#!/usr/bin/perl ############################################################################ # Given a valid obfuscated string file format, it will quickly print # out the string "handles", and the unobfuscated strings. # # No comments, blank lines or rotation values are printed. # ### # # The string file format is discussed in the obf.pl file and should be # present in most string files themselves. # # If the rotations given are inaccurate, and you really need to know what # the real strings are, I've left it as an excersize for you to generate # all string rotations possible. Have fun. # ### # # Credits: Ideas taken from # http://www.perlmonks.org/index.pl?node_id=385552 # Thanks to TZapper and Tachyon's posts # http://search.cpan.org/author/JUERD/Crypt-Caesar-0.01/Caesar.pm # http://search.cpan.org/author/AYRNIEU/Crypt-Rot13-0.6/Rot13.pm # http://www.perlmonks.org/index.pl?node_id=421114 # Thanks to Tanktalus # #----------------------------------------------------------------------- # Copyright (C) 2005 Scott L. Miller (scott.l.miller@gmail.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA #----------------------------------------------------------------------- # Written January, 2005 by Scott L. Miller # # Date: # 01/28/2005 SLM Initial release # ############################################################################ sub Usage { print < or: | $0 where: or piped in text is a "string file" generally containing passwords or SNMP community strings that are obfuscated. this script will unobfuscate all strings within a correctly formated "string file" provided all rotation identification numbers for those strings are acurate. EOF } ############################################################################ # pwdrot uses the idea of rot13 and expands the characters affected by the # rotations to include all 94 normal printable ascii characters. # ie. chr(33) '!' - chr(126) '~'. The rotations are thus mod 94. # # Default rotation if not supplied is 47 ############################################################################ sub pwdrot { my $pwd = shift; my $degree = (@_ > 0) ? ((shift) % 94) : 47; if ($degree == 0) { return $pwd; } if (length($pwd) == 0) { return $pwd; } $rangestr = "\\" . sprintf("%03lo",$degree+33) . "-\\176\\041-\\" . sprintf("%03lo",$degree+32); unless ($pwdrots{$degree}) { my $rangstr = "\\" . sprintf("%03lo",$degree+33) . "-\\176\\041-\\" . sprintf("%03lo",$degree+32); $pwdrots{$degree} = eval "sub { \$_[0] =~ tr[\041-\176][$rangstr]; }" } $pwdrots{$degree}->($pwd); return $pwd; } ############################################################################ # Find rotation notations characterized by a decimal number appearing alone # on a line, unobfuscate the strings using the given rotation information. ############################################################################ sub process_line { s/(^\s+)//; #remove indentation if any if(/^$/) { return; } #ignore blank lines if(/^#/) { return; } #ignore comments chomp; my ($result,$handle,$whitespace,$snmpstring); ($handle,$whitespace,$snmpstring) = split /(\s+)/; if(!defined($snmpstring)) { $curdist = int($_); return; } if(!defined($curdist)) { print "# Rotation undefined, assuming 0 rotation.\n"; $curdist = 0; } $result = pwdrot( $snmpstring, $curdist * -1 ); print $handle . $whitespace . $result . "\n"; return; } ########################################################################### # Program begins here # # Read "string files" given via the command line, and/or piped in. ########################################################################### if( -t && scalar(@ARGV) == 0 ) { print " No file supplied!\n"; &Usage; exit 0; } local $curdist; if(! -t) { while() { &process_line; } } if( scalar(@ARGV) > 0 ) { while (<>) { &process_line; } } exit;