Giter Club home page Giter Club logo

how-does-xmanager-encrypt-password's Introduction

How Does Xmanager Encrypt password?

1. What is Xmanager?

Xmanager is the market's leading PC X server that brings the power of X applications to a Windows environment.

With Xmanager, X applications installed on remote UNIX based machines run seamlessly with Windows application side by side.

It provides a powerful session management console, easy-to-use X application launcher, X server profile management tool, SSH module and a high performance PC X server for securely accessing a remote and virtualized UNIX and Linux environment.

You can find its official website here.

2. What does indicate that Xmanager encrypts password?

  • If you open Xshell or Xftp in Xmanager and then create a new session, you will find a window like these below:

  • After you input your username and password then click "Ok", Xshell and Xftp will save your configuration at

    %userprofile%\Documents\NetSarang\Xshell\Sessions

    or

    %userprofile%\Documents\NetSarang\Xftp\Sessions

    Here below is an sample configuration file created by Xftp:

  • You can find there is a field named "Password" in configuration file and the content of this field seems to be encoded by Base64 (Yes, you are right).

3. How does Xmanager encrypt password?

  • After disassembling Xmanager by IDA, I find Xmanager use a stream cipher to encrypt password. The stream cipher is an RC4 stream cipher. Here below is what Xmanager did:

    1. Generate key used in RC4 stream cipher.

    • Xmanager use SHA-256 hash algorithm to generate key.

      The key is the SHA-256 digest of the current OS account's SID string.

      You can use whoami /user in Command Prompt to check your current OS account's SID string.

      For example if your current OS account's SID string is S-1-5-21-917267712-1342860078-1792151419-512, the 32-bytes-long SHA-256 digest is

      unsigned char Key[32] = {
    0xCE, 0x97, 0xBE, 0xA9, 0x0C, 0x2A, 0x40, 0xB9,
    0x5C, 0xC0, 0x79, 0x74, 0x1D, 0xDC, 0x03, 0xCB,
    0x39, 0xAB, 0x3D, 0xE5, 0x26, 0x7A, 0x3B, 0x11,
    0x05, 0x4B, 0x96, 0x3C, 0x93, 0x6F, 0x9C, 0xD4
};

    • NOTICE:
      Start from Xmanager Enterprise 5 (Build 1249): (Maybe lower)

      Xshell.exe: 5.0.0052,
      Xftp.exe: 5.0.0051,
      nssock2.dll: 5.0.0028,
      nsssh3.dll: 5.0.0045,
      nsprofile2.dll: 5.0.0028,
      nslicense.dll: 5.0.0026,
      nsutil2.dll: 5.0.0037,
      nsverchk.exe: 5.0.0011,
      Xagent.exe: 5.0.0020

      Xmanager Changes the algorithm of generating key. Now the key is the SHA-256 digest of the combination of current OS account's name(case sensitive) and current OS account's SID string.

      For example if your current OS account's name is Administrator and current OS account's SID string is S-1-5-21-917267712-1342860078-1792151419-512, the key is the 32-bytes-long SHA-256 digest of AdministratorS-1-5-21-917267712-1342860078-1792151419-512, exactly speaking:

      unsigned char Key[32] = {
    0x8E, 0x12, 0x29, 0xDC, 0x1F, 0x34, 0x56, 0xB9,
    0xBB, 0xCD, 0x94, 0xC2, 0xAB, 0x0A, 0xF3, 0xB9,
    0x95, 0x96, 0x6F, 0x06, 0xE3, 0x9D, 0x24, 0x80,
    0x6A, 0x74, 0xCD, 0x7E, 0x0B, 0x69, 0xB3, 0x78
};

    2. Calculate SHA-256 digest of original password.

    • if your original password is "This is a test", the SHA-256 digest is:

      unsigned char CheckCode[32] = {
    0xC7, 0xBE, 0x1E, 0xD9, 0x02, 0xFB, 0x8D, 0xD4,
    0xD4, 0x89, 0x97, 0xC6, 0x45, 0x2F, 0x5D, 0x7E,
    0x50, 0x9F, 0xBC, 0xDB, 0xE2, 0x80, 0x8B, 0x16,
    0xBC, 0xF4, 0xED, 0xCE, 0x4C, 0x07, 0xD1, 0x4E
};

      The 32-bytes-long data will be regarded as the checksum appended to the encrypted password.

    3. Initialize cipher.

    • Xmanager use the key generated to initialize RC4 cipher.

    4. Encrypt password.

    • Xmanager use the initialized RC4 cipher encrypt original password.

      If the original password is "This is a test", the result is

      unsigned char encrypted_pwd[] = {
    0x84, 0x83, 0x31, 0x23, 0x24, 0x37, 0x1D, 0xB2,
    0x6C, 0x54, 0x87, 0x5B, 0x6E, 0xE9
};

    • NOTICE:
      After Xmanager Enterprise 5 (Build 1249): (Maybe lower)

      the result should be

      unsigned char encrypted_pwd[] = {
    0xCE, 0xFD, 0xB5, 0x3B, 0x5C, 0x78, 0xDE, 0xA4,
    0x6C, 0xDD, 0xCE, 0x4D, 0x72, 0x40
};

    5. Append checksum to encrypted password.

    • The final result is the encrypted password with the checksum.

      EXAMPLE:

      unsigned char final_result[] = {
    0x84, 0x83, 0x31, 0x23, 0x24, 0x37, 0x1D, 0xB2,
    0x6C, 0x54, 0x87, 0x5B, 0x6E, 0xE9, 0xC7, 0xBE,
    0x1E, 0xD9, 0x02, 0xFB, 0x8D, 0xD4, 0xD4, 0x89,
    0x97, 0xC6, 0x45, 0x2F, 0x5D, 0x7E, 0x50, 0x9F,
    0xBC, 0xDB, 0xE2, 0x80, 0x8B, 0x16, 0xBC, 0xF4,
    0xED, 0xCE, 0x4C, 0x07, 0xD1, 0x4E
};

    • NOTICE:
      After Xmanager Enterprise 5 (Build 1249): (Maybe lower)

      the result should be

      unsigned char encrypted_pwd[] = {
    0xCE, 0xFD, 0xB5, 0x3B, 0x5C, 0x78, 0xDE, 0xA4,
    0x6C, 0xDD, 0xCE, 0x4D, 0x72, 0x40, 0xC7, 0xBE,
    0x1E, 0xD9, 0x02, 0xFB, 0x8D, 0xD4, 0xD4, 0x89,
    0x97, 0xC6, 0x45, 0x2F, 0x5D, 0x7E, 0x50, 0x9F,
    0xBC, 0xDB, 0xE2, 0x80, 0x8B, 0x16, 0xBC, 0xF4,
    0xED, 0xCE, 0x4C, 0x07, 0xD1, 0x4E
};

    6. Convert the final result to Base64 format and store it in configuration file.

    • Convert the final result to Base64 format. Then store it to configuration file.

      EXAMPLE: hIMxIyQ3HbJsVIdbbunHvh7ZAvuN1NSJl8ZFL11+UJ+82+KAixa89O3OTAfRTg==

    • NOTICE:
      After Xmanager Enterprise 5 (Build 1249): (Maybe lower)
      it should be zv21O1x43qRs3c5NckDHvh7ZAvuN1NSJl8ZFL11+UJ+82+KAixa89O3OTAfRTg==

4. How to use XmanagerCrypto.py

  • Make sure that you have installed Python3.
  • Make sure that you have installed pypiwin32, pycryptodome module.

  1. Encrypt Password:

    E:\GitHub\how-does-Xmanager-encrypt-password\python3\Xmanager5CryptoHelper.py -e "This is a test"
zv21O1x43qRs3c5NckDHvh7ZAvuN1NSJl8ZFL11+UJ+82+KAixa89O3OTAfRTg==

  2. Decrypt Password:

    E:\GitHub\how-does-Xmanager-encrypt-password\python3\Xmanager5CryptoHelper.py -d "zv21O1x43qRs3c5NckDHvh7ZAvuN1NSJl8ZFL11+UJ+82+KAixa89O3OTAfRTg=="
This is a test

how-does-xmanager-encrypt-password's People

Contributors

doublelabyrinth avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.