Categories
Favorite Links
Recent Entries
Archives
Meta
« PreviousNext »

Semagic LiveJournal Client Password Decryption and Recovery

15 February 2007

Semagic (link) is a client application for LiveJournal (link).

Recently I needed to recover a password that was 'remembered' by Semagic, but it was hidden in the password field. Simple password unmasking applications weren't helping me any as the field itself isn't a simple password box.

After further investigation I was able to find where Semagic stores the saved passwords in the Windows Registry. It was obvious that the password was encrypted and was stored in it's entire form. Since Semagic is open source, I was able to find the code block which served as its password decrypter:

PLAIN TEXT
C++:
  1. m_password = m_app->GetProfileString(userkey, _T("password"), _T(""));    //Gets Encrypted password from registry
  2. enc = m_app->GetProfileInt(userkey, _T("obscure"), 0);    //Checks to see if the password is 'obscured'
  3.  
  4. if (enc) {    //If password is obscured
  5. LPTSTR str = m_password.GetBuffer(m_password.GetLength());    //Password
  6. LPTSTR key = new TCHAR[m_user.GetLength()+1];    //Sets Key Size (Username + 1)
  7. _tcsncpy(key, (LPCTSTR) m_user, m_user.GetLength()+1);    //Copies Username to Key
  8. LPTSTR orig = key;
  9.  
  10. while (*str) {
  11. if (!*key)    //If we're OOB on the key, reset it
  12. key = orig;
  13. *(str) -= 'a';    //subtract the value of 'a', which is 97, from the encrypted value
  14. *(str++) ^= *(key++);    //XOR bitwise based on the key
  15. }
  16. key = orig;
  17. m_password.ReleaseBuffer();
  18. delete[] key;
  19. }

So needless to say it was just a matter of debugging and some time before I was able to port the decryption routine over to a stand alone C# application.

PLAIN TEXT
C#:
  1. for (int iLoop = 0; iLoop <Convert.ToString(sPassword).Length; iLoop++)
  2. {
  3. int iInputCharacter = (int)Convert.ToChar(sPassword.ToString().Substring(iLoop,1));
  4.  
  5. if(iXORCharacter>= sUserName.Length) iXORCharacter = 0;
  6.  
  7. iInputCharacter -= 97;
  8. iInputCharacter ^= (int)Convert.ToChar(sUserName.Substring(iXORCharacter, 1));
  9.  
  10. textBox1.Text += (char)iInputCharacter;
  11.  
  12. iXORCharacter++;
  13. }

I've compiled a quick little program that'll extract the usernames from the registry and display their passwords:

Semagic Password Decrypter

This program is 100% safe and won't e-mail your password to me or any other silly crap like that. I just figured someone out there would need it as well.

Cheers!

Posted in C# Programming, Reverse Engineering | Trackback | del.icio.us | Top Of Page

    One Response to “Semagic LiveJournal Client Password Decryption and Recovery”

  1. Regina Tseucher Says:
    June 2nd, 2008 at 8:51 pm

    I tried to use the program to decrypt the password of semagic. It seems that it does’n work for Windows XP. Do you have a version that works with Windows XP?

    Thanx!

    Regina

Leave a Reply


Powered by WP Hashcash


Copyright © 2007 All Things IT Blog

Credits: Matteo Turchetto | Andreas Viklund