System/36 Password Security

CT36 TechNote Ge006               05/01/86
Decrypting Password Security      Version 1
-------------------------------------------

Author:   Mel Beckman
Abstract: Explains how to locate and decrypt the user-ID and password of the master
          security officer.

Introduction

The System/36 password security file is encrypted in a slightly more vigorous fashion than the
System/34 method (which simply inverted the bits). However, IBM's Rochester cryptographers are not
exactly Enigma material, since only three hours effort was required to crack this scheme.

Step-by-Step

                                                                         9
1. Locate the file #SECUID0 on disk using a catalog listing, which gives the starting block
   number. Multiply this number by 10 to get the starting sector number. Add 1 to that,
   since we're skipping the first sector of the file, which contains pointer information.

2. You must now print out or examine this disk sector. You can use either the PATCH
   procedure, or Alter/Display option 2. If you use Alter/Display, you'll have to convert the
   number to hex (PATCH allows you to enter a decimal sector number, followed by the word
   'DEC'). The file contains 128 byte records, each record starting with X'01'. This
   procedure will show how to decrypt the user-ID and password for the first record - which
   is the master security officer record; thus we are concerned with just the first line (16-
   bytes) of the sector.

3. The remaining steps use the attached worksheet to perform the decryption. After you've
   displayed the sector from disk, write down the 2nd through 9th bytes on worksheet line 1.
   Be sure to skip the first byte (which is X'01').

4. Subtract the hex bytes on line 2 from the corresponding bytes on line 1 and write the
   result on line 3. Treat each byte as an isolated number - don't borrow from neighboring
   bytes. If the result goes negative, don't worry; just use the complement that you come up
   with after subtracting. A hexadecimal calculator is handy here if you're not fluent in hex
   arithmetic.  The result on line 3 is the user-ID in EBCDIC,  which you can convert to
   characters using the attached EBCDIC chart.

5. Now write down the 12th through 15th bytes on the worksheet line 4. Note that you are
   skipping over two bytes.

6. Subtract the hex bytes on line 5 from the corresponding bytes on line 4 and write the result
   on line 6.

7. Write down the 4th through 7th bytes on the worksheet line 7. Subtract the hex bytes on
   line 7 from the corresponding bytes on line 6 and write the result on line 8, which is the
   password in EBCDIC.




Security Decryption Worksheet

1. __ __ __ __ __ __ __ __

2. 32 0A B9 16 8C 59 7E A3

3. __ __ __ __ __ __ __ __  (User-ID in EBCDIC)

4. __ __ __ __

5. B9 16 8C 59

6. __ __ __ __

7. __ __ __ __

8. __ __ __ __  (Password in EBCDIC)




Example: 0106CB9B F95132BE E338D52B D0BF6D3C

1. 06 CB 9B F9 51 32 BE E3

2. 32 0A B9 16 8C 59 7E A3

3. D4 C1 E3 E3 C5 D9 40 40  (User-ID is 'MASTER')
                            ('40' are Space for padding)

          String: MASTER
     ASCII Bytes: 4D4153544552
	EBCDIC Bytes: D4C1E2E3C5D9

4. 2B D0 BF 6D

5. B9 16 8C 59

6. 72 BA 33 14

7. 9B F9 51 32

8. D7 C1 E2 E2  (Password is 'PASS')

          String: PASS
     ASCII Bytes: 50415353
	EBCDIC Bytes: D7C1E2E2
Return to $2600 Index