Pascal PW Hack

OK, seriously, I need to hack a PW. Here's the background:

The factory I work in has some equipment that uses a PLC with a routine set up in Turbo Pascal, which I know nothing about. Changes to this programming is password protected and the notes from the engineer who set this up 10+ years ago details where the file containing the PW's is located.

The PW file is called PWs.dat and according to the documentation left by the engineer, "The file containing the passwords has been mildly encoded so that the passwords are not available by simply viewing the file. A true hacker would have no trouble gaining access, but the simply curious are not likely to gain access". Unfortunately, I don't know how to decrypt this.

If anyone has an idea on how to get to the PW encrypted in this file, please let me know. I know that this is outside of TR's normal ethical boundaries, but it's a serious request. Feel free to PM me if you'd rather not post. I'd even be happy to send you a copy of the PWs.dat file if I trust you. happy

Tags: security, software, programming

DMambo

21st May 2009

Answer the Question

Answers (5)

Preferences

0 Votes

+ -

I might be able to help

If You trust me you can send me the file, I will recover the passwords for you I have a few programs on my machine for this and also because I am currently taking my CEH so it will be good to help if you let me.

Peer me if you would like me to help.

Wizard-09

21st May 2009

0 Votes

+ -

Guy needs a kick in the nads

Presumably it's when you want to change the PLC programming with the app, in which case the encrypt/decrypt mechanism will be in the app's source, and it could be ripped out.

The other thing to look for unless he did this 'by hand' is a piece of code to maintain the dat file.

You can PM with the file if you want, as I trust you not be doing something naughty.

Some clues such as the longest strings you can put in (user name , password), and a user name themselves would help.

Tony Hopkinson

21st May 2009

0 Votes

+ -

Have you tried viewing the file?

just to see what you could see?

might be easier to track the programmer down, if he is still alive?

Good luck with that......

jdclyde

21st May 2009

Replies

In notepad, it looks like this:

3S5TEUv'v?v

It's a 6 char case-sensitive PW.

I haven't tried to use 3S5TEU, but given that the guy's name was Stu, it might be worth a try. I assumed that given his documentation, it would not be viewable so easily.

DMambo 21st May 2009

Flag

lock out on the program after so many failed attemps, if not maybe hit it with a dictionary attack?

If the password has been saved on the computer I have a tool that might be able to get it, it will get all passwords on the computer, don't want to say the name of the program on the open form but if you want to try it let me no.

Wizard-09 21st May 2009

Flag

a simple numerical transformation on the ascii values to. Push it through a hex file editor, and you might see more.

Pushing it out as text, depends on what code page you are on.

Am I guessing right and there's no user name for this?

Ie the entire file is one password? Just interesting that theres 18 chars in that string

Tony Hopkinson 21st May 2009

Flag

0 Votes

+ -

Find someone who know assembly language and have him trace..

through the code using Turbo Debugger.
I suspect the program is small and that it would be possible to either understand the encryption or poke the binary to jump and ignore the password.
JS

jslarochelle

23rd May 2009

0 Votes

+ -

I edited the code to gut the PW procedure

I basically just changed the procedure he had for checking the PW against the encrypted file to set the password variable, used in all the other procedures, to true. Problem not solved, but worked around.

DMambo

24th May 2009