11/12/10

password recovery from stash file

----------------unstash.pl begin ------------------------
use strict;

die "Usage: $0 <stash file>\n" if $#ARGV != 0;

my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";

my $stash;
read F,$stash,1024;

my @unstash=map { $_^0xf5 } unpack("C*",$stash);

foreach my $c (@unstash) {
    last if $c eq 0;
    printf "%c",$c;
}
printf "\n";
---------------------unstash.pl end-----------------

perl unstash.pl key.sth
where key.sth is the stash file

8 comments:

dodger said...

Thanks!!
Very useful for me!

jzomer said...

I explained it and created a Java version of this (Java is always available. Perl not)

http://strelitzia.net/wp/blog/2009/03/08/unstash-in-java/

Arjun Kalyan said...

Thanks !!!!

Superb. Its working for me.....

Jeevan said...

Thanks, it works fine.. Do we have a way to re-create a stash file through script instead of ikeyman ?

FranklySpeaking said...

Yes, you can create a stsh file using command line. I believe it's gskcapicmd.

Didier Arenzana said...

Thanks, neat!

I have made a one-liner version, if you can't (pr don't want to) create the unstash.pl file :

perl -C0 -n0xF5 -e 'print $_^"\xF5"x length."\n";exit' < key.sth

Mike Lothian said...

Have you had a look at the new V2 Stash file format? Is it just as easy to decode?

Unknown said...

I am unable to decrypt the stash file using the perl script. The script executes perfectly fine, but the output is jumbled characters. The syntax is perl unstash.pl filename.sth
Output is something like this: Ω«3Σ╙~ ââ Æ -▒⌐$ªφF[3 âvÉñ}ì⌐ g4╙ä┬╘qì■,>tPí|ëâ±uºÖ o▓Θ*E≤bαæ₧╬q╓u w~ =ÜyÉ5╓WSRjà6╫`'N╦ªFΘ·▓Ö^ODó%7·┴gπg╒ƒΘ:┘â^Θ┬ÿX╠"─<¥ó─ i [m {~╙±k ½y ╞_$╢ºêѲA║½v>ivç┐i╜▐7┌Wêvv╝ 5fo¼åg▌┐7ZOu`[N%b├» tä┤Θ÷