Results 1 to 15 of 15

Thread: Cracking w97 files

  1. #1
    dipeshrestha
    Guest

    Cracking w97 files

    Dear friends,

    I am facing problem while cracking the password protected word document. i generally use bpx hmemcpy in softice to have a break in software. but it does not seems to work with Word or excel. Can anyone help me with that

    thanx in advance

    dipeshrestha
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Hullo,

    If you are trying the "MEMORY-ECHO" trick to find the password in W97, then forget it. You will NOT get it, because it is not stored and not compared.

    As far a bpx hmemcpy is concerned, if you are using the Win NT and above, this no longer exists.

    A better way would be:

    1. Enter your password
    2. Ctrl-D into SoftICE
    3. addr winword
    4. bpx getwindowtexta
    5. Press OK once you are out of SoftICE

    If that does not work:

    1. Enter your password
    2. Ctrl-D into SoftICE
    3. addr winword
    4. hwnd winword
    5. Check for the EDIT class topmost
    6. bmsg xxxxx wm_gettext
    7. Press OK once you are out of SoftICE

    Remember, password protection means that the file gets encrypted. You might try to ask this question on the Encryption Board here on RCE.

    ...Have Phun
    Blame Microsoft, get l337 !!

  3. #3
    dipeshrestha
    Guest
    Hi aimless,

    actually i'm using win 98. now i will try what u have said. thank you a lot. if problem persist i will again contact u.

    dipeshrestha
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    foxthree
    Guest

    Red face Doubtful

    erm... I suppose, both methods wouldn't work in this case. I tried with Word 2000. No WM_GETTEXT there. My suggestion would be to break on the WM_LBUTTONDOWN:

    i.e. bmsg <handle of OK button> WM_LBUTTONDOWN

    Signed,
    -- FoxThree

    PS: Word 97 MD5-RC4
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    DakienDX
    Guest
    Hello foxthree !

    Word 97 uses RC4?

    In 1997 the US government hadn't yet legalized to export cryptography with more than 40 bit from the USA.
    MD5 has a 128bit output, so what bits should be passed to the RC4 function? Only the first 40 bit?

    Shall we accuse M$ because of weapon-export-violation?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647

    There are password crackers

    I may have misunderstood your request, but there are word and excel pasword recovery utils floating on the web. give it a search.

  7. #7
    foxthree
    Guest

    Yes Indeed ;)

    Hi DakienDX:

    I'd refer you to:
    http://www.password-crackers.com/crack1.html#office97

    I also post a snippet of Pavel Semjanov's PC FAQ on Office 97 Password Cracking:

    "But because of US export regulations Office 97 uses 40-bit key. So encrypted files can be decrypted without password knowledge in a few days by searching for this key. Some companies ..."

    If you take a look it is MD5 and RC4 with 40-bit keys. Though, I don't *really* know if 40-bits out of 128 are used for RC4, I do know that the crypto is RC4 [this one is for sure ] Also, I do know about ITAR Act and that it was relaxed only recently.

    Thanks,

    Signed,
    -- FoxThree

    PS: Dakien, don't get me wrong, but I *DO* tend to do my research before posting Cheers!!!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    DakienDX
    Guest
    Hello foxthree !

    The link is dead.
    At least I get an "Error 403 Permission Denied".

    I haven't read anything describing how M$ Word encrypts file, but it was just logical that it wasn't able to use 128 bit in 1997 outside of the USA.

    Maybe I've asked in a wrong way, but I didn't doubt that Word uses RC4, only that it uses 128 bit as key.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    foxthree
    Guest

    Cool No probs, DakienDX

    Hi Dakien:

    Thanks for being cool

    Yes, the link gives 403, but I used Google "cache".

    Thanks,

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491

    word

    Hi DakienDX, foxthree!

    As far as I know, I was the first one to disassemble the thing. This was way back before I'd heard of Fravia or SoftIce or IDA. So I disassembled the thing via MSVC 5's code watch. The addresses kept changing because sometimes the DLL would get loaded into a different part of memory. I had pages of code taped to my wall that I had copied & pasted into word pad.

    Anyway, the password test algorithm goes like this:
    Code:
    a=Lo40(MD5(pw in unicode, no terminating NULL))
    b=concat(a,first)
    c=Lo40(MD5(concat(16 b's)))
    RC4Init(c);
    RC4Decrypt(second);
    RC4Decrypt(third);
    d=MD5(second);
    if d==third, password is correct.
    Lo40 are the first five bytes of the input.
    first, second, third are three 16-byte values found in the word file right after the string 00 01 00 01
    concat("now","here")=="nowhere"

    To decrypt a file, you just have to brute force the 40 bits of c.

    To decrypt all files w/ the same password, you just have to brute force the 40 bits of a.

    Every file can be decrypted with a nine-character single-case alpha password, since 26^9 ~=2^42.
    Last edited by mike; April 10th, 2002 at 15:44.

  11. #11
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491

    Cracking w97 files

    If anyone cares, DakienDX's been asking about cracking MS Word 97 files in the Newbies forum and I posted the pw test algorithm over there.

  12. #12
    DakienDX
    Guest
    Hi mike !

    I've put the two threads together so that they stay as one unit. It's OK to discuss this in the RCE Cryptographics.

    Thank you for sharing your knowledge about the topic. I wasn't really interested in the Word 97 password protection, but if anybody feels he needs some more information, I'll help to keep the topic up to date.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491

    MS violated crypto export laws

    MS *did* violate crypto export laws with their PWL file. The password is hashed 9x using md5 to derive a 128-bit key which is fed to RC4 to encrypt the contents of the PWL file. Pick a new user name, a long password, store a resource in the PWL file (which can be up to 32 K) and log off. The PWL file is secure storage.

    (This only applies to the update of the update that ended up in win98. There are a LOT of problems with early versions of PWL files.)

  14. #14
    foxthree
    Guest

    One small question

    Hi Mike:

    Thanks for your post. However, I have one small question. Supposing, say we manage to brute force c (2^40 computations is not that big) but using 'c' how do we get back the clear-text password.

    Since:
    c=Lo40(MD5(concat(16 b's)))
    to get b's from c we need to do Inv(MD5) which is 128-bits!

    Are you referring to just decrypt the document based on 'c' or getting back the plain-text password? If it is the former, I understand (since you've got 'c', u just do the RC4 decrypt), but how to get the plain-text password

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491
    Are you referring to just decrypt the document based on 'c' or getting back the plain-text password? If it is the former, I understand (since you've got 'c', u just do the RC4 decrypt), but how to get the plain-text password ???
    It is the former, and you understand ;D

    You have to do a second brute-force to get 'a' and a third brute-force to get a working password. The second and third brute-forces go very vast compared to the first one, since there's no rc4 setup.

    All of this can be optimized out the wazoo with MMX instructions.
    Last edited by mike; April 10th, 2002 at 21:12.

Similar Threads

  1. Cracking old MZ exe's
    By taurus in forum The Newbie Forum
    Replies: 14
    Last Post: September 5th, 2009, 01:36
  2. Replies: 4
    Last Post: January 18th, 2008, 01:24
  3. Cracking help.
    By bitorrent in forum The Newbie Forum
    Replies: 3
    Last Post: August 16th, 2006, 17:11
  4. Cracking VB6 stand-alone .exe
    By alanazar in forum The Newbie Forum
    Replies: 20
    Last Post: March 16th, 2006, 12:17
  5. Cracking From Win ME ... help .. Please
    By Crackpipe2k in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: October 31st, 2001, 10:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •