Subject: Re: New Allaire Security Zone Bulletins and KB Articles To: BUGTRAQ@SECURITYFOCUS.COM On Tue May 25 1999, James Stephens wrote: > > At 03:00 PM 5/24/99 -0700, aleph1@UNDERGROUND.ORG wrote: > > > ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted > > Has anyone seen the program that can alegedly decrypt encrypted cfml pages? Indeed I recently needed such a tool to legitimately recover lost source. Since I couldn't find one on the Internet I ended up writing it myself. The source is attached. Matt/* CFDECRYPT: Decrypt Cold Fusion templates encrypted with CFCRYPT Matt Chapman Usage: cfdecrypt decrypted.cfm Requires a DES encryption library to compile. */ #include #include "des.h" int main(void) { char *header = "Allaire Cold Fusion Template\012Header Size: "; char buffer[54]; int headsize, outlen; int skip_header; int len, i; char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012"; des_cblock key; des_cblock input; des_cblock output; des_key_schedule schedule; if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42))) { fprintf(stderr, "File is not an encrypted template\n"); return 1; } if (!memcmp(&buffer[42], "New Version", 11)) { headsize = 69; skip_header = 1; } else { headsize = atoi(&buffer[42]); skip_header = 0; } if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0)) { fprintf(stderr, "Error in file format\n"); return 1; } des_string_to_key(keystr, &key); des_set_key(&key, schedule); outlen = 0; while ((len = fread(input, 1, 8, stdin)) == 8) { des_ecb_encrypt(&input, &output, schedule, 0); outlen += 8; i = 0; if (skip_header) { while (i < 8) { if (output[i++] == 0x1A) { skip_header = 0; break; } } } fwrite(output + i, 1, 8 - i, stdout); } for (i = 0; i < len; i++) { output[i] = input[i] ^ (outlen + i); } fwrite(output, 1, len, stdout); return 0; }