Question:
from /forums/viewtopic.php?t=104159
i am asking which function module to unencrypt the password in the RFC destination
_________________
The heart has its reasons which reason knows not of
PASCAL
Answer:
There is no function module to de-encrypt the password, kind of defeats the purpose of the encryption... It is an algorythm you have to code in an ABAP, I though I posted it here many moons ago, I currently do not have access to it
Answer:
There is no function module to de-encrypt the password, kind of defeats the purpose of the encryption... It is an algorythm you have to code in an ABAP, I though I posted it here many moons ago, I currently do not have access to it
If you have access to USR02 in the destination system, you can also try to crack the password.
All you need is USR02-BNAME and USR02-BCODE.
The same logic should apply to the "encrypted" RFC password.
Just debug SM59, and use the C kernel function which is used for "encryption".
Answer:
They are NOT the same encryption. THe USR02 encryptionis FAR more sophysticated. The SM59 4.5- is a letter shift. 4.5+ is a letter shift based on time and date of encryption.
Answer:
They are NOT the same encryption. THe USR02 encryptionis FAR more sophysticated. The SM59 4.5- is a letter shift. 4.5+ is a letter shift based on time and date of encryption.
I know it's not the same encryption.
However, I didn't know SM59 uses such a weak mechanism.
But even if the USR02 password hash is far more sophisticated than SM59, it's still weak - compared to other passsword mechanisms.
E.g., the time required to calculate one FreeBSD MD5 hash allows to calculate 300 SAP password hashes.
And compared to OpenBSD Blowfish, the SAP password hash function is 5000 times faster.
This speed (combined with the max. password length and the missing case sensitivity) makes cracking SAP passwords so easy.
Another comparison:
While many people have USR02 / USH02 access (at least in development and test systems), in modern Unix systems only root has access to password hashes.
This makes dictionary attacks on passsword hashes much more likely.
(Bruce Schneier "Sectrets and Lies" mentions studies of actual passwords showing that 86 percent of all password are easily crackable.
In a SAP environment you might have even more success, since USH02 allows cracking previously used passwords, which might provide useful hints about the actual passsword.)
Answer:
Hi,
Does anybody know if a tool exists for cracking the USR02 passwords?
If not, does anybody know which function module is used for the encryption? With this function module, it should be possible to write a program in ABAP for cracking the USR02 passwords.
Regards, Jeroen
Answer:
The function module that is easiest to use is SUSR_USER_PASSWORD_PUT but you have to be expertly skilled in ABAP to retreive the data that you are looking for as it requires an undocumented ( or hard to find documentation) feature in ABAP.
THe 'C' call used is XXPASS but as of version 4.5 SAP will lock your ID and through you off the system if you attempt to use it directly in an ABAP.
As with anything, if there is a will there is a way.....
Answer:
Hi,
Does anybody know if a tool exists for cracking the USR02 passwords?
If not, does anybody know which function module is used for the encryption? With this function module, it should be possible to write a program in ABAP for cracking the USR02 passwords.
Regards, Jeroen
You can use the method described by John.
It requires some skill.
It causes some overhead.
You neeed an SAP system to crack passwords, but
-usually you don't want to crack passwords in a system where other users might have access to the creacked passwords
-using a MiniSAP or similar system for password cracking certainly violates the license.
The performance is not optimal, due to the huge overhead.
The other option would be to find out how the encryption works, and create a tuned version of a SAP password cracking tool.
Might require a different set of skills, compared to just using SUSR_USER_PASSWORD_PUT.
http://www.abapforum.com/forum/viewtopic.php?p=5040#5040
it's in German - but you should be able to get the basic idea when feeeding the page to babelfish (even if the translation is far from perfect):
http://babelfish.altavista.com/
What would you want to do with such a tool?
Answer:
Not sure what the fascination of De-encrypting or guessing a password is since it is far easier to just replace the password temporarily and then login and the replace the old pasword. a simple ABAP will allow you to do it and there are several TROJAN HORSES delivered by SAP that will allow you the access.
And if you want to "write something", why do you care if you are violating a MINISAP liscense, after all the action of decrypting a password is larcenous and a liscense agreement is not going to stop you, and frankly I have not seen any liscence police at my door, and it is one that probably be checked...