readme_en.txt

使用方法：用文本方式打开FlashFXP文件夹下的Sites.dat文件你会发现许多如下字段: [ftp://www.2ky.cn] Created=37525.5835161227

FlashFXP Password Decrypter 0.1
===============================

tested on FlashFXP 1.2 (build 475 beta)

get a SITE.DAT file and open it with any texteditor, and there you'll
find stuff like this:

[kz]
IP=ipip
User=klefz
Pass=034D3F4342097B
Port=21
Options=3003333000

so just copy 034D3F4342097B and paste it into the program and
press decrypt, p00f you'll get the decrypted password =]

The encryption routine
======================

magic buffer:

79 41 33 36 7A 41 34 38-64 45 68 66 72 76 67 68  yA36zA48dEhfrvgh
47 52 67 35 37 68 35 55-6C 44 76 33 00 00 00 00  GRg57h5UlDv3

example

[kz]
IP=ipip
User=klefz
Pass=034D3F4342097B <- encrypted pass
Port=21
Options=3003333000

Pass=034D3F4342097B <- encrypted pass
     ^^ = first magic number
      
Pass=034D3F4342097B <- encrypted pass
       ^^ = first encrypted char in pass
       
Pass=034D3F4342097B <- encrypted pass
         ^^ = second encrypted pass
         
etc

the calculations is simple.. first char in pass is calculated like this:

0x4D XOR 0x79 (first char in magic buffer) = 0x34
0x34-0x03 (magic number) = 0x31 (1)
that's the first char in our password

0x3F XOR 0x41 (second char in magic buffer) = 0x7E
0x73-0x4D (first encrypted char) = 0x31 (1)
second char of the pass

0x43 XOR 0x33 (third char in magic buffer, think you get it now ;) = 0x70
0x70-0x3F (second encrypted char) = 0x31 (1)

0x42 XOR 0x36 = 0x74
0x74-0x43=0x31 (1)
       
0x09 XOR 0x7A = 0x73
0x73-0x42=0x31 (1)

0x7B XOR 0x41 = 0x3A
0x3A-0x09=0x31 (1)

so the password is 111111 ... not that hard ;)

NOTE if password is longer than 28 the pointer to the magic buffer=1 again

and if a char is > 0xFF then do like this:

0x5B XOR 0x41 = 0x1A
0x1A-0xE8 = 0xFFFFFF32 (all wrong here :)
0xFFFFFF32-0xFFFFFF01 = 0x31 (1) right answer ;)

--
Klefz - klefz@cryogen.com - http://poppis.org/~klefz/