[Psi-devel] Password encoding
Robin Redeker
elmex at x-paste.de
Thu Aug 3 02:08:58 PDT 2006
Hi,
i lately wanted to recover my passwords from the configuration file
and found that it seemed to be encoded in a weird way (hexdecimal xor'ed with
jabberid).
I don't know any reason why a password stored in the users homedirectory should
be encoded like this. It can't be for security reasons, because any 'hacker' can
decoded the password in the blink of an eye. Is it only to annoy users and prevent
them from reading/recovering their own passwords?
Anyway, i've written this small script, maybe it's useful for someone:
#!/usr/bin/perl
use XML::DOM::XPath;
sub decode_password {
my ($pw, $jid) = @_;
my ($cpw, $n, @pw) = ('', 0, split //, $pw);
while (@pw) {
my $x;
$x += hex (shift @pw) * 4096;
$x += hex (shift @pw) * 256;
$x += hex (shift @pw) * 16;
$x += hex (shift @pw);
$cpw .= chr ($x ^ ord(substr $jid, $n, 1));
$n++;
$n = $n >= length $pw ? 0 : $n;
}
$cpw
}
my $parser = XML::DOM::Parser->new;
my $doc = $parser->parsefile ("$ENV{HOME}/.psi/profiles/default/config.xml");
for ($doc->findnodes ('/psiconf/accounts/*')) {
my $jid = $_->findnodes ('jid');
my $pw = $_->findnodes ('password');
my $cpw = decode_password ($pw, $jid);
print "$jid\t$cpw\n";
}
cu,
Robin
--
elmex at ta-sa.org / robin at nethype.de / r.redeker at gmail.com
Robin Redeker
More information about the psi-devel
mailing list