WPcrak Password Retrieval Software Version 3.1 (8-04-94) Version 3.1 is Only $99 (The price of version 3.1 has been increased from earlier versions due to the very great demand for this powerful program.) 1 Copyright Notice: (C) Copyright by John E. Kuslich 1993,1994 All Rights Reserved This is copyrighted software. You may not make or distribute copies of this software or any part of this software (including but not limited to electronic copies) except as noted in the following license agreement: License Agreement: No copies of the registered version of WPcrak may be made except for archival purposes. Only one person may use one copy of WPcrak on one computer at any time. Network operation where several users could operate a single registered copy of WPcrak at the same time is prohibited unless a network licence has been purchased. We do not guarantee that WPcrak will find all passwords for all files. For example, if a file gets corrupted so that the printer and font setup data is bogus, WPcrak may fail to find the password. This is unlikely, however unless the corruption extends over many bytes. If you find a file which is not successfully cracked by WPcrak, send it to us with a properly constructed reference file and we will reward you by providing a free update to WPcrak as well as a copy of our one time pad unbreakable file encryption software as soon as it becomes available. Do not send valuable data!!!! We will not be responsible for the unauthorized disclosure of whatever you send us!!! 2 Liability: The author assumes no liability whatsoever no matter what happens under any conceivable circumstance no matter what period. If you don't like this condition, don't use the software. The author accepts no liability for incidental or consequential damages resulting from the use of WPcrak. 2 Registration: Your purchase of WPcrak software registers the software. This software must be used in strict accordance with the license agreement. 3 Program Capabilities: a) Word Perfect (TM) Password protection: -------------------------------------------------- The Word Perfect (TM) program has an option allowing password protection for files. This password protection supposedly disallows reading or alteration (through the Word Perfect (TM) program) of files by anyone not in possession of the "password" used to protect the file. This protection happens to be very weak and is easily broken. It relies on an encryption technique which can be successfully attacked, especially if one is in possession of a "non-password-protected" file of arbitrary contents. Certain information associated with printer and base font is known or can be known by simply creating a Word Perfect (TM) file and setting up for the particular printer and base font. This information, together with knowledge of the encryption algorithm, (which is easily discovered by examining a known file encrypted with a given password) is used by the WPcrak program to discover the password used to "protect " the file. WPcrak quickly and easily discovers the password used to protect Word Perfect (TM) files. b) Legitimate Uses ---------------------------- Nobody likes the idea of snooping on private information belonging to others, but there are a number of legitimate uses for a program such as WPcrak. These uses justify having a copy and using it to overcome password difficulties. 1) Bad Memory (yours) --- Say you have a lot of private files that you have been password protecting and, as time goes by, you forget what passwords you used to protect certain data. Without WPcrak your out of luck! Chances are, if you have gone to all the trouble of protecting unauthorized access to files, the data they contain is extremely valuable to you. Before WPcrak you were lost! With WPcrak , you can easily recover any of those files! (Perhaps someone else can also and you should be considering a stronger encryption algorithm for you private files) 2) Malicious Behavior (theirs) --- One of your trusted and key employees decides life in the Bahamas (at your expense) would be a good idea. He/she password protects some really important business data and attempts to extort money or a promotion in exchange for your business data. Now you have a choice of going out of business or writing some checks. With WPcrak, you call the cops, document the extortion attempt, and recover you data. WPcrak puts you in control. 3) Shark Attack --- You are a lawyer and through discovery proceedings in a lawsuit, the judge grants you access to data files relevant to your case. These files are in the possession of your opponent. Your worthy opponent dutifully gives you the required data except that, all of a sudden, his/her memory goes blanker than Ronald Regan's brain on Halcion. He/she cannot remember a single solitary character of the passwords used to protect the data. You are out of luck unless you have WPcrak! 4) Cops and Robbers --- You are a law enforcement officer investigating some evil doings by your local politician. You subpoena his computer and files, but to your chagrin, they are password protected! You are out of luck unless you have WPcrak! With WPcrak, you look at the files which lead you to information your target has no idea you know about. You are a hero and the bad guy goes to the slammer. 5) Illigitimus Non Carborundum* --- You suspect your teenage daughter of illicit activity with Andrew Dice Clay and she writes password protected letters to him all the time. Or your 10 year old son is writing password protected letters to Michael Jackson. What does a good parent do? I'll tell you what a good parent does. He/she gets a copy of WPcrak and does some snooping. Hopefully you don't discover that the little tyke is running a drug ring on the side! 6) Adios WordPerfect --- You or your company decides to change from WordPerfect ot a competing software product. You find that a lot of the old files are password protected and you want to convert them to the new format. WPcrak will allow quick and easy access to protected files so they can be saved and used in the new format. 7) Paradise Lost --- You suspect your wife of cheating and writing password protected love letters to Joe Wifestealer. What do you do? I'll tell you what you do. You dump the gal and get a life. (Forget WPcrak!) 4 Program Usage Instructions WPcrak RUNS ONLY UNDER MICROSOFT WINDOWS!!! IF YOU DO NOT HAVE WINDOWS INSTALLED ON YOUR COMPUTER YOU CANNOT RUN WPcrak! A dos version is available: Send your order (with check or money order) for $99 to: CRAK 2901 E Greenway Pkwy P.O. Box 31844 Phoenix, AZ. 85022-1844 Make check payable to "CRAK." Or call 1 800 484 9628 x 7584 (Orders only Please), On Compuserve Contact John E. Kuslich 72510,3115 On Internet e-mail johnk@indirect.com. Or FAX 1 602 548 1993. a) Installation (distribution disk) -------------------------- 1) Insert the distribution disk into the appropriate a: or b: drive. 3) Run Windows and select RUN under the FILE menu. 4) Type a:\setup or b:\setup as appropriate. The setup program will then use the standard Windows tools and install WPcrak in its own program group. If you would rather install WPcrak in some other group, just drag the Icon to that group, drop it and delete the WPcrak program group. 5) You may then delete all the *.xx_ files (compressed files) from the working directory. Don't delete any other files or when you click on the WPcrak Icon, you will get nada. b) Installation (Zipped File version) Unzip the downloaded file to a directory called wpcrak. Copy vbrun300.dll to the \windows\system directory of your hard drive. Select File\Run from the program manager command bar. Type c:\wpcrak.exe. You may select add an icon to any program group for wpcrak by following standard Windows procedures. c) Using WPcrak -------------------------- VERSION 3.1 OF WPcrak HAS A SECURITY FEATURE TO PREVENT UNAUTHORIZED ACCES TO WPcrak. THE PROGRAM WILL NOT FUNCTION UNLESS THE PROPER SECURITY CODE IS ENTERED ON START-UP. THIS FEATURE PROTECTS YOUR WORDPERFECT (TM) FILES FROM UNAUTHORIZED ACCESS. IF YOU LOOSE YOUR SECURITY CODE, WE WILL SUPPLY A NEW COPY OF WPcrak WITH ANOTHER SECURITY CODE (EACH COPY OF WPcrak HAS A UNIQUE SECURITY CODE) FOR THE FULL PRICE OF THE SOFTWARE. THIS IS FOR YOUR PROTECTION AS WELL AS WELL AS FOR OUR PROFIT. We recommend that the distribution disk for WPcrak be stored in a safety deposit box, with a written copy of the security code. Do not allow unauthorized access to WPcrak. 1) Starting Up --- Double click on the program Icon and wait a few seconds for the program to load. Type in the security code and A form will appear requesting the security code. As soon as you type in the code, the form will dissolve and the program will start. A dialog box will appear telling you to select the "FILE' item from the menu bar in the upper left hand corner of the WPcrak window. If this detailed level of direction is bothersome, just select Suppress_Help_Messages from the FILE menu. This message will mercifully cease to exist. The flashing red arrow will continue to suggest file selection as appropriate however. These program operational features were added after the WPcrak program was subjected to the "Dumb User Test". We pride ourselves at having some of the "Dumbest Users" available. These users complained that the next operation was not obvious to the casual observer without this prompt. 2) Loading Files --- Remember...when you want to crack open a password protected file, you must have first loaded a different non-password protected file according to the menu selections. If you get mixed up and load the wrong file first just choose the 'NEW' or 'CLOSE' selections from the file menu and start over. The menu will only allow one type of file to be loaded at one time so just do what you are told! 3) Non-Protected file --- The non-protected file must have been created with the same printer setup as your password- protected file. Usually, if the file to be cracked is one of your own files, the number of possible choices is probably quite limited. After all how many printers does one man/woman own? - usually. The question of base fonts is a little more problematic but again, most people making password protected files for their own use don't go wild and use every font in the book. In almost all circumstances, there are a very limited number of possibilities and simple trial and error will eventually produce the desired result. This limitation tends to prevent abuse of this powerfull program. Remember, you can use any text as long as the printer setups correspond. Whatever else the file contains is completely irrelevant. 4) Automatic Search --- The automatic search feature is selected by clicking on the 'START' command button located within the 'AUTO SEARCH' area. When AUTO search is selected, the program will assume the password length is one character and begin trying to find the password. After searching through 'ANALYSIS LENGTH' number of characters, (default=200) the program will increment the password length by one and repeat the search of the same number of characters until passwords with lengths up to and including 25 characters have been tried. The 'ANALYSIS LENGTH' parameter controls the length of file header searched for passwords in bytes. This parameter may be reduced to quicken the search process or increased to avoid missing a password. Let your own experience be your guide in setting this parameter. You may stop the search at any time by clicking on the 'STOP' command button. You may change the default setting of the 'PASSWORD LENGTH' parameter if you have a registered copy of WPcrak. 5) The 'MANUAL SEARCH' feature of WPcrak allows the user to change the starting value of the password length. This allows for faster searches if you know in advance that the password is unlikely to be less than some value. 6) The grid window in the lower center of the screen displays five rows of information in columns. There is one column for each byte field in the Word Perfect file header. You may scroll horizontally to see more of the header up to 'ANALYSIS LENGTH' rows. The first row shows the Hex values of the password protected file. The second row show the plaintext file data (only valid after the password has been discovered). The third row shows a sequence used to encrypt the protected file. The derived 'KEY" or password in Hex is shown in the next row. The ASCII value of this 'KEY' is shown in the last row. Some of the bytes in the last row are corrupted by the particular encryption algorithm Word Perfect used to "protect" the files. WPcrak filters out this trash and discovers the correct password. Scanning this field of data may be helpfull if the password contains control characters. In this case, you will have to look up the keystroke in the accompanying table. 7) If the password contains non-printing control characters such as cntl-C, you will see one of the Windows character set representations for these characters in the password text box. To find out what these non-printing characters are you must consult the accompanying ASCII table. Look up the character in password box that appears under the password. Happy password hunting!!! The table below shows the ASCII character codes in decimal format and the corresponding keystrokes. The ^ character means simultaneous Cntl and key combinations. 0 ^@ 32 [space] 64 @ 96 ` 1 ^A 33 ! 65 A 97 a 2 ^B 34 " 66 B 98 b 3 ^C 35 # 67 C 99 c 4 ^D 36 $ 68 D 100 d 5 ^E 37 % 69 E 101 e 6 ^F 38 & 70 F 102 f 7 ^G 39 ' 71 G 103 g 8 ^H 40 ( 72 H 104 h 9 ^I 41 ) 73 I 105 i 10 ^J 42 * 74 J 106 j 11 ^K 43 + 75 K 107 k 12 ^L 44 , 76 L 108 l 13 ^M 45 - 77 M 109 m 14 ^N 46 . 78 N 110 n 15 ^O 47 / 79 O 111 o 16 ^P 48 0 80 P 112 p 17 ^Q 49 1 81 Q 113 q 18 ^R 50 2 82 R 114 r 19 ^S 51 3 83 S 115 s 20 ^T 52 4 84 T 116 t 21 ^U 53 5 85 U 117 u 22 ^V 54 6 86 V 118 v 23 ^W 55 7 87 W 119 w 24 ^X 56 8 88 X 120 x 25 ^Y 57 9 89 Y 121 y 26 ^Z 58 : 90 Z 122 z 27 ^[ 59 ; 91 [ 123 { 28 ^\ 60 < 92 \ 124 | 29 ^] 61 = 93 ] 125 } 30 ^[space] 62 > 94 ^ 126 ~ 31 ^_ 63 ? 95 _ 127 ^bksp * * Values 8, 9, 10, and 13 convert to backspace, tab, linefeed, and carriage return characters, respectively. Please direct any questions or comments to "johnk@indirect.com" or Compuserve 72510,3115. I will try my best to answer any of your questions concerning WPcrak. If you do not have Internet access, write to: CRAK 2901 E Greenway Pkwy P.O. Box 31844 Phoenix, AZ. 85022-1844 or, FAX your question to: 602-548-1993. Copyright Notice: (C) Copyright by John E. Kuslich 1993 Word Perfect is a trademark of Word Perfect Corporation. Compuserve is a trademark of Compuserve Corp. *Translation available on request. Thanks. This is copyrighted software. by John E. Kuslich 1993,1994 All Rights Reserved