With Ethereal you can capture all the packets that go through your network adapters, including for example the first packet in a new session with SQL Server. The stream isn’t encrypted by default, but the password is obfuscated. The password is in UTF-8, each byte has it’s high order nibble (4 bits) and low order nibble swapped and then is bitwise XOR’d with A5. So of course to deobfuscate you just need to XOR with A5 and then swap the nibbles. There is no particular reason that i know this.
November 3, 2006