I’d been asked a few times recently for the code that generates the ICHDEX01 RACF masking exit. If you recall, this was the pre-DES (and long pre-KDFAES) algorithm that RACF used to store its passwords. (If you want more detail about this as the other algorithms, see my presentation from SHARE 2016)
The algorithm, through a series of shifts and XORs transforms the user’s 8 character password into the masked equivalent. Quick users will see that the algorithm does little to actually protect the passwords from reverse engineering as there is a 1:1 relationship with the input (plaintext) character in position X to its corresponding output masked character in the same position X.
For example, given algorithm mask(), the following examples hold true:
So all we need do is encode via the algorithm each character until we have positions in the new mask matching the given mask.
The github repo below has both the encoder (ichdex01.py) and brute-forcer (masking_bf.py)