              Cracking 'AntiSmEX v2.0 (x)''98 by Shaman [UCL]'

                         by (q) hijaq [UCL]/[rPG]


   When i saw it, I thought, that it wouldn't be so easy... I even tried
to brute-force this password (heh, it would take a lot of time, to do...)
But after 10 minutes of brute-forceing i decided to "analise" this xor'ed
piece of code.
   The password is a 6 typeable characters, but there are 10 cycles of
xor'ing and 'count2' is depending from adding of 60 bytes, but our 'hehe'
is only 59! it means, that the next byte after 'hehe' data must be in
'hehe' too.
   I've ripped 'hehe' with added at the end '40h' to another file and load
it into hex-editor (hiew, because it have built-in XOR function!). That's
how it looks:

00000000:  CF 9D 75 82-DB C4 4F 5A-AA 82 D5 6D-83 4E B9 62  ϝuOZmNb
00000010:  6C 60 B0 4F-30 2D 0F 01-6F 62 7E BC-41 29 2F 06  l`O0-ob~A)/
00000020:  18 62 0C 01-74 4F 03 2A-12 0C 2F 02-15 2C 21 0D  btO*/,!
00000030:  20 0E 19 27-4F 07 21 02-79 48 45 40-              'O!yHE@

   In assembly language data is always (not always, but in this case it
will =))) goes after code... And when we displaying text to screen with
int21h/ah=09h, our text must have '$' in the end... So, what we will do?
We'll xor last character (40h) with '$'. The result is 'd' character...
Maybe it's the 6 letter of our password? Xor last byte back and xor it again,
but now with 'd' (64h) byte. And now let's try to xor every 6th byte of
'hehe' with 'd' (64h) byte, starting from offset 00000005 (as it will be the
6th character of our password)... Now we have this:

00000000:  CF 9D 75 82-DB A0 4F 5A-AA 82 D5 09-83 4E B9 62  ϝu۠OZ Nb
00000010:  6C 04 B0 4F-30 2D 0F 65-6F 62 7E BC-41 4D 2F 06  lO0-eob~AM/
00000020:  18 62 0C 65-74 4F 03 2A-12 68 2F 02-15 2C 21 69  betO*h/,!i
00000030:  20 0E 19 27-4F 63 21 02-79 48 45 24-              'Oc!yHE$

   Nothing interesting? I don't think so... At offset 0000000B we have a
09h byte... Maybe it's a part of text output code? If so, that there maybe
a CDh 21h (int 21h in assembly) bytes? let's try it...
   Xor the next byte after 09h with 0CDh... We will get a 4Eh ('N'). Is it
typeable character? of course yes! Unxor it back and xor again, but with
4Eh ('N'). And don't forget to xor every 6 byte starting from offset 00000000
(as it will be the 1st character of our password).

00000000:  81 9D 75 82-DB A0 01 5A-AA 82 D5 09-CD 4E B9 62  u۠Z Nb
00000010:  6C 04 FE 4F-30 2D 0F 65-21 62 7E BC-41 4D 61 06  lO0-e!b~AMa
00000020:  18 62 0C 65-3A 4F 03 2A-12 68 61 02-15 2C 21 69  be:O*ha,!i
00000030:  6E 0E 19 27-4F 63 6F 02-79 48 45 24-             n'OcoyHE$

   And don't forget to xor byte at offset 0000000D with 21h and then, xor
every 6th character from offset 00000001 with 6Fh ('o') (as it will be 2nd
character of our password).

00000000:  81 F2 75 82-DB A0 01 35-AA 82 D5 09-CD 21 B9 62  u۠5 !b
00000010:  6C 04 FE 20-30 2D 0F 65-21 0D 7E BC-41 4D 61 69  l 0-e!~AMai
00000020:  18 62 0C 65-3A 20 03 2A-12 68 61 6D-15 2C 21 69  be: *ham,!i
00000030:  6E 61 19 27-4F 63 6F 6D-79 48 45 24-             na'OcomyHE$

   You still thinks, that there's nothing interesting?! Maybe you're blind?
We can see 'Mai' (part of 'Mail' ?) at offset 0000001D, 'ham' (part of
'shaman' - nickname of author?) at offset 00000029... So, from this moment,
decrypting of 'hehe' is very simple. We'll assume, that 'ham' is a part of
'shaman'. First character can be 's' or 'S', so we'll take the next character
after 'ham' - 'a'. Xor it and see, that the next character of our password is
't'. Now, what we have in our password? 'Not??d', where is '?' - unknown
characters. It's still looks like typeable characters =)

00000000:  81 F2 01 82-DB A0 01 35-DE 82 D5 09-CD 21 CD 62  ۠5ނ !b
00000010:  6C 04 FE 20-44 2D 0F 65-21 0D 0A BC-41 4D 61 69  l D-e!  AMai
00000020:  6C 62 0C 65-3A 20 77 2A-12 68 61 6D-61 2C 21 69  lbe: w*hama,!i
00000030:  6E 61 6D 27-4F 63 6F 6D-0D 48 45 24-             nam'OcomHE$

   I don't think, that it's necessary to explain, what to do now... You see
enough of plaintext info for decrypting this 'hehe' code by yourself...

   Oh, the password is 'NotBad'

p.s. sorry for my english... it's ain't my native language =)