\/span> sOutputFilename, string<\/span> sKey)\r\n        {\r\n            byte<\/span>[] my_IV = new<\/span> byte<\/span>[]\r\n\t\t\t\t{\r\n\t\t\t\t\t155,\r\n\t\t\t\t\t26,\r\n\t\t\t\t\t93,\r\n\t\t\t\t\t86\r\n\t\t\t\t};\r\n            DESCryptoServiceProvider DES = new<\/span> DESCryptoServiceProvider();\r\n\r\n            DES.Key = UnicodeEncoding.ASCII.GetBytes(sKey);\r\n            DES.IV = my_IV;\r\n            DES.Mode = CipherMode.CFB;\r\n            DES.Padding = PaddingMode.ISO10126;\r\n            FileStream fsread = new<\/span> FileStream(sInputFilename, FileMode.Open, FileAccess.Read);\r\n            ICryptoTransform desdecrypt = DES.CreateDecryptor();\r\n            CryptoStream cryptostreamDecr = new<\/span> CryptoStream(fsread, desdecrypt, CryptoStreamMode.Read);\r\n            FileStream fsDecrypted = new<\/span> FileStream(sOutputFilename, FileMode.Create, FileAccess.Write);\r\n            cryptostreamDecr.CopyTo(fsDecrypted);\r\n            fsDecrypted.Flush();\r\n            fsDecrypted.Close();\r\n        }\r\n       \r\n    }\r\n}\r\n<\/pre>\n<\/div>\n
I am of course omitting several classes I derived from the decompiled mail server code, but this is included in the attachment below.<\/p>\n
As you can see we have our encryption type type (symmetrical \/ DES), our key, and our IV, as well as a method to decrypt. This project is not complete, but most of the pieces are here: SmarterMail_Password_Decryptor_v2_pass_12345<\/a><\/p>\n
Happy hacking!<\/p>\n
\"164-aladdin\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Greetings and salutations! One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough. So to fix this, I have come up with a half-ass solution. For those wondering how to decrypt SmarterMail hashes, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,5,7],"tags":[24],"_links":{"self":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/1244"}],"collection":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/comments?post=1244"}],"version-history":[{"count":1,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/1244\/revisions"}],"predecessor-version":[{"id":1248,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/1244\/revisions\/1248"}],"wp:attachment":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/media?parent=1244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/categories?post=1244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/tags?post=1244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}