Tools needed : *A hex calculator like Windows's one *A brain (we will use it) *Some good music
Firstly, be sure that there is a password for ur screensvare, or u won't be able to
follow this tutorial. When u enter a new password and confirm it, Windows will encrypt it and
"hide" it somewhere in the registry... The registry's key to search for is :
3)Final words
I greet my groups : DQF,
digital Factory, HellForge
and my friends (no specific
order) : ACiD BuRN, BoomBox, BlndAngl, Lucifer48, Volatility, Tscube, Visionz,
amante4, alpine, FatBoyJoe, Warez Pup, Eternal_bliss, r!sc, [mega], Sushi,
MagicRaphoun, TaMaMbolo, Kahel,V-Rom, Ep-180, morrinth, Tres`ni, Dawai, DXF,
CiniMod, xor, Air2k, grAnix, LordOfLa, karlitoXZ, [ManKind], Falcon^,
Dazzler.... and all I've forgotten ;-)
HKEY_CURRENT_USER\Control Panel\Desktop
Then look at the values at your right. If u entered a password, u'll see something like :
ScreenSave_Data 31 42 41 42 33 46 35 42 32 32 33 42 00
I entered seifer as password. My password is 6 chars long and the encrypted password is 12 ascii
codes long plus a last code 00, which will always be here... There are twice more chars for the
encrypted password than for the normal password...
By double clicking on the value ScreenSave_Data u'll see another code : 1BAB3F5B223B
We notice that 31 = hex code for 1, 42 = hex code for B, 41 = hex code for A...
So the former numbers were the hex codes of each chars of the string : 1BAB3F5B223B ! But by
looking a little, we guess that 1B, AB, 3F, 5B, 22, 3B are 6 new hex codes, 6 codes like the
6 chars of my name ! Mmmmm, interesting.
I xored each hex codes with the ascii codes of the password I entered and converted the
results in decimal, I obtained :
115d xor 1Bh = 104d <----- 115d = ascii(s)
101d xor ABh = 206d <----- 101d = ascii(e)
105d xor 3Fh = 86d <----- 105d = ascii(i)
102d xor 5Bh = 61d <----- 102d = ascii(f)
101d xor 22h = 71d <----- 101d = ascii(e)
114d xor 3Bh = 73d <----- 114d = ascii(r)
So, I changed my password, took another one with 6 chars : claire <----- damn, she rocks :)
I did the same calculations with the new encrypted password : 0BA23754352C
99d xor 0Bh = 104d <----- 99d = ascii(c)
108d xor A2h = 206d <----- 108d = ascii(l)
97d xor 37h = 86d <----- 97d = ascii(a)
105d xor 54h = 61d <----- 105d = ascii(i)
114d xor 35h = 71d <----- 114d = ascii(r)
101d xor 2Ch = 73d <----- 101d = ascii(e)
Huh wtf ? Heh, it seems that the encryption routine uses constants and the password's chars
encryption depends only on the ascii code of the char and its position ! Hahaha, what a pretty
difficult algo, good job billy :p !
I repeated several times the sames operation and i least i found the following encryption
keys :
Key(1) = 104
Key(2) = 206
Key(3) = 86
Key(4) = 61
Key(5) = 71
Key(6) = 73
Key(7) = 161
Key(8) = 27
Key(9) = 122
Key(10) = 172
Key(11) = 103
Key(12) = 216
Key(13) = 116
Key(14) = 181,
as u cannot enter more than 14 chars for the screensaver password under Win95 :). If u wanna find your
screensaver's password, just xor the hex code with the key corresponding to its position : first
code xored with first key, second code xored with second key...
I coded a password cracker, which was succesful every time that the password contained
only the chars a to z and A to Z. If there were others chars like numbers, #, ~, é, è..., the
prog would give me a bad password.
I guess why, maybe the compiler fucks up, maybe the algo makes sth different with those
chars... Oh, just another detail, the password isn't case sensitive,
i.e. : entered password : seifer
working passwords : SEIFER, Seifer, seiFER, seifer...