Info on the ARA/PPP username and password.

Q:
Is there any documentation on accessing the ARA/PPP username and password.?


A:
 
The ARA/PPP password is stored using DES encryption with the
username as the key. There are many publically available
implementation of DES. You will need to find a DES
implementation (don't pay the bug bucks, just hunt around
the net, there are many to be found)  A good starting place
is the  crypto FTP archives at 


Only the first 8 characters of the user name affect the
'pass' resource.  If the user name is greater than 8
character it does not matter what the characters are, they
have no effect.  The password, however, appears to have the
capability of using all 255 characters although I did not
actually test this.

The 'pass' resource is created as follows.  First the user
name is truncated to 8 characters.  Then the user name and
password are padded with zeros to be a fixed size buffer. 
The user name is 8 bytes zero padded and the password is 255
bytes zero padded.  The 8 byte user name is used as a key
but shifted one bit and munged as you described.  The 'pass'
resource we create will be 256 bytes long.  The first byte
is always zero.

Use the DES library  to encrypt 8 bytes at a time and then
append the encrypted bytes to the resource.  The resource
starts as off as one zeroed out byte.  Each pass through the
loop encrypts another 8 bytes using the same munged user
name for the key and the next 8 characters of the password
as the data until all 255 characters of the password are
used.

Since the first byte of the resource is the "always zero"
byte that adds up to 256.


If I were using the RSA version,  I would build an EncryptPassword
routine to look like:


void EncryptPassword(						// encrypt a password using the user name as key
					char *pUserName,		// the user name
					char *pPasswordIn,		// the password
					char *rPasswordOut)		// returns the encrypted password
{
// assumes null terminated strings for user name, and password in
// the password out buffer must be the (((password in buffer + 7) / 8) * 8)
// where the password in length includes the null termination char

	char		vKey[8];
	DES_CTX		vDESContext;

	struct{
			unsigned long hi;
			unsigned long lo;
			} shiftedKey;

// copy the password from the input to the output buffer (null padded)
	memset(rPasswordOut, 0, ((strlen(pPasswordIn) + 8) / 8) * 8);
	strcpy(rPasswordOut, pPasswordIn);

// make the key (null padded)

	memset(vKey, 0, 8);
	strncpy(vKey, pUserName, 8);

//each 32 bits word of the key must be shifted left by 1 bit before calling DESEncryptInit.
	memcpy(&shiftedKey, vKey, 8);
	shiftedKey.hi =shiftedKey.hi << 1;
	shiftedKey.lo =shiftedKey.lo  << 1;
	memcpy(vKey, &shiftedKey, 8);

// initialize DES encryption
	memset(&vDESContext, 0, sizeof(vDESContext));
	DESEncryptInit(&vDESContext, (unsigned char*) vKey);

// encrypt the password

	DES( 	(POINTER) &vDESContext, 
			(unsigned char*) rPasswordOut, 
			(unsigned char*) rPasswordOut);

	return;
}

Back to my homepage