Decrypting a Dreamweaver site definition password
Posted on April 18th, 2007 in Code, PHP |
I don’t use Dreamweaver, but everyone I work with does. It so happens that whenever I need server connection information, they send it to me in the form of a Dreamweaver site definition (.ste). Naturally, this isn’t terribly useful for someone like me who connects via SSH or SCP most of the time. In the end, I have to waste time asking around to see if anyone actually remembers the password.
So today I finally took a few minutes out of my day and wrote a simple PHP class to parse site definitions. It reads the bare essentials of the connection information and decrypts the password. Because Dreamweaver site definitions are just XML files, if (for some bizarre reason) someone wanted to extend this, it wouldn’t be hard at all.
/**
* A Dreamweaver site definition (.ste) reader.
*/
class SteReader
{
/** @var SimpleXMLElement SimpleXML object */
protected $_xml = null;
/**
* Constructor.
*
* Parses a site definition file into its SimpleXML equivalent.
*
* @param string $file Fully-qualified file path
*/
public function __construct($file)
{
if (!is_file($file)) {
throw new Exception('File does not exist');
}
$contents = file($file);
foreach ($contents as $i => $line) {
// This element is unnecessary, and often contains duplicate
// attributes that prevent the file from loading correctly
if (substr($line, 0, 14) == '<appserverinfo') {
unset($contents[$i]);
}
}
$contents = implode('', $contents);
try {
$xml = new SimpleXMLElement($contents, LIBXML_NOWARNING | LIBXML_NOERROR);
} catch (Exception $e) {
throw new Exception("File is not a valid Dreamweaver site definition");
}
$this->_xml = $xml;
}
/**
* @return string Site name
*/
public function getSiteName()
{
return (string) $this->_xml->localinfo['sitename'];
}
/**
* @return string Host address
*/
public function getHost()
{
return (string) $this->_xml->remoteinfo['host'];
}
/**
* @return string Remote root directory
*/
public function getRemoteRoot()
{
return (string) $this->_xml->remoteinfo['remoteroot'];
}
/**
* @return string Username
*/
public function getUsername()
{
return (string) $this->_xml->remoteinfo['user'];
}
/**
* @return string Password
*/
public function getPassword()
{
if (!isset($this->_xml->remoteinfo['pw'])) {
return false;
}
$encoded = (string) $this->_xml->remoteinfo['pw'];
$literals = explode(' ', wordwrap($encoded, 2, ' ', 2));
$password = '';
for ($i = 0; $i < count($literals); $i++) {
$password .= chr(hexdec($literals[$i]) - $i);
}
return $password;
}
}
Thanks to Bart Grantham for his Dreamweaver site definition password decryption algorithm!
5 Responses
I know exactly what your talking about
I made a quick transaltion to AutoIt which runs on any windows machine (or wine) without having php installed:
Dim $sPw, $sOut Const $sProgName = "DreamsPW 0.1" $sPw = InputBox($sProgName,"Dreamweaver's 'encrypted' Password") If @error Then Exit -1 $vPw = Binary("0x" & $sPw) For $i = 1 To BinaryLen($vPw) $sOut &= Chr(Dec(Hex(BinaryMid($vPw,$i,1)))-($i-1)) Next If 6 = MsgBox(4,$sProgName,"Password: " & $sOut & @CRLF & "Copy to Clipboard?") Then ClipPut($sOut)or download (source+binary) from here:
http://www.mediafire.com/?dmloni1moy5
This should go more into detail about how to use this.
Hi John,
This is only a library class, so you would have to write a simple PHP script to use it. Ideally this would be an HTML form, but here’s a quick and dirty example to give you an idea:
< ?php $ste = new SteReader('/path/to/my_site.ste'); print 'Username: ' . $ste->getUsername() . "\n"; print 'Password: ' . $ste->getPassword() . "\n";Thanks this was super helpful as I could not for the life of me remember a password that was saved in a .ste file!!!
A client sent me a site definition file and after plugging the ‘password’ into my ftp client a couple times and not being able to log in I looked at it and thought ‘hmmm, that looks like a hex hash, not an actual password’. I just ran the AutoIt exe and blam, access. Mad props to BG and picasso, I owe you guys a beer.