Destripando y securizando (sylpheed) claws mail

Enviado por jack el Jue, 2008-02-07 18:31.

KEYWORDS: How to Decrypt Sylpheed Claws Passwords

This article was originally posted in Spanish, just understanding C it is enough to get the purpose of the post :P Otherwise you can use G00gl3 translate...

Después de muuuuuucho tiempo usando sylpheed, probé claws, un "fork" de sylpheed y vale la pena el cambio, a pesar que lograr compilarlo sobre Mac OS X 10.4 PPC no fue tarea fácil.

A diferencia de sylpheed, claws guarda las contraseñas de nuestras cuentas de correo cifradas o al menos codificadas, a primera vista el fichero ~/.claws-mail/accountrc guarda las contraseñas codificadas en base 64 pero si intentamos decodificarla nos damos cuenta enseguida que no coincide, por lo que de alguna manera debe de cifrarlas.

Si arrancamos claws con la opción de debug:

claws-mail --debug

Claws, amablemente oculta nuestros passwords:

[18:02:38] POP3< +OK Password required.
[18:02:38] POP3> PASS ********
[18:02:38] POP3< +OK logged in.

Lo que no sabía yo que la longitud de la cadena de asteriscos es fija! (ver fichero src/pop.c):

log_print(LOG_PROTOCOL, "POP3> PASS ********\n");

Incluso interceptando las llamadas al sistema (syscalls) tampoco vemos los passwords si usamos POP3S o IMAPS.

Lo que si es seguro que en alguna parte del código de claws se descifran los passwords para autenticarnos en los servidores de correo :)

Tras una búsqueda he dado con el fichero src/common/passcrypt.c, en passcrypt.h está definida la clave como un:

#define PASSCRYPT_KEY "XXXXXXXX"

Claro está que es un cifrador simétrico.

Podemos cifrar o descifrar usando:

void passcrypt_encrypt(gchar *password, guint len);
void passcrypt_decrypt(gchar *password, guint len);

Podemos especificar qué clave usaremos para cifrar los passwords cuando configuramos claws:

./configure --with-passcrypt-key=XXXXXXXX

Teniendo en cuenta que tiene que ser una string de 8 bytes!

Aquí un programilla que descifra todos los passwords de un fichero de cuentas de claws:

/*
 * Program to decrypt sylpheed claws passwords.
 * You must compile it inside your claws source distribution src/common
 *
 * Jacobo Avariento Gimeno
 * Gulcas.org
 */

#include "passcrypt.h"
#include "base64.h"
#include <stdio.h>
#include <strings.h>

#define FICH "/home/user/.claws-mail/accountrc"

int main(int argc, char *argv[]) {
        char buf[1024];
        char tmp[1024];
        int len;
        FILE *f;

        bzero(buf, sizeof(buf));
        bzero(tmp, sizeof(tmp));
        f= fopen(FICH, "r");
        if (f == NULL) {
                printf("Error opening %s.\n", FICH);
                return 1;
        }

        while ( (fgets(tmp, sizeof(tmp)-1, f)) != NULL) {
                if (!strncmp(tmp, "password=", 9)) {
                        printf("Read password line: %s", &tmp[9]);
                        strncpy(buf, &tmp[9], strlen(&tmp[9]));
                } else if (!strncmp(tmp, "smtp_password=", 14)) {
                        printf("Read password line: %s", &tmp[14]);
                        strncpy(buf, &tmp[14], strlen(&tmp[14]));
                }
                if (buf[0] == '!') {
                        len = base64_decode(tmp, &buf[1], strlen(buf)-1);
                        passcrypt_decrypt(tmp, len);
                        tmp[len]= '\0';
                        printf("%s\n", tmp);
                }
                buf[0] = '\0';
        }
        fclose(f);

        return 0;
}

Para compilarlo en Mac OS X, a mí me sirvió con:

gcc base64.c descifra_claws_pass.c passcrypt.c \
-o descifra_claws_pass -Wall \
-I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include \
-L/opt/local/lib -lglib-2.0

Podeis bajaros directamente el fichero fuente desde: http://ciberjacobo.com/scripts/descifra_claws_pass.c

The United States would only

Enviado por stevemartyn el Mar, 2010-07-13 11:56.

The United States would only benefit from the reconnection with the Native Americans because there is far more to the world that could be 642-983 better understood through their eyes rather than the shallow opinions of today's society. Native Americans have always been known to be earthy people who maintain a healthy relationship with the earth. If society would reconnect with the Indians it would 350-050 help in better understanding the present because in order to understand the present fully one must know the past and understand it completely. The society of United States would greatly benefit from learning from the past mistakes done by either United States or Native Americans. Americans and Native Americans didn't get along very well in the past, but with a little more help and determination a bond may form through personal matters. Personal matters E20-322 affect all people no matter what race they are. All humans are affected by their surroundings in some way and this is a way in which all humans relate. To reconnect with the Native Americans would mean that the United States would become closer to the environment and in a way more spiritual ccna certification towards the world. Indians teaching Americans to be more spiritual isn't like a religious spiritual; it is a strong relationship that is constantly growing.

i just got the book last week

Enviado por smith67 el Sáb, 2010-05-22 11:43.

i just got the book last week and went through it a few times. i can understand most of the comments regarding this book, but i dont understand how much of the material can't be used. basically, this book gives you different ways to look at monsters that cwna certification are commonly used in RL campaigns. granted, there arent going to be a plethora of Palemasters in every corner of the Core, dell certification a single encounter can keep PCs on their toes. While i might not like PC's in my campaign to be able to be a Master of Radiance, e20-001 exam questions they might encounter one as an NPC. the same goes with the spells. i like the Evolved and Swarmform templates and havealready applied them to a major NPC villian E20-340 dumps i am developing. they think they know what vampires are? i scoff at such assumptions now!

Update: Destripando y securizando (sylpheed) claws mail

Enviado por jack el Mié, 2009-11-18 00:03.

El 15 de Noviembre de 2009 recibí un correo de Protoblast con unos pequeños cambios para hacer funcionar descifra_claws_pass desde Ubuntu 9.10.

Os podéis descargar el código aquí: http://ciberjacobo.com/scripts/descifra_claws_pass2.c

Básicamente los cambios han sido estos:

--- descifra_claws_pass.c 
+++ descifra_claws_pass2.c
@@ -9,11 +9,12 @@
 #include "passcrypt.h"
 #include "base64.h"
 #include <stdio.h>
-#include <strings.h>
+#include <string.h>
+#include <glib.h>
 
 #define FICH "/home/user/.claws-mail/accountrc"
 
-int main(int argc, char *argv[]) {
+int main(void) {
 	char buf[1024];
 	char tmp[1024];
 	int len;

Para compilar usad:

gcc -lcrypt `pkg-config --cflags --libs glib-2.0` base64.c descifra_claws_pass.c passcrypt.c -o descifra_claws_pass