Kmail password decoding - Mandriva

This is a discussion on Kmail password decoding - Mandriva ; I need to 'recover' the mail-server passwords which Kmail has stored in its config file. Although the Kmail manual says that Kmail cannot really encrypt passwords, they aren't stored as 'clear' in the config file (~/.kde/share/config/kmailrc) and I can't see ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Kmail password decoding

  1. Kmail password decoding

    I need to 'recover' the mail-server passwords which Kmail has stored in
    its config file.

    Although the Kmail manual says that Kmail cannot really encrypt passwords,
    they aren't stored as 'clear' in the config file
    (~/.kde/share/config/kmailrc) and I can't see how to decrypt them. Does
    anyone know how? (I could try using a packet sniffer while Kmail is
    logging in to the servers, I suppose, but I'd prefer not to if there's a
    better way).

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  2. Re: Kmail password decoding

    On Sat, 09 Feb 2008 15:54:19 -0500, Whiskers wrote:

    > (~/.kde/share/config/kmailrc) and I can't see how to decrypt them. Does


    Open the file in khexedit. Find the string after pass=. It'll have three
    characters, for each character in the password.

    You can ignore the first two of each, EF BE, unless you're using non-ascii
    characters, and simplify the decryption by subtracting the third byte
    from 11F. For example, if the first byte of the password is shown as
    EF BE C5, use kcalc, in hex mode to get 11F - C5, which is 5A

    $ ascii 5A
    ASCII 5/10 is decimal 090, hex 5a, octal 132, bits 01011010: prints as `Z'
    Official name: Majuscule Z
    Other names: Capital Z, Uppercase Z

    So, in this example, the first character of the password is Z.

    If you are using strange characters (i.e. the first two are not shown
    as EF BE, I think subtracting the three bye value from EFBF1F will get
    you the hex value, of the single character.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  3. Re: Kmail password decoding

    On 2008-02-10, David W. Hodgins wrote:
    > On Sat, 09 Feb 2008 15:54:19 -0500, Whiskers wrote:
    >
    >> (~/.kde/share/config/kmailrc) and I can't see how to decrypt them. Does

    >
    > Open the file in khexedit. Find the string after pass=. It'll have three
    > characters, for each character in the password.


    I use mcedit to view the file in Hex, which is equivalent I think; the
    three-for-one substitution was throwing me off though - and the numbers
    were far too large to look like us-ascii codes! (But they do display as
    UTF-8 characters).

    > You can ignore the first two of each, EF BE, unless you're using non-ascii
    > characters, and simplify the decryption by subtracting the third byte
    > from 11F. For example, if the first byte of the password is shown as
    > EF BE C5, use kcalc, in hex mode to get 11F - C5, which is 5A
    >
    > $ ascii 5A
    > ASCII 5/10 is decimal 090, hex 5a, octal 132, bits 01011010: prints as `Z'
    > Official name: Majuscule Z
    > Other names: Capital Z, Uppercase Z
    >
    > So, in this example, the first character of the password is Z.
    >
    > If you are using strange characters (i.e. the first two are not shown
    > as EF BE, I think subtracting the three bye value from EFBF1F will get
    > you the hex value, of the single character.
    >
    > Regards, Dave Hodgins


    Thanks; I think I get the idea. Sometimes, instead of the sequence for
    each character being , I do have . This seems to
    signify a numeral in the clear-text version of the password, and that
    instead of subtracting the displayed xx from 11F it should be subtracted
    from DF - so that for example, given the sum is DF-AB=34 -->
    us-ascii character 4 rather than 11F-AB=74 --> t (or to use all the hex
    numbers, subtract EFBFAB from EFBFDF).

    This method does extract known passwords from kmailrc, so it looks as
    though I can use it to get the unknown ones reliably.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  4. Re: Kmail password decoding

    On Sun, 10 Feb 2008 18:22:19 -0500, Whiskers wrote:

    > Thanks; I think I get the idea. Sometimes, instead of the sequence for
    > each character being , I do have . This seems to


    Note that spaces and exclamation marks are not encoded.

    Here's the actual code from kdepim-3.5.7/kmail/kmaccount.cpp, for anyone
    more familiar with the qt string/char/unicode handling ...

    //-----------------------------------------------------------------------------
    QString KMAccount::encryptStr(const QString &aStr)
    {
    QString result;
    for (uint i = 0; i < aStr.length(); i++)
    /* yes, no typo. can't encode ' ' or '!' because
    they're the unicode BOM. stupid scrambling. stupid. */
    result += (aStr[i].unicode() <= 0x21 ) ? aStr[i] :
    QChar(0x1001F - aStr[i].unicode());
    return result;
    }

    //-----------------------------------------------------------------------------
    QString KMAccount::importPassword(const QString &aStr)
    {
    unsigned int i, val;
    unsigned int len = aStr.length();
    QCString result;
    result.resize(len+1);

    for (i=0; i {
    val = aStr[i] - ' ';
    val = (255-' ') - val;
    result[i] = (char)(val + ' ');
    }
    result[i] = '\0';

    return encryptStr(result);
    }

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  5. Re: Kmail password decoding

    On 2008-02-11, David W. Hodgins wrote:
    > On Sun, 10 Feb 2008 18:22:19 -0500, Whiskers wrote:
    >
    >> Thanks; I think I get the idea. Sometimes, instead of the sequence for
    >> each character being , I do have . This seems to

    >
    > Note that spaces and exclamation marks are not encoded.


    Ah, that's worth knowing!

    > Here's the actual code from kdepim-3.5.7/kmail/kmaccount.cpp, for anyone
    > more familiar with the qt string/char/unicode handling ...


    snip

    That's a bit over my head ...

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

+ Reply to Thread