Q&A DataBase

Eric Hughes hughes at soda.berkeley.edu
Fri Apr 16 22:26:39 PDT 1993


Re: Q&A (a DOS database program)

>	   Hello All, does anyone know much about the this program?
>I would like to be able to pick the passwords out of the database file.

One of the purposes of cypherpunks is to figure out stuff like this
and to help others learn how to do it.

In short, you figure it out, and tell us.

To begin with, make a database with some permissions.  Make a complete
copy of that database in another directory.  Now change exactly one
password by exactly one letter.  Use a differencing tool to find the
differences.  Save this copy as well.  Change the same password again.
Check to see if the differences are in the same place.

Do the same with different passwords.  Correlate this information with
the database structures.  Write some software to generate
plaintext/ciphertext pairs.  Get at least a thousand, preferably lots
more.  You'll use these later to verify that your reconstruction of
the algorithm is correct.

If the encryption isn't obvious by now (yes, some of this stuff is
extremely weak) hook up a debugger to the executable and start looking
for the routine which does password encryption.  When you find it,
reverse engineer it and write a C routine that matches the
functionality.

Now you'll be considered having done your homework.  If you still
don't know how to crack passwords after knowing the algorithm, post
the algorithm here and we'll look at it.

Eric






More information about the cypherpunks-legacy mailing list