Hey Programmer's, need to know something. Dont take this in a destructive
way, it is just provided for recovery purposes.
Cisco PIX passwords are limited to a length of 16 Bytes, so in theory
there are 255^16 possible passwords, but in real life there are about
80^16 useful password combinations, take a look at your keyboard to
verify, even if strong passwords are used.
Cisco's password encryption is based on base64 encoded MD5 hashes.
Routers IOS uses 1000 MD5 Update rounds to make password brute forcing
attacks harder, but the PIX firewall uses only one MD5 update and then
the digest is base64 encoded.
For base64 encoding Cisco uses the _crypt_to64() Function of the
FreeBSD libcrypt library.
Here's the code to compute PIX password hashes:
MD5Context ctx1;
unsigned char final[MD5_SIZE+1];
unsigned char cleartext [16+1];
unsigned char cisco_encoded [16+1];
memset(cisco_encoded,0,sizeof(cisco_encoded));
memset(cleartext,0,sizeof(cleartext));
strcpy((char*) cleartext,"test");
MD5Init2(&ctx1);
MD5Update2(&ctx1,(unsigned char*) cleartext,16);
MD5Final2(final,&ctx1);
char* p = (char*) cisco_encoded;
_crypt_to64(p,*(unsigned long*) (final+0),4); p += 4;
_crypt_to64(p,*(unsigned long*) (final+4),4); p += 4;
_crypt_to64(p,*(unsigned long*) (final+8),4); p += 4;
_crypt_to64(p,*(unsigned long*) (final+12),4); p += 4;Regards,
Ashish Saretia.
+919893876066
