Can I use PHP to encode a plain text password using the same algorithm

Report · Jun 12, 2009

...that Dreamweaver CS3 uses to encode passwords within site configuration files (.ste)? I've built an app to help me manage backing up and restoring my whole WAMP/LAMP configuration. So far, it's pretty sweet. It will generate/export/print/write my Windows hosts file and the httpd-vhosts.conf file in Apache based on domain and user information stored in a MySQL database. Essentially, the next time a disk crashes or I have to format C:, I can load this application into my htdocs folder immediately following an XAMPP installation, and it will build a directory tree for my virtual hosts and reconstitute any software configuration for programs that use XML, like Dreamweaver and FileZilla, with PHP-generated XML. I'm hoping it will help me to avoid drudgery in the future, and I might even be able to polish the code enough to share...but there is still some polishing left to do.

The "Generate Dreamweaver Site(s)" module is functional, now, but I've learned that Dreamweaver encodes stored passwords. At first, I couldn't quite figure out why the SFTP login kept failing during testing. The rest of the reconstituted site worked as expected, however.

I searched Google, and found a website that could accurately decode my Dreamweaver-encrypted password. I figure the encryption algorithm must be available, but what do I know from encryption? Not a whole lot. Can anyone help me on this? Thanks for reading.

Report · Jun 13, 2009

Here you go:

function dw_encrypt($pass) {
     $encrypted = array();
     for ($i = 0; $i < strlen($pass); $i++) {
          $encrypted[] = bin2hex($pass[$i])+$i;
     }
     return implode('', $encrypted);
}

Report · Jun 13, 2009

I tried to log back in to respond to your post, but the servers put me

in an infinite redirect loop of some kind. Tried again to make sure it

wasn't user error. It wasn't. So, I'm responding via email, and

hopefully this will reach you.

Bad news - the function you provided doesn't seem to be producing the

same encrypted string as Dreamweaver.

Report · Jun 13, 2009

The function you provided looks a lot like the solution I tried:

function dreamweaver_pw_encrypt($pw) {

$out = "";

$i = 0;

for ($i = 0; $i < strlen($pw); $i++) {

$out .= sprintf("%02x", ord($pw{$i}));

}

return $out;

}

I found a description of how to decode a Dreamweaver-encrypted password:

(text below found here:

http://www.bartgrantham.com/dreamweaver_password.html)

1) find the password in the .ste file:

pw="62767577697779"

2) break the password into pairs of hexadecimal (0-9,A-F) digits:

62 76 75 77 69 77 79

3) subtract from each hex digit based on it's position in the string (if

you're unfamiliar with hex, consult

your local software developer), starting with 0:

62-0 = 62

76-1 = 75

75-2 = 73

77-3 = 74

69-4 = 65

77-5 = 72

79-6 = 73

4) convert the resulting differences back into ascii:

62 75 73 74 65 72 73

b u s t e r s

And voila... 62767577697779 => 'busters'. Enjoy!

... but although my result is close, it doesn't quite cut the mustard.

Still scratchin' my head.

Report · Jun 13, 2009

If you run "busters" through my function, it produces the correct output (62767577697779).

Report · Jun 13, 2009

Oh, it gets worse. First of all- you're right. Your function does produce 'busters'. So, it does conform to that author's description of the encoding algorithm. Small wrinkle, though. My copy of Dreamweaver CS3 isn't using this algorithm, apparently.

Here's a real example. One of my site passwords, unencoded, is : PassgyYA

Run through your encoder, it produces: 5062757671846548

However, the same password (I've just confirmed this), when encode by Dreamweaver, becomes: 506275766B7E5F48

I don't know what's wrong.. but the solution is so close that I can almost smell it.

Powers' output: 50 62 75 76 71 84 65 48

DW encoder's: 50 62 75 76 6B 7E 5F 48

Report · Jun 13, 2009

In case it helps, here is a javascript encoder/decoder. I've tested it and it works like a champ. I just don't know how to do it in PHP...

Report · Jun 13, 2009

The following function gets the same output for PassgyYA:

function dw_encrypt($pass) {
     $encrypted = array();
     for ($i = 0; $i < strlen($pass); $i++) {
          $hex = bin2hex($pass[$i]);
          $dec = hexdec($hex)+$i;
          $encrypted[] = dechex($dec);
     }
     return implode('', $encrypted);
}

I haven't tried it with any other passwords, but the logic and maths should now be right.

Report · Jun 13, 2009

function dw_encrypt($pass) {
     $encrypted = array();
     for ($i = 0; $i < strlen($pass); $i++) {
          $hex = bin2hex($pass[$i]);
          $dec = hexdec($hex)+$i;
          $encrypted[] = dechex($dec);
     }
     return strtoupper(implode('', $encrypted));
}

One final touch makes it work! Thanks, Mr. Powers. You've been a huge help.