| Poster | Thread |
 Hypex
 |  |
How to uncover YAM password?
Posted on 3-Feb-2019 15:03:00
| | [ #1 ] |
|
|
 |
Elite Member
 |
Joined: 6-May-2007
Posts: 11204
From: Greensborough, Australia | | |
|
| Hello.
I have a few accounts setup in YAM. All but one are disabled. But I notice that the ones I have setup have hidden passwords. How do I uncover the passwords?
I have myself set up as an admin user, but it has made no difference. Though my user has no login password if that makes any difference. All I see are stars in the password fields.
Passwords are mentioned in this link below but it is unclear as to how to recover a password entered into YAM itself.
https://yam.ch/wiki/FAQ/General%20Questions |
|
| Status: Offline |
|
|
thomas
| |
Re: How to uncover YAM password?
Posted on 4-Feb-2019 8:07:15
| | [ #2 ] |
|
|
 |
Super Member
 |
Joined: 28-May-2003
Posts: 1143
From: Germany | | |
|
| @Hypex
With proper encryption you shoudn't be able to recover the passwords.
However, at least in the past YAM used a very simple algorithm. Something like password written backwards and then each byte EOR'ed with a constant, 0xff or 0xaa or something similar.
If you save a known password, it should be very easy to find out if it is still the case and what the constant is.
Last edited by thomas on 04-Feb-2019 at 08:08 AM.
_________________
Email: thomas-rapp@web.de
Home: thomas-rapp.homepage.t-online.de |
|
| Status: Offline |
|
|
Hypex
| |
Re: How to uncover YAM password?
Posted on 4-Feb-2019 15:26:32
| | [ #3 ] |
|
|
|
Elite Member
|
Joined: 6-May-2007
Posts: 11204
From: Greensborough, Australia | | |
|
| @thomas
Thanks. I looked through it and a pattern showed up. I could make out some letters from an educated guess. Then it became like one of those alphabet puzzles. Didnt get all symbols but enough to figure out what was there.
After some modification I get the constant $A4. Which doesn't look that special. But gave me close enough results.
I agree with proper encryption passwords shouldn't be recoverable. But, like on my phone, I don't see the sense of entering a password and not being to ever see it again. Since I entered that password I should be master of it. It would be good if YAM (and my phone) had some kind of master password that would reveal the hidden one. |
|
| Status: Offline |
|
|
thomas
| |
Re: How to uncover YAM password?
Posted on 4-Feb-2019 17:37:14
| | [ #4 ] |
|
|
|
Super Member
|
Joined: 28-May-2003
Posts: 1143
From: Germany | | |
|
| @Hypex
Here is an ARexx script which decodes all passwords in the YAM config:
/* rexx */
if open(in,"yam:.config",read) then do
l = readln(in)
do while (~eof(in))
parse var l . "." key . val
select
when key = "User" then
user = strip(val)
when key = "Password" then do
pw = ""
do while (val ~= "")
parse var val x val
pw = bitxor(d2c(x),'a4'x)||pw
end
say user pw
end
otherwise
nop
end /* select */
l = readln(in)
end
call close(in)
end
_________________
Email: thomas-rapp@web.de
Home: thomas-rapp.homepage.t-online.de |
|
| Status: Offline |
|
|
Hypex
| |
Re: How to uncover YAM password?
Posted on 5-Feb-2019 13:59:41
| | [ #5 ] |
|
|
|
Elite Member
|
Joined: 6-May-2007
Posts: 11204
From: Greensborough, Australia | | |
|
| @thomas
Nice one. I had my doubts about the $A4 since it seemed 'odd" and just short of $AA in binary. But there were lower case letters represented by odd numbers which would be cancelled out by an $AA making them even. I didn't check the YAM source. So $A4 it is.
Tested the script and it works well. Thanks again.  |
|
| Status: Offline |
|
|
9 crawler(s) on-line.
101 guest(s) on-line.
0 member(s) on-line.
