Semagic (link) is a client application for LiveJournal (link).
Recently I needed to recover a password that was ‘remembered’ by Semagic, but it was hidden in the password field. Simple password unmasking applications weren’t helping me any as the field itself isn’t a simple password box.
After further investigation I was able to find where Semagic stores the saved passwords in the Windows Registry. It was obvious that the password was encrypted and was stored in it’s entire form. Since Semagic is open source, I was able to find the code block which served as its password decrypter:
[cpp] m_password = m_app->GetProfileString(userkey, _T(“password”), _T(“”)); //Gets Encrypted password from registry
enc = m_app->GetProfileInt(userkey, _T(“obscure”), 0); //Checks to see if the password is ‘obscured’
if (enc) { //If password is obscured
LPTSTR str = m_password.GetBuffer(m_password.GetLength()); //Password
LPTSTR key = new TCHAR[m_user.GetLength()+1]; //Sets Key Size (Username + 1)
_tcsncpy(key, (LPCTSTR) m_user, m_user.GetLength()+1); //Copies Username to Key
LPTSTR orig = key;
while (*str) {
if (!*key) //If we’re OOB on the key, reset it
key = orig;
*(str) -= ‘a’; //subtract the value of ‘a’, which is 97, from the encrypted value
*(str++) ^= *(key++); //XOR bitwise based on the key
}
key = orig;
m_password.ReleaseBuffer();
delete[] key;
}
[/cpp]
So needless to say it was just a matter of debugging and some time before I was able to port the decryption routine over to a stand alone C# application.
[csharp]
for (int iLoop = 0; iLoop < Convert.ToString(sPassword).Length; iLoop++)
{
int iInputCharacter = (int)Convert.ToChar(sPassword.ToString().Substring(iLoop,1));
if(iXORCharacter >= sUserName.Length) iXORCharacter = 0;
iInputCharacter -= 97;
iInputCharacter ^= (int)Convert.ToChar(sUserName.Substring(iXORCharacter, 1));
textBox1.Text += (char)iInputCharacter;
iXORCharacter++;
}
[/csharp]
I’ve compiled a quick little program that’ll extract the usernames from the registry and display their passwords:
This program is 100% safe and won’t e-mail your password to me or any other silly crap like that. I just figured someone out there would need it as well.
Cheers!
#1 by Regina Tseucher on June 2, 2008 - 8:51 PM
I tried to use the program to decrypt the password of semagic. It seems that it does’n work for Windows XP. Do you have a version that works with Windows XP?
Thanx!
Regina
#2 by Saonserey on June 9, 2009 - 3:50 PM
I officially love you. I didn’t remember my password and my e-mail was old and I had no access to it, so the only way I could think of to restore my password was SEmagic, but I’m not a code whiz by any means.
You rock!
#3 by eric on June 10, 2009 - 2:19 PM
Glad someone out there could use it!
I figured I wasn’t the only one that forgot my LiveJournal Password and needed to recover it from Semagic!