Subject: Re: New Allaire Security Zone Bulletins and KB Articles
To: BUGTRAQ@SECURITYFOCUS.COM
On Tue May 25 1999, James Stephens wrote:
>
> At 03:00 PM 5/24/99 -0700, aleph1@UNDERGROUND.ORG wrote:
>
> > ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted
>
> Has anyone seen the program that can alegedly decrypt encrypted cfml pages?
Indeed I recently needed such a tool to legitimately recover lost source. Since
I couldn't find one on the Internet I ended up writing it myself. The source is
attached.
Matt/* CFDECRYPT: Decrypt Cold Fusion templates encrypted with CFCRYPT
Matt Chapman <matthewc@cse.unsw.edu.au>
Usage: cfdecrypt <encrypted.cfm >decrypted.cfm
Requires a DES encryption library to compile.
*/
#include <stdio.h>
#include "des.h"
int main(void)
{
char *header = "Allaire Cold Fusion Template\012Header Size: ";
char buffer[54];
int headsize, outlen;
int skip_header;
int len, i;
char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";
des_cblock key;
des_cblock input;
des_cblock output;
des_key_schedule schedule;
if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42)))
{
fprintf(stderr, "File is not an encrypted template\n");
return 1;
}
if (!memcmp(&buffer[42], "New Version", 11))
{
headsize = 69;
skip_header = 1;
}
else
{
headsize = atoi(&buffer[42]);
skip_header = 0;
}
if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0))
{
fprintf(stderr, "Error in file format\n");
return 1;
}
des_string_to_key(keystr, &key);
des_set_key(&key, schedule);
outlen = 0;
while ((len = fread(input, 1, 8, stdin)) == 8)
{
des_ecb_encrypt(&input, &output, schedule, 0);
outlen += 8;
i = 0;
if (skip_header)
{
while (i < 8)
{
if (output[i++] == 0x1A)
{
skip_header = 0;
break;
}
}
}
fwrite(output + i, 1, 8 - i, stdout);
}
for (i = 0; i < len; i++)
{
output[i] = input[i] ^ (outlen + i);
}
fwrite(output, 1, len, stdout);
return 0;
}