Well, Rich769, I want to help you because the program is very old and it was retired from the site of the developers softbytelabs.com (even if it can be yet downloaded from other sites).
Furthermore they were not so accurate in telling us:
(a) they say that the version 4.33 is not compatible with the version 4.32: that's not true, as you already found out
(b)
SecurityPlus keeps no record of the encryption key either in memory or within the data. The only time it remembers a key is after you use it and as long as the program continues to run. Once you exit SecurityPlus the key is discarded, until you re-login with the right password. If the key is lost then you may as well delete the file. That's the reason why we say it’s uncrackable, even SoftByte cannot retreive it.
from http://softbytelabs.com/us/sp/; this made me laugh a lot...
An accurate search - unfortunately through Google, not using Woodmann internal search - would help you, and us, a lot, even if you say you are not a programmer. A great tutorial on this program (version 4.32) has been written by Casimir in the distant december 1999: http://www.woodmann.com/krobar/tutlist/tutlist1814.htm. To him all my credits go. He described the proprietary encription algorithm (in assembly language) and the simple way to recover the password: the old good times of SoftIce...
I simply wrote a little C program to put into practice the Casimir concepts; here it is:
Code:
#include <stdio.h>
#include <string.h>
#define KEYSIZE 61
unsigned char key_enc[KEYSIZE] =
"*+*This file encrypted with SecurityPlus! (C)SoftByte Labs*+*";
unsigned char key_dec[KEYSIZE]; // to be read from the encrypted file
unsigned char pwd[KEYSIZE+1];
int pwdlen;
int
password_check(void)
{
int i, j;
unsigned char sub1, sub2, sub3, sub4;
unsigned char key_chk[KEYSIZE];
// we copy the key before modifying it: this routine can be called
// more than once
memcpy(key_chk, key_dec, KEYSIZE);
// init the four subtractors
sub1 = pwd[0];
sub2 = pwd[pwdlen-1];
sub3 = KEYSIZE;
sub4 = pwd[0];
// encoding loops
for (i=0, j=pwdlen; i<KEYSIZE; i++) {
key_chk[i] -= sub1 + sub2 + sub3 + sub4;
// update for next loop
if (++j >= pwdlen) j = 0;
sub1 = pwd[j];
sub2 = key_dec[i];
sub3 = KEYSIZE - 1 - i;
sub4 += 1 + j;
}
return memcmp(key_chk, key_enc, KEYSIZE) == 0;
}
void
main(int argc, char **argv)
{
int i;
FILE *fp;
unsigned char p, p0, tmp;
if (argc != 2) {
printf("usage: %s filename.sp$\n", argv[0]);
return;
}
fp = fopen(argv[1], "rb");
// skip first chunk
fseek(fp, KEYSIZE, SEEK_SET);
// bring key_dec[] in memory
fread(key_dec, KEYSIZE, 1, fp);
// we use the equation in password_check() loop with i==1 to find the
// first character of the password
p0 = key_dec[1] - key_dec[0] - key_enc[1]/*'+'*/ - (KEYSIZE-1) - 1;
p0 /= 2;
pwd[0] = p0;
p0++; // take into account the '1' above
// we use the following equations to find the following characters
// assuming the worst case of a password with length KEYSIZE
for (i=2; i<KEYSIZE; i++) {
p0 += i;
p = key_dec[i] - key_dec[i-1] - key_enc[i] - (KEYSIZE-i) - p0;
pwd[i-1] = p;
}
// we use the equation in password_check() loop with i==0 to find the
// password length
for (i=1; i<KEYSIZE; i++) {
p = key_dec[0] - 2*pwd[0] - pwd[i] - KEYSIZE;
if (key_enc[0] == p) {
pwdlen = i+1;
tmp = pwd[pwdlen];
pwd[pwdlen] = 0;
// we need a complete check before exiting: the equation could
// be satisfied for more than one value
if (password_check()) break;
// failure: restore the character replaced by the null
pwd[pwdlen] = tmp;
}
}
printf("password: \"%s\"\n", pwd);
}
The only homework for you is to grab some free compiler (every C compiler will do the job) and compile the source: you are not a programmer but nobody is born as a programmer!
Best regards
bilbo
lost password for photo encrypted Programme Called Security Plus. Ver 4.33
Originally Posted by CrackZ
Posting Permissions
Bookmarks