c7decrypt 0.2.0 → 0.2.1

data/.gitignore

@@ -0,0 +1 @@
+/coverage

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/.travis.yml

@@ -0,0 +1,13 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 1.9.3
+  - 1.9.2
+  - jruby-18mode
+  - jruby-19mode
+  - rbx-18mode
+  - rbx-19mode
+  - ruby-head
+  - jruby-head
+  - 1.8.7
+  - ree

data/CONTRIBUTING.md

@@ -0,0 +1,47 @@
+# Contributing to C7Decrypt 
+
+Thanks for your interest in contributing to C7Decrypt.
+
+If you could follow the following guidelines, you will make it much easier for 
+us to give feedback, help you find whatever problem you have and fix it.
+
+## Issues
+
+If you have questions of any kind, or are unsure of how something works, please
+[create an issue](https://github.com/claudijd/c7decrypt/issues/new).
+
+Please try to answer the following questions in your issue:
+
+- What did you do?
+- What did you expect to happen?
+- What happened instead?
+
+If you have identified a bug, it would be very helpful if you could include a 
+way to replicate the bug.  Ideally a failing test would be perfect, but even a 
+simple script demonstrating the error would suffice.
+
+Feature requests are great and if submitted they will be considered for 
+inclusion, but sending a pull request is much more awesome.
+
+## Pull Requests
+
+If you want your pull requests to be accepted, please follow the following guidelines:
+
+- [**Add tests!**](http://rspec.info/) Your patch won't be accepted (or will be delayed) if it doesn't have tests.
+
+- [**Document any change in behaviour**](http://yardoc.org/) Make sure the README and any other
+  relevant documentation are kept up-to-date.
+
+- [**Create topic branches**](https://github.com/dchelimsky/rspec/wiki/Topic-Branches) Don't ask us to pull from your master branch.
+
+- [**One pull request per feature**](https://help.github.com/articles/using-pull-requests) If you want to do more than one thing, send
+  multiple pull requests.
+
+- [**Send coherent history**](http://stackoverflow.com/questions/6934752/git-combining-multiple-commits-before-pushing) Make sure each individual commit in your pull
+  request is meaningful. If you had to make multiple intermediate commits while
+  developing, please squash them before sending them to us.
+
+- [**Follow coding conventions**](https://github.com/styleguide/ruby) The standard Ruby stuff, two spaces indent,
+  don't omit parens unless you have a good reason.
+
+Thank you so much for contributing!

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gem "rspec"
+gem "rake"
+gem 'simplecov', :require => false, :group => :test
+

data/LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2012, Jonathan Claudius
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Jonathan Claudius nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY JONTHAN CLAUDIUS ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL JONATHAN CLAUDIUS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,114 @@
+![Cisco Logo](https://github.com/claudijd/c7decrypt/blob/master/images/cisco.jpeg?raw=true)
+
+# C7Decrypt
+
+[![Build Status](https://secure.travis-ci.org/claudijd/c7decrypt.png)](http://travis-ci.org/claudijd/c7decrypt)
+[![Dependency Status](https://gemnasium.com/claudijd/c7decrypt.png)](https://gemnasium.com/claudijd/c7decrypt)
+[![Code Climate](https://codeclimate.com/github/claudijd/c7decrypt.png)](https://codeclimate.com/github/claudijd/c7decrypt)
+
+A Ruby-based implementation of a Cisco Type-7 Password Encryptor/Decryptor
+
+## Key Benefits
+
+- **Written in Ruby** - First and only Cisco Type-7 implementation in Ruby that I know of.
+- **Minimal/No Dependancies** - Uses native Ruby to do it's work, no heavy dependancies.
+- **Not Just a Script** - Implementation is portable for use in another project or for automation of tasks.
+- **Simple** - It is a small project so the interfaces are simple and easy to use.
+- **Encrypt & Decrypt** - Supports both encryption (with seed control) and decryption operations.
+
+## Setup
+
+To install, type
+
+```bash
+gem install c7decrypt
+```
+
+To use, just require
+
+```ruby
+require 'c7decrypt'
+```
+
+## Example Usage(s)
+
+Decrypt A Single Encrypted Password
+
+```ruby
+>> C7Decrypt.decrypt("060506324F41")
+=> "cisco"
+```
+
+Decrypt Array of Encrypted Passwords
+
+```ruby
+>> encrypted_hashes = ["060506324F41", "0822455D0A16"]
+=> ["060506324F41", "0822455D0A16"]
+>> C7Decrypt.decrypt_array(encrypted_hashes)
+=> ["cisco", "cisco"]
+```
+
+Decrypt Encrypted Passwords from Config
+
+```ruby
+>> C7Decrypt.decrypt_config("cisco_config.txt")
+=> ["cisco", "Password1", "admin"]
+```
+
+Encrypt A Single Plaintext Password
+
+```ruby
+>> C7Decrypt.encrypt("cisco")
+=> "02050D480809"
+```
+
+Encrypt A Single Plaintext Password w/ Explicit Seed
+
+```ruby
+>> C7Decrypt.encrypt("cisco", 6)
+=> "060506324F41"
+```
+
+Encrypt An Array of Plaintext Passwords
+
+```ruby
+>> passwords = ["cisco", "password"]
+=> ["cisco", "password"]
+>> C7Decrypt.encrypt_array(passwords)
+=> ["02050D480809", "021605481811003348"]
+```
+
+## Rubies Supported
+
+This project is integrated with [travis-ci](http://about.travis-ci.org/) and is regularly tested to work with the following rubies:
+
+* [2.0.0](https://github.com/ruby/ruby/tree/ruby_2_0_0)
+* [1.9.3](https://github.com/ruby/ruby/tree/ruby_1_9_3)
+* [1.9.2](https://github.com/ruby/ruby/tree/ruby_1_9_2)
+* 1.9.1 - Tested outside of Travis-CI
+* [1.8.7](https://github.com/ruby/ruby/tree/ruby_1_8_7)
+* 1.8.6 - Tested outside of Travis-CI
+* [ruby-head](https://github.com/ruby/ruby)
+* [jruby-head](http://jruby.org/)
+* [jruby-19mode](http://jruby.org/)
+* [jruby-18mode](http://jruby.org/)
+* [rbx-19mode](http://rubini.us/)
+* [rbx-18mode](http://rubini.us/)
+* [ree](http://www.rubyenterpriseedition.com/)
+
+To checkout the current build status for these rubies, click [here](https://travis-ci.org/#!/claudijd/c7decrypt).
+
+## Contributing
+
+If you are interested in contributing to this project, please see [CONTRIBUTING.md](https://github.com/claudijd/c7decrypt/blob/master/CONTRIBUTING.md)
+
+## Credits
+
+**Sources of Inspiration for C7Decrypt**
+
+- [**Daren Matthew**](http://mccltd.net/blog/?p=1034) - For his blog post on the subject aggregating tools and sources that perform the decryption/decoding logic.
+- [**m00nie**](http://www.m00nie.com/2011/09/cisco-type-7-password-decryption-and-encryption-with-perl/) - For the blog post on the subject, the source code of type7tool.pl and it's encryption techniques.
+
+**Application(s) that use C7Decrypt**
+
+- [**Marcus J Carey**](https://www.threatagent.com/c7) - For his web application implementation of this on the ThreatAgent website. Check it out and start decrypting Cisco type-7 passwords right now.

data/Rakefile

@@ -0,0 +1,57 @@
+# -*- encoding: utf-8 -*-
+require 'rubygems'
+require 'rake'
+require 'rubygems/package_task'
+require 'rspec'
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+$:.unshift File.join(File.dirname(__FILE__), "lib")
+
+require 'c7decrypt'
+
+task :default => :spec
+
+desc "Run all specs in spec directory"
+RSpec::Core::RakeTask.new(:spec)
+
+def clean_up
+  Dir.glob("*.gem").each { |f| File.unlink(f) }
+  Dir.glob("*.lock").each { |f| File.unlink(f) }  
+end
+
+desc "Build the gem"
+task :build do
+  puts "[+] Building C7Decrypt version #{C7Decrypt::VERSION}"
+  puts `gem build c7decrypt.gemspec`
+end
+
+desc "Publish the gem"
+task :publish do
+  puts "[+] Publishing C7Decrypt version #{C7Decrypt::VERSION}"  
+  Dir.glob("*.gem").each { |f| puts `gem push #{f}`} 
+end
+
+desc "Tag the release"
+task :tag do
+  puts "[+] Tagging C7Decrypt version #{C7Decrypt::VERSION}"  
+  `git tag #{C7Decrypt::VERSION}`
+  `git push --tags`
+end
+
+desc "Bump the Gemspec Version"
+task :bump do
+  puts "[+] Bumping C7Decrypt version #{C7Decrypt::VERSION}"
+  `git commit -a -m "Bumped Gem version to #{C7Decrypt::VERSION}"`
+  `git push origin master`
+end
+
+desc "Perform an end-to-end release of the gem"
+task :release do
+  clean_up() # Clean up before we start
+  Rake::Task[:build].execute
+  Rake::Task[:bump].execute
+  Rake::Task[:tag].execute
+  Rake::Task[:publish].execute
+  clean_up() # Clean up after we complete
+end

data/c7decrypt.gemspec

@@ -0,0 +1,27 @@
+$: << "lib"
+require 'c7decrypt/version'
+
+Gem::Specification.new do |s|
+  s.name = 'c7decrypt'
+  s.version = C7Decrypt::VERSION
+  s.authors = ["Jonathan Claudius"]
+  s.date = Date.today.to_s 
+  s.email = 'claudijd@yahoo.com'
+  s.platform = Gem::Platform::RUBY
+  s.files = Dir.glob("lib/**/*") + 
+            Dir.glob("spec/**/*") + 
+            Dir.glob("examples/**/*") +
+            [".gitignore", 
+             ".rspec",
+             ".travis.yml",
+             "CONTRIBUTING.md",
+             "Gemfile",
+             "LICENSE",
+             "README.md",
+             "Rakefile",
+             "c7decrypt.gemspec"]
+  s.require_paths = ["lib"]
+  s.summary = 'Ruby based Cisco Type 7 Password Decryptor'
+  s.description = 'A library for decoding Cisco Type 7 passwords'  
+  s.homepage = 'http://rubygems.org/gems/c7decrypt'
+end

data/examples/cdecrypt.rb

@@ -0,0 +1,39 @@
+require '../lib/c7decrypt'
+require 'optparse'
+require 'ostruct'
+
+options = OpenStruct.new
+options.string = nil
+options.file = nil
+
+OptionParser.new do |opts|
+  opts.banner = "Usage: cdecrypt.rb [options] [hash/file]"
+
+  opts.on("-s", "--string [HASH]", "A single encrypted hash string") do |v|
+    options.string = v
+  end
+
+  opts.on("-f", "--file [FILE]", "A file containing multiple hashes") do |v|
+    options.file = v
+  end
+
+  opts.on_tail("-h", "--help", "Show this message") do
+    puts ""
+    puts opts
+    puts ""
+    puts "Example: ruby cdecrypt.rb -s 04480E051A33490E"
+    puts "Example: ruby cdecrypt.rb -f ../spec/example_configs/simple_canned_example.txt"
+    puts ""
+    exit
+  end
+end.parse!
+
+if options.string
+  puts C7Decrypt.decrypt(options.string)  
+end
+
+if options.file &&
+   File.exists?(options.file)
+
+  C7Decrypt.decrypt_config(options.file).each {|pw| puts pw }
+end

data/lib/c7decrypt/c7decrypt.rb

@@ -0,0 +1,192 @@
+module C7Decrypt
+  module Constants
+    # Vigenere translation table (these are our key values for decryption)
+    VT_TABLE = [
+      0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e,
+      0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44,
+      0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39,
+      0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33,
+      0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37
+    ]
+
+    # Regexes for extracting hashes from configs
+    TYPE_7_REGEXES = [
+      /enable password 7 ([A-Z0-9]+)/,
+      /username [A-Z0-9]+ password 7 ([A-Z0-9]+)/,
+      /password 7 ([A-Z0-9]+)/
+    ]
+  end
+
+  class InvalidFirstCharacter < StandardError
+  end
+
+  class InvalidCharacter < StandardError
+  end
+
+  class OddNumberOfCharacters < StandardError
+  end
+
+  class InvalidEncryptionSeed < StandardError
+  end
+
+  # The Decryption Method for Cisco Type-7 Encrypted Strings
+  # @param [String] the Cisco Type-7 Encrypted String
+  # @raise [InvalidFirstCharacter, 
+  #         InvalidCharacter, 
+  #         OddNumberOfCharacters]
+  # @return [String] the Decrypted String
+  def self.decrypt(e_text)
+    check_type_7_errors(e_text)
+
+    d_text = ""
+    seed = nil
+
+    e_text.scan(/../).each_with_index do |char,i|
+      if i == 0
+        seed = char.to_i - 1
+      else
+        d_text += decrypt_char(char, i, seed)
+      end
+    end
+
+    return d_text
+  end
+
+  # The Encryption Method for Cisco Type-7 Encrypted Strings
+  # @param [String] the plaintext password
+  # @param [String] the seed for the encryption used
+  # @raise [InvalidEncryptionSeed,
+  #         InvalidFirstCharacter, 
+  #         InvalidCharacter, 
+  #         OddNumberOfCharacters]
+  # @return [String] the encrypted password
+  def self.encrypt(d_text, seed = 2)
+    check_seed(seed)
+  
+    e_text = sprintf("%02d", seed)
+
+    d_text.each_char.each_with_index do |d_char,i|
+      e_text += encrypt_char(d_char, i, seed)
+    end
+
+    check_type_7_errors(e_text)
+
+    return e_text
+  end
+
+  # The method for encrypting a single character
+  # @param [String] the plain text char
+  # @param [FixNum] the index of the char in plaintext string
+  # @param [FixNum] the seed used in the encryption process
+  # @return [String] the string of the encrypted char
+  def self.encrypt_char(char, i, seed)
+    sprintf("%02X", char.unpack('C')[0] ^ Constants::VT_TABLE[(i + seed) % 53])
+  end
+
+  # The method for decrypting a single character
+  # @param [String] the encrypted char
+  # @param [Integer] the index of the char pair in encrypted string
+  # @param [Integer] the seed used in the decryption process
+  # @return [String] the string of the decrypted char
+  def self.decrypt_char(char, i, seed)
+    (char.hex^Constants::VT_TABLE[(i + seed) % 53]).chr
+  end
+
+  # A helper method to decrypt an arracy of Cisco Type-7 Encrypted Strings
+  # @param [Array>String] an array of Cisco Type-7 Encrypted Strings
+  # @raise [InvalidFirstCharacter, 
+  #         InvalidCharacter, 
+  #         OddNumberOfCharacters]
+  # @return [Array>String] an array of Decrypted Strings
+  def self.decrypt_array(pw_array)
+    pw_array.collect {|pw| decrypt(pw)}
+  end
+
+  # A helper method to encrypt an arracy of passwords
+  # @param [Array>String] an array of plain-text passwords
+  # @raise [InvalidEncryptionSeed,
+  #         InvalidFirstCharacter, 
+  #         InvalidCharacter, 
+  #         OddNumberOfCharacters]
+  # @return [Array>String] an array of encrypted passwords
+  def self.encrypt_array(pt_array, seed = 2)
+    pt_array.collect {|pw| encrypt(pw, seed)}
+  end
+
+  # This method scans a raw config file for type 7 passwords and 
+  #   decrypts them
+  # @param [String] a string of the config file path that contains
+  #   Cisco Type-7 Encrypted Strings
+  # @raise [InvalidFirstCharacter, 
+  #         InvalidCharacter, 
+  #         OddNumberOfCharacters]
+  # @return [Array>String] an array of Decrypted Strings
+  def self.decrypt_config(file)
+    f = File.open(file, 'r').to_a
+    decrypt_array(f.collect {|line| type_7_matches(line)}.flatten)
+  end
+
+  # This method scans a config line for encrypted type-7 passwords and
+  #   returns an array of results
+  # @param [String] a line with potential encrypted type-7 passwords
+  # @return [Array>String] an array of Cisco type-7 encrypted Strings
+  def self.type_7_matches(string)
+    Constants::TYPE_7_REGEXES.collect {|regex| string.scan(regex)}.flatten.uniq
+  end
+
+  # This method determines if an encrypted hash is corrupted/invalid 
+  #   and throw a specific exeception
+  # @param [String] the Cisco Type-7 Encrypted String
+  # @raise [InvalidFirstCharacter, InvalidCharacter, OddNumberOfCharacters]
+  # @return [Nil]
+  def self.check_type_7_errors(e_text)
+    
+    valid_first_chars = (0..15).to_a.collect {|c| sprintf("%02d", c)}
+    first_char = e_text[0,2]
+
+    # Check for an invalid first character in the has
+    unless valid_first_chars.include? first_char
+      raise InvalidFirstCharacter, 
+        "'#{e_text}' hash contains an invalid first chracter (only '00' - '15' allowed)"
+    end
+
+    # Check for an invalid character in the hash
+    unless e_text.match(/^[A-Z0-9]+$/)
+      raise InvalidCharacter,
+        "'#{e_text}' hash contains an invalid character (only upper-alpha numeric allowed)"
+    end
+
+    # Check for an odd number of characters in the hash
+    unless e_text.size % 2 == 0
+      raise OddNumberOfCharacters,
+        "'#{e_text}' hash contains odd length of chars (only even number of chars allowed)"     
+    end
+
+    return nil
+
+  end
+
+  # This method determines if an encryption seed is valid or not
+  #   and throw a specific exeception
+  # @param [FixNum] the seed used in the encryption process
+  # @raise [InvalidEncryptionSeed] 
+  # @return [Nil]
+  def self.check_seed(seed)
+    if seed < 0 ||
+       seed > 15
+      
+      raise InvalidEncryptionSeed,
+        "'#{seed.to_s}' seed is not a valid seed (only 0 - 15 allowed)"
+    end
+
+    return nil
+  end
+
+  #Definition of short-hand methods for the lazy
+  #alias :d :decrypt
+  #alias :e :encrypt
+  #alias :d_a :decrypt_array
+  #alias :e_a :encrypt_array
+  #alias :d_c :decrypt_config
+
+end

data/lib/c7decrypt/version.rb

@@ -0,0 +1,3 @@
+module C7Decrypt
+  VERSION = '0.2.1'
+end

data/spec/c7decrypt_spec.rb

@@ -0,0 +1,233 @@
+require 'spec_helper'
+require 'c7decrypt'
+
+describe C7Decrypt do
+
+  before(:each) do
+    @known_values = [
+      {:pt => "cisco", :seed => 2, :ph => "02050D480809"},
+      {:pt => "cisco", :seed => 3, :ph => "030752180500"},
+      {:pt => "cisco", :seed => 4, :ph => "045802150C2E"},
+      {:pt => "cisco", :seed => 5, :ph => "05080F1C2243"}, 
+      {:pt => "cisco", :seed => 6, :ph => "060506324F41"},
+      {:pt => "cisco", :seed => 7, :ph => "070C285F4D06"},
+      {:pt => "cisco", :seed => 8, :ph => "0822455D0A16"},         
+      {:pt => "cisco", :seed => 9, :ph => "094F471A1A0A"},
+      {:pt => "password", :seed => 9, :ph => "095C4F1A0A1218000F"},
+      {:pt => "password", :seed => 4, :ph => "044B0A151C36435C0D"}
+    ]
+  end
+
+  context "when decrypting single Cisco Type-7 hash using longhand" do 
+    before(:each) do
+      @encrypted_hash = "060506324F41"
+      @decrypted_hash = C7Decrypt.decrypt(@encrypted_hash)
+    end
+  
+    subject{@decrypted_hash}
+    its(:class) {should == ::String}
+    it {should == "cisco"}
+  end
+
+  context "when decrypting an array of Cisco Type-7 hashes" do 
+    before(:each) do
+      @encrypted_hashes = [
+        "060506324F41",
+        "0822455D0A16"
+      ]
+      @decrypted_hashes = C7Decrypt.decrypt_array(@encrypted_hashes)
+    end
+  
+    subject{@decrypted_hashes}
+    its(:class) {should == ::Array}
+    its(:first) {should == "cisco"}
+    its(:last) {should == "cisco"}
+    its(:size) {should == 2}
+  end
+
+  context "when decrypting Cisco Type-7 hashes from a config" do 
+    before(:each) do
+      @config_file = "./spec/example_configs/simple_canned_example.txt"
+      @decrypted_hashes = C7Decrypt.decrypt_config(@config_file)
+    end
+  
+    subject{@decrypted_hashes}
+    its(:class) {should == ::Array}
+    its(:size) {should == 5}
+    it {should == [
+      "cisco",
+      "cisco",
+      "cisco",
+      "cisco",
+      "cisco"
+    ]}
+  end
+
+  context "when decrypting known Cisco Type-7 known value matches" do 
+    before(:each) do
+      @decrypted_hashes = C7Decrypt.decrypt_array(
+                            @known_values.map {|known_value| known_value[:ph]}
+                          )
+    end
+
+    subject{@decrypted_hashes}
+    its(:class) {should == ::Array}
+    its(:size) {should == @known_values.size}
+    it {should == @known_values.map {|known_value| known_value[:pt]}}
+  end
+
+  context "when decrypting Cisco Type-7 with a seed greater than 9" do 
+    before(:each) do
+      @decrypt_hash = C7Decrypt.decrypt("15000E010723382727")
+    end
+
+    subject{@decrypt_hash}
+    its(:class) {should == ::String}
+    it {should == "remcisco"}
+  end
+
+  context "when matchings known Cisco Type-7 known config line matches" do 
+    before(:each) do
+      @encrypted_hashes = []
+      @known_config_lines = {
+        "username test password 7 0822455D0A16" => "0822455D0A16",
+        "enable password 7 060506324F41" => "060506324F41",
+        "password 7 02050D480809" => "02050D480809"
+      }
+
+      @known_config_lines.keys.each do |k,v|
+        @encrypted_hashes << C7Decrypt.type_7_matches(k)
+      end
+      @encrypted_hashes.flatten!
+    end
+
+    subject{@encrypted_hashes}
+    its(:class) {should == ::Array}
+    its(:size) {should == @known_config_lines.size}
+    it {should == @known_config_lines.values}
+  end
+
+  context "when encrypting single Cisco Type-7 hash" do 
+    before(:each) do
+      @plaintext_hash = "cisco"
+      @encrypted_hash = C7Decrypt.encrypt(@plaintext_hash)
+    end
+
+    subject{@encrypted_hash}
+    its(:class) {should == ::String}
+    it {should == "02050D480809"}
+  end
+
+  context "when encrypting single Cisco Type-7 hash with an alternate seed value" do 
+    before(:each) do
+      @plaintext_hash = "cisco"
+      @seed = 3
+      @encrypted_hash = C7Decrypt.encrypt(@plaintext_hash, @seed)
+    end
+
+    subject{@encrypted_hash}
+    its(:class) {should == ::String}
+    it {should == "030752180500"}
+
+    it "should decrypt back to the original plaintext hash" do
+      C7Decrypt.decrypt(@encrypted_hash).should == @plaintext_hash
+    end
+  end
+
+  context "when encrypting multiple plaintext passwords with alternate seed values" do 
+    before(:each) do
+      @plaintext_hash = "cisco"
+      @seeds = 0..15
+      @encrypted_hashes = @seeds.map {|seed| C7Decrypt.encrypt(@plaintext_hash, seed)}
+    end
+
+    subject{@encrypted_hashes}
+    its(:class) {should == ::Array}
+
+    it "should decrypt back to the original plaintext hashes" do
+      @encrypted_hashes.each do |encrypted_hash|
+        C7Decrypt.decrypt(encrypted_hash).should == @plaintext_hash
+      end
+    end
+  end
+
+  context "when encrypting known value matches individually" do 
+    before(:each) do
+      @encrypted_hashes = []
+      @known_values.each do |known_value|
+        @encrypted_hashes << C7Decrypt.encrypt(known_value[:pt], known_value[:seed])
+      end
+    end
+
+    subject{@encrypted_hashes}
+    its(:class) {should == ::Array}
+    its(:size) {should == @known_values.size}
+    it {should == @known_values.map {|known_value| known_value[:ph]}}
+  end
+
+  context "when encrypting known value matches individually as an array" do 
+    before(:each) do
+      @plaintext_passwords = @known_values.map {|known_value| known_value[:pt]}.uniq
+      @encrypted_passwords = C7Decrypt.encrypt_array(@plaintext_passwords)
+    end
+
+    subject{@encrypted_passwords}
+    its(:class) {should == ::Array}
+    its(:size) {should == @plaintext_passwords.size}
+    it {should == @plaintext_passwords.map {|plaintext_password| C7Decrypt.encrypt(plaintext_password)}}
+  end
+
+  context "when encrypting Cisco Type-7" do 
+    before(:each) do
+      @plaintext_hash = "remcisco"
+      @encrypted_hash = C7Decrypt.encrypt(@plaintext_hash)
+    end
+
+    subject{@encrypted_hash}
+    its(:class) {should == ::String}
+    it {should == "02140156080F1C2243"}
+  end
+
+  context "when encrypting Cisco Type-7 with a seed of 15" do 
+    before(:each) do
+      @plaintext_hash = "remcisco"
+      @seed = 15
+      @encrypted_hash = C7Decrypt.encrypt(@plaintext_hash, @seed)
+    end
+
+    subject{@encrypted_hash}
+    its(:class) {should == ::String}
+    it {should == "15000E010723382727"}
+  end
+
+  context "when trying to decrypt a hash with an invalid first character" do
+    it "should raise an InvalidFirstCharacter Exception" do
+      expect { C7Decrypt.decrypt("AA000E010723382727") }.to raise_error(C7Decrypt::InvalidFirstCharacter)
+    end
+  end
+
+  context "when trying to decrypt a hash with an invalid character" do
+    it "should raise an InvalidFirstCharacter Exception" do
+      expect { C7Decrypt.decrypt("06000**E010723382727") }.to raise_error(C7Decrypt::InvalidCharacter)
+    end
+  end
+  
+  context "when trying to decrypt a hash with an odd number of characters" do
+    it "should raise an InvalidFirstCharacter Exception" do
+      expect { C7Decrypt.decrypt("06000E01723382727") }.to raise_error(C7Decrypt::OddNumberOfCharacters)
+    end
+  end
+
+  context "when trying to encrypt a hash with an invalid high encryption seed" do
+    it "should raise an InvalidFirstCharacter Exception" do
+      expect { C7Decrypt.encrypt("bananas", 16) }.to raise_error(C7Decrypt::InvalidEncryptionSeed)
+    end
+  end
+
+  context "when trying to encrypt a hash with an invalid low encryption seed" do
+    it "should raise an InvalidFirstCharacter Exception" do
+      expect { C7Decrypt.encrypt("bananas", -1) }.to raise_error(C7Decrypt::InvalidEncryptionSeed)
+    end
+  end
+
+end

data/spec/example_configs/bad_canned_example.txt

@@ -0,0 +1,13 @@
+# Removed "7"
+username password 0822455D0A16
+# Removed password
+    username password 7
+# changed password to pword         
+enable pword 7 060506324F41
+# changed hash to something weird, but still expect this to "hit"
+        enable password 7 abc123
+R3(config)#do show run | sec vty
+line vty 0 4
+# again changed hash to something weird, expect this to "hit" but it doesn't ... 
+password 7 /etc/passwd
+login

data/spec/example_configs/simple_canned_example.txt

@@ -0,0 +1,8 @@
+username test password 7 0822455D0A16
+    username test password 7 0822455D0A16        
+enable password 7 060506324F41
+        enable password 7 060506324F41
+R3(config)#do show run | sec vty
+line vty 0 4
+password 7 02050D480809
+login

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+begin
+  require 'simplecov'
+  SimpleCov.start
+rescue LoadError
+  warn "Couldn't load simplecov, so coverage reports will be generated"
+  warn "Run 'gem install simplecov' to get coverage reports"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: c7decrypt
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-05 00:00:00.000000000 Z
+date: 2013-05-28 00:00:00.000000000 Z
 dependencies: []
 description: A library for decoding Cisco Type 7 passwords
 email: claudijd@yahoo.com
@@ -17,7 +17,24 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/c7decrypt/c7decrypt.rb
+- lib/c7decrypt/version.rb
 - lib/c7decrypt.rb
+- spec/c7decrypt_spec.rb
+- spec/example_configs/bad_canned_example.txt
+- spec/example_configs/empty_example.txt
+- spec/example_configs/simple_canned_example.txt
+- spec/spec_helper.rb
+- examples/cdecrypt.rb
+- .gitignore
+- .rspec
+- .travis.yml
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- c7decrypt.gemspec
 homepage: http://rubygems.org/gems/c7decrypt
 licenses: []
 post_install_message: 
@@ -30,9 +47,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 4090891342571299322
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -41,7 +55,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Ruby based Cisco Type 7 Password Decryptor