WS_FTP32 Password Encryption Defeated

Written by Donald Moore (MindRape)


This document will explain how to defeat WS_FTP32 client side password encryption and a temporary solution to resolve this problem. The ease of defeating of this encryption scheme is very alarming, since majority of Windows users on the Internet use WS_FTP32 as their main ftp client. To defeat the encryption routine only takes a few lines of C code.

I would like to thank Nightshd and Yoshi for bringing up this topic and assisting in defeating it!

This document is still in draft, so if you find any problems please email me Damaged Cybernetics.

If you have questions or concerns about this weakness please contact its author, John A. Junod or contact him at his alternative site.


As always Damaged Cybernetics promotes the usage of it's documents for educational purposes only. If you feel you have a issue concerning our information distrubtion, please contact us.

How serious is this?

Password Details

Defeating It

The password encryption is fairly simple, it closely resembles a Ceasar Cipher.

For every two 1 digit hex value, concatenate them together to produce 1 hex value. Then take it's index (C Styled) in the string and substract from the hex value. This will produce the correct ASCII value.

Lets take the password '48666E6F73255D767A756E2C' (from WS_FTP.INI) and try to decrypt it.

First break down the string into it true hex values.

Since this is a C Style string, it's index starts as 0. Lets decode the password now.

(0x48)-0 = 48 = H
(0x66)-1 = 65 = E
(0x6E)-2 = 6C = L
(0x6F)-3 = 6C = L

Eventually it produces the string 'Hello World!'.

Here is some C source code to do it for you.

Work Around

The recommended work around is not to use the Save Password feature of WS_FTP32. This is generally a good idea across all secured applications. For without the password encryption scheme being publicly reviewed and also the implementation of such a scheme, one should NEVER trust any feature such as this.

© 1995 Damaged Cybernetics