Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
miska2016-03-12 14:26:14
Roundcube
miska, 2016-03-12 14:26:14

How to decrypt password from roundcube session?

There is a table session in the roundcube database, my session is stored there and encrypted (in 3des if I'm not mistaken the password to it) -
imap_ssl|N;password|s:32:"32characters"
I have $rcmail_config['des_key']
cbc
What I still need to decrypt it and how to do it.
Online services for examples ask for some kind of IV. where to get it from?
here is the decryptor code

public function decrypt($cipher, $key = 'des_key', $base64 = true)
  {
    if (!$cipher)
      return '';

    $cipher = $base64 ? base64_decode($cipher) : $cipher;

    if (function_exists('mcrypt_module_open') &&
        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
    {
      $iv_size = mcrypt_enc_get_iv_size($td);
      $iv = substr($cipher, 0, $iv_size);

      // session corruption? (#1485970)
      if (strlen($iv) < $iv_size)
        return '';

      $cipher = substr($cipher, $iv_size);
      mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
      $clear = mdecrypt_generic($td, $cipher);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    else {
      @include_once 'des.inc';

      if (function_exists('des')) {
        $des_iv_size = 8;
        $iv = substr($cipher, 0, $des_iv_size);
        $cipher = substr($cipher, $des_iv_size);
        $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
      }
      else {
        raise_error(array(
          'code' => 500, 'type' => 'php',
          'file' => __FILE__, 'line' => __LINE__,
          'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
        ), true, true);
      }
    }

    /*-
     * Trim PHP's padding and the canary byte; see note in
     * rcmail::encrypt() and http://php.net/mcrypt_generic#68082
     */
    $clear = substr(rtrim($clear, "\0"), 0, -1);

    return $clear;
  }

  /**
   * Generates encryption initialization vector (IV)
   *
   * @param int Vector size
   * @return string Vector string
   */
  private function create_iv($size)
  {
    // mcrypt_create_iv() can be slow when system lacks entrophy
    // we'll generate IV vector manually
    $iv = '';
    for ($i = 0; $i < $size; $i++)
        $iv .= chr(mt_rand(0, 255));
    return $iv;
  }

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
T
TyzhSysAdmin, 2016-03-12
@POS_troi

You have before your eyes a code in which you can clearly see where iv comes from

$des_iv_size = 8;
        $iv = substr($cipher, 0, $des_iv_size);

Similar questions
A
Andrej Kopp2022-03-10 12:47:02
How to install plugins in Roundcube 1.5.2 integrated into ISPmanager 5 Lite? 1Reply
H
heihachi882014-11-03 23:42:44
How to raise a mail server with exim, dovecot, roundcube? 2Reply
B
blueboar22014-12-23 15:10:20
How to connect owncloud to Roundcube? 0Reply
V
Vyacheslav Kordienko2017-01-24 17:54:38
Not sending mail with Rcube? 1Reply
D
Dorothy2019-07-09 10:05:01
How to make single folder structure for dovecot? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question