{"id":156,"date":"2012-02-06T00:21:45","date_gmt":"2012-02-06T00:21:45","guid":{"rendered":"http:\/\/joelinoff.com\/blog\/?p=156"},"modified":"2012-02-27T00:59:44","modified_gmt":"2012-02-27T00:59:44","slug":"nx-password-scrambling-and-unscrambling-algorithms-python","status":"publish","type":"post","link":"https:\/\/joelinoff.com\/blog\/?p=156","title":{"rendered":"NX password scrambling and unscrambling algorithms in python 2.7"},"content":{"rendered":"

The NX web page entitled “The password scrambling algorithm in NX client<\/strong><\/span><\/a>” describes their password scrambling algorithm in C++ and perl but it does not describe it in python. Nor does it describe how to unscramble the data.<\/p>\n

This blog describes how I implemented both algorithms in python. I was surprised that NX didn’t use a standard symmetrical key algorithm like blowfish or DES for storing the keys but they must have some good reason.
\n<\/p>\n

DOWNLOADS<\/h1>\n\n\n\n\n\n\n\n\n
Script<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
nxpasswd.py<\/a><\/td>\nScrambling algorithm.<\/td>\n<\/tr>\n
nxpasswd.cc<\/a><\/td>\nScrambling algorithm in vanilla C++. The NoMachine example assumes that you are using the Qt library.<\/td>\n<\/tr>\n
nxdecode.py<\/a><\/td>\nUnscrambling algorithm.<\/td>\n<\/tr>\n
test.sh<\/a><\/td>\nTest script.<\/td>\n<\/tr>\n<\/tbody\n<\/table>\n

SCRAMBLING ALGORITHM<\/h1>\n

The scrambling algorithm is more for visual obfuscation than security as is clearly stated on their web page. <\/p>\n

[crayon lang=”python” toolbar=”always” title=”SCRAMBLE”]
\n#!\/usr\/bin\/env python
\n# ================================================================
\n# Author : Joe Linoff
\n# Date : 2012-02-04
\n# Version: 1.0
\n#
\n# Implements the password scrambling algorithm used by NX in python as
\n# defined here:
\n#
\n# http:\/\/www.nomachine.com\/ar\/view.php?ar_id=AR01C00125
\n# https:\/\/gist.github.com\/902387
\n#
\n# Usage:
\n# .\/nxpasswd.py import os
\n# ================================================================
\nimport os
\nimport sys
\nimport string
\nimport time<\/p>\n

validCharList = [
\n “!”, “#”, “$”, “%”, “&”, “(“, “)”, “*”, “+”, “-“,
\n “.”, “0”, “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”,
\n “9”, “:”, “;”, “<\", \">“, “?”, “@”, “A”, “B”, “C”,
\n “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”,
\n “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”,
\n “X”, “Y”, “Z”, “[“, “]”, “_”, “a”, “b”, “c”, “d”,
\n “e”, “f”, “g”, “h”, “i”, “j”, “k”, “l”, “m”, “n”,
\n “o”, “p”, “q”, “r”, “s”, “t”, “u”, “v”, “w”, “x”,
\n “y”, “z”, “{“, “|”, “}”
\n ]<\/p>\n

def encodePassword(p):
\n sPass = “:”
\n sTmp = “”<\/p>\n

if p in [”, None]:
\n return ”<\/p>\n

for i in range(len(p)):
\n sPass += ‘%d:’ % (ord(p[i])+i+1)<\/p>\n

return sPass<\/p>\n

def findCharInList(c):
\n global validCharList
\n for i in range(len(validCharList)):
\n if validCharList[i] == c:
\n return i
\n return -1<\/p>\n

def getRandomValidCharFromList():
\n global validCharList
\n lt = time.localtime()
\n s = lt.tm_sec
\n if os.getenv(‘NXPASSWD_NONRANDOM’):
\n s = int(os.getenv(‘NXPASSWD_NONRANDOM’))
\n return validCharList[s]<\/p>\n

def URLEncode(url):
\n url = url.replace(‘&’,’&’)
\n url = url.replace(‘”‘,’"’)
\n url = url.replace(“‘”,’'’)
\n url = url.replace(‘<','<')\n url = url.replace('>‘,’>’)
\n return url<\/p>\n

def scrambleString(s):
\n global validCharList
\n dummyString = “{{{{”
\n sRet = ”<\/p>\n

if s in [”, None]:
\n return ”<\/p>\n

s1 = encodePassword(s)<\/p>\n

if len(s1) < 32:\n sRet += dummyString\n \n sRet += s1[::-1] # reverse string\n \n if len(sRet) < 32:\n sRet += dummyString\n\n ch = getRandomValidCharFromList()\n k = ord(ch) + len(sRet) - 2\n sRet = ch + sRet\n \n for i in range(1,len(sRet)):\n j = findCharInList(sRet[i])\n if j == -1:\n return sRet\n n = (j + k * (i+1)) % len(validCharList)\n sRet = sRet[:i] + validCharList[n] + sRet[i+1:]\n\n sRet += chr((ord(getRandomValidCharFromList())) + 2)\n sRet = URLEncode(sRet)\n return sRet\n\nfor i in range(1,len(sys.argv)):\n p=sys.argv[i]\n print scrambleString(p)\n[\/crayon]\n\n\n

\u00a0UNSCRAMBLING ALGORITHM<\/h1>\n

This algorithm shows how to unscramble the output from the previous script to regenerate the original password.
\n[crayon lang=”python” toolbar=”always” title=”UNSCRAMBLE”]
\n#!\/usr\/bin\/env python
\n# ================================================================
\n# Author : Joe Linoff
\n# Date : 2012-02-04
\n# Version: 1.0
\n#
\n# Unscrambles passwords creating by the NX scrambling algorithm.
\n#
\n# http:\/\/www.nomachine.com\/ar\/view.php?ar_id=AR01C00125
\n#
\n# Usage:
\n# % .\/nxpasswd.py \n#
\n# % .\/nxdecode.py
\n# \n# ================================================================
\nimport sys
\nimport re<\/p>\n

# We know that the first character is always a ‘:’
\n# We can use that to figure out the correct k value.
\nvalidCharList = [
\n “!”, “#”, “$”, “%”, “&”, “(“, “)”, “*”, “+”, “-“,
\n “.”, “0”, “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”,
\n “9”, “:”, “;”, “<\", \">“, “?”, “@”, “A”, “B”, “C”,
\n “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”,
\n “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”,
\n “X”, “Y”, “Z”, “[“, “]”, “_”, “a”, “b”, “c”, “d”,
\n “e”, “f”, “g”, “h”, “i”, “j”, “k”, “l”, “m”, “n”,
\n “o”, “p”, “q”, “r”, “s”, “t”, “u”, “v”, “w”, “x”,
\n “y”, “z”, “{“, “|”, “}”
\n ]<\/p>\n

def findCharInList(c):
\n global validCharList
\n for i in range(len(validCharList)):
\n if validCharList[i] == c:
\n return i
\n return -1<\/p>\n

def findK(ch0,i=5,chf=’:’):
\n global validCharList
\n j = findCharInList(chf)
\n for k in range(0,200):
\n n = (j + k * (i+1)) % len(validCharList)
\n m = validCharList[n]
\n if m == ch0:
\n return k
\n return -1<\/p>\n

def unScramble(scramble):
\n scramble=URLDecode(scramble)<\/p>\n

# Were dummy strings appended\/prepended?
\n # Need 3 tests to check.
\n tests = []
\n scramble=scramble[1:]
\n scramble=scramble[:-1]
\n tests.append([scramble,0])<\/p>\n

scramble=scramble[4:]
\n tests.append([scramble,4])<\/p>\n

scramble=scramble[:-4]
\n tests.append([scramble,4])<\/p>\n

for data in tests:
\n scramble=data[0]
\n i=data[1]
\n k=findK(scramble[0],i+1)<\/p>\n

charset=”
\n for ch in scramble:
\n i += 1
\n n = findCharInList(ch)
\n for j in range(len(validCharList)):
\n zn = (j + k * (i+1)) % len(validCharList)
\n if n == zn:
\n ich = validCharList[j]
\n charset += ich
\n break<\/p>\n

charset = charset[::-1]
\n ordvals = charset.split(‘:’)
\n passwd = ”
\n i=0
\n ok = True
\n for ordval in ordvals:
\n if len(ordval)>0:
\n m = re.search(‘^[0-9]+$’,ordval)
\n if m:
\n j = int(ordval)-i-1
\n passwd += chr(j)
\n i += 1
\n else:
\n ok = False
\n break<\/p>\n

if ok:
\n return passwd<\/p>\n

return None<\/p>\n

def URLDecode(url):
\n url = url.replace(‘&’,’&’)
\n url = url.replace(‘"’,'”‘)
\n url = url.replace(‘'’,”‘”)
\n url = url.replace(‘<‘,’<')\n url = url.replace('>','>‘)
\n return url<\/p>\n

for i in range(1,len(sys.argv)):
\n p=sys.argv[i]
\n print unScramble(p)
\n[\/crayon]<\/p>\n

EXAMPLE RUNS<\/h1>\n

Below I have run both programs to show they work using this test script.<\/p>\n

[crayon lang=”bash” toolbar=”always” title=”TEST SCRIPT”]
\n#!\/bin\/bash
\nps=(
\n ‘a’
\n ‘1’
\n ’12’
\n ‘123’
\n ‘1234’
\n ‘12345’
\n ‘123456’
\n ‘1234567’
\n ‘12345678’
\n ‘123456789’
\n ‘1234567890’
\n ‘1234567890a’
\n ‘11111111111’
\n ‘1234567890ab’ )
\npassed=0
\nfailed=0
\ntotal=0
\nfor p in ${ps[@]} ; do
\n (( total++ ))
\n echo
\n echo “# ================================================”
\n echo “# test : $total”
\n echo “# password : $p”
\n s=$(eval .\/nxpasswd.py “‘$p'” | tail -1)
\n echo “# scrambled : $s”
\n px=$(eval .\/nxdecode.py “‘$s'” | tail -1)
\n echo “# unscrambled: $px”
\n if [[ “$px” != “$p” ]] ; then
\n echo “# status : FAILED”
\n (( failed++ ))
\n else
\n echo “# status : OK”
\n (( passed++ ))
\n fi
\ndone
\necho
\necho “# SUMMARY”
\necho “# Passed : $passed”
\necho “# Failed : $failed”
\necho “# Total : $total”
\n[\/crayon]<\/p>\n

[crayon lang=”bash” toolbar=”always” title=”EXAMPLE RUNS”]
\n# ================================================
\n# test : 1
\n# password : a
\n# scrambled : _Kbv1as.EAUl$a
\n# unscrambled: a
\n# status : OK<\/p>\n

# ================================================
\n# test : 2
\n# password : 1
\n# scrambled : _Kbv1ak)EAUl$a
\n# unscrambled: 1
\n# status : OK<\/p>\n

# ================================================
\n# test : 3
\n# password : 12
\n# scrambled : aUq1K#7Tu)Jkl*Fbc
\n# unscrambled: 12
\n# status : OK<\/p>\n

# ================================================
\n# test : 4
\n# password : 123
\n# scrambled : b_}Bb?VwAVyCV{EJj-Ld
\n# unscrambled: 123
\n# status : OK<\/p>\n

# ================================================
\n# test : 5
\n# password : 1234
\n# scrambled : bf+NqQp6]yBj&Mu2X$.Ps:d
\n# unscrambled: 1234
\n# status : OK<\/p>\n

# ================================================
\n# test : 6
\n# password : 12345
\n# scrambled : cn9a*l5W(KqBc.YxGs4a1>e0Ue
\n# unscrambled: 12345
\n# status : OK<\/p>\n

# ================================================
\n# test : 7
\n# password : 123456
\n# scrambled : ctCm;!CsFn9i3Z0R}QsEt8h;KuDne
\n# unscrambled: 123456
\n# status : OK<\/p>\n

# ================================================
\n# test : 8
\n# password : 1234567
\n# scrambled : d|O}P>d:m5jAm<p?lDl@s>oGkCv0]1_f
\n# unscrambled: 1234567
\n# status : OK<\/p>\n

# ================================================
\n# test : 9
\n# password : 12345678
\n# scrambled : d&X0bP{S.V2h3kEtG}O#Z*]9c;r>tOh>oEf
\n# unscrambled: 12345678
\n# status : OK<\/p>\n

# ================================================
\n# test : 10
\n# password : 123456789
\n# scrambled : !L5xbdG0wXD1lWE}mX@#nQ9%eM;vcO-ve#
\n# unscrambled: 123456789
\n# status : OK<\/p>\n

# ================================================
\n# test : 11
\n# password : 1234567890
\n# scrambled : !R?)qvaH9{hV<)uWH8tgU@&tZF7weT8%sSE6#
\n# unscrambled: 1234567890
\n# status : OK<\/p>\n

# ================================================
\n# test : 12
\n# password : 1234567890a
\n# scrambled : #q[B1&oXL6!qWH:zm_B6&oXL6}qWG:zl_B5&%
\n# unscrambled: 1234567890a
\n# status : OK<\/p>\n

# ================================================
\n# test : 13
\n# password : 11111111111
\n# scrambled : #oPD5{eUA)wbK>$m_F3#gSF*uhK;-l[N1}p%
\n# unscrambled: 11111111111
\n# status : OK<\/p>\n

# ================================================
\n# test : 14
\n# password : 1234567890ab
\n# scrambled : ${eWKH9!spbPI8*}kaVB91tnfUF?-zsaSL7-$jcY&
\n# unscrambled: 1234567890ab
\n# status : OK<\/p>\n

# SUMMARY
\n# Passed : 14
\n# Failed : 0
\n# Total : 14
\n[\/crayon]<\/p>\n

Enjoy!<\/p>\n","protected":false},"excerpt":{"rendered":"

The NX web page entitled “The password scrambling algorithm in NX client” describes their password scrambling algorithm in C++ and perl but it does not describe it in python. Nor does it describe how to unscramble the data. This blog describes how I implemented both algorithms in python. I was surprised that NX didn’t use … Continue reading NX password scrambling and unscrambling algorithms in python 2.7<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[5,7],"tags":[],"_links":{"self":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/156"}],"collection":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=156"}],"version-history":[{"count":20,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/156\/revisions"}],"predecessor-version":[{"id":398,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/156\/revisions\/398"}],"wp:attachment":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}