Bokler's Guide to "CRACKER" Software


	The crackers in this section were designed to break the password protection/encryption built into popular word processor applications. The ones listed here worked without a hitch, returning the correct password value effortlessly in every case. If you are depending on the cryptography in these applications to protect your sensitive data you are definitely risk-prone.
	Word '97® Cracker: This is a freeware utility developed by Dmitry Sumin designed to discover "lost" Word '97 passwords. The documentation is sparse (very sparse), and by the author's own admission is very slow. It uses a "dictionary attack" - i.e. it guesses different passwords until it finds the one that successfully decrypts the protected file. If the person who password-protected the file originally used a truly random password, then it may take a very long time to recover it. You can download the binary word97cr.zip - no source code is included. An improved commercial version of this utility is now offered by Mr. Sumin through Passware at http://www.lostpassword.com.
	WFWCD vs. Word for Windows® 6.0: The Word for Windows Cracker Demo (WFWCD) appeared during 1996. WFWCD was developed by Fauzan Mirza to extract passwords from MS Word for Windows v 6.0 documents. According to the WFWCD documentation, the changes made to boost the security from the previous version of Word were ineffective. Like WPCRACK, WFWCD makes short work of extracting passwords. Run from the DOS command line, the WFWCD produces a short decrypted text sequence from the protected file, followed by the password value. You can get the WFWCD R8 distribution here. If you'd like to see WFWCD in action, but don't have MS Word 6.0, you can get our MS Word 6.0 password protected file (craktest.zip). The distribution comes with a DOS executable only (no source), and the documentation is more austere than that in WPCRACK and WU. Full file decryption requires a copy of Word 6.0...using the password determined from WFWCD.
	Word Unprotect (WU) vs. MS Word® 2.0: Sometime later the Word Unprotect program WU appeared. WU was developed by Marc Thibault to decrypt protected Microsoft Word v.1 and v.2 documents. We did not test WU (didn't have an old copy of MS Word). According to the WU documentation it creates a decrypted version of the file rather than produce the password as WPCRACK does. Mr. Thibault's comments (see the WU documentation link above) regarding the strength of the Word encryption algorithm are similar to those for WPCRACK. You can get the WU distribution here. The distribution includes C++ source code, and executables for DOS and Windows.
	WPCRACK vs. WordPerfect® 5.1: The readme.txt file in the WPCRACK distribution indicates it was widely disseminated over the Internet beginning late in 1992 - making it was one of the first cracker software packages to receive wide distribution. It was developed by Ron Dippold to extract the password from a protected WordPerfect® file. While WP 5.1 is no longer in wide use this package is most interesting for its docimentation; Mr. Dippold discusses the WordPerfect design flaw that allowed him to crack its flimsy password protection. If you're a developer who'd like to avoid making the same errors, you should read the WPCRACK documentation. You can get the WPCRACK distribution here. If you want to test WPCRACK, but don't have WordPerfect 5.1 you can get our WP5.1 password protected file (craktest.zip) here. The WPCRACK distribution includes an additional utility (WPUNCRYP) which will decrypt the WP5.1 file to a text file when supplied with the password found by WPCRACK. This avoids the necessity of even having to own a copy of WordPerfect to view the cracked files (this guy thought of everything)! This distribution comes with C source code only...you'll have to compile it to try WPCRACK.


	The PKZIP compression utility includes an option to encrypt the compressed archive. Following are two genres of PKZIP crackers - dictionary attack crackers, and a known plaintext attack cracker. While cracking PKZIP files is not trivial as it is with the word processor and spreadsheet crackers listed above, you really shouldn't bet the farm on it either.
	The Dictionary Attack: These crackers employ a brute force/trial-and-error approach: repeatedly guessing password values until the correct one is found. The passwords are typically chosen in sequential order from a list (file) of commonly used passwords. This means that choosing long, obscure passwords may provide greater security than short passwords. This is a good point to remember if you are depending on PKZIP's encryption to secure your data.
	ZIPCRACK: The earliest example of PKZIP cracker software we found was ZIPCRACK v2.0, developed by Paul Kocher while he was a sophomore at Stanford University (circa 1992) to crack PKZIP v 1.1 protected files. ZIPCRACK utilizes a dictionary attack (see above). You can get the ZIPCRACK 2.0 distribution here. Note however that this distribution is crippled (only searches for passwords beginning with the letter "z"), has no source code, and only works against an antique version of PKZIP. We've included it here because the zipcrack.doc file in this distribution contains some useful information, including some of Mr. Kocher's views of PKZIP's approach to cryptography. EPILOGUE: Subsequent to releasing ZIPCRACK Mr. Kocher and Eli Biham published a paper detailing a known-plaintext attack on PKZIP which was used in the cipher challenge contest sponsored by PKWare. While the results of the contest remain controversial, there is no doubt that the technique works in many real-world cases. You can get a copy of the Biham and Kocher paper titled "A Known Plaintext Attack on the PKZIP Stream Cipher" here (a PostScript version). While Mr. Kocher never released the software described in this paper, Peter Conrad implemented their techniques in working software (see description below) available at his website. Mr. Kocher won further acclaim for himself (including an article in the New York Times!?) by finding a "timing attack" which could be used against many of the public key cryptosystems. You can get further details by visiting Paul Kocher's website.
	PKCRACK: Very little information is available on the PKZIP password cracker named PKCRACK. Judging from the files in the distribution PKCRACK is 1993 vintage, but nothing was found to identify the author. PKCRACK employs a dictionary attack like ZIPCRACK, but it's not crippled, source code is included, and it works on version 2.04 of PKZIP. Operation is straightforward - it tries all passwords contained in the file pkcrack.dat against the .zip file specified in the DOS command line. You can get the PKCRACK distribution here. It comes with an example .zip archive to illustrate its operation. The dictionary password must be an exact match with the one used to encrypt the zip'd files; missing even the case of a single letter in the password causes PKCRACK to come up empty-handed.
	FZC: The Fast ZIP Cracker (FZC) was developed by Fernando Papa Budzyn of Montevideo, Uruguay. The latest known version, FZC 1.05, was released o/a Feb 16, 1998. You can get the FZC 1.05 distribution here, or from here. FZC is the most sophisticated of the dictionary attack PKZIP crackers we found. While similar in concept to PKCRACK and ZIPCRACK, FZC augments its dictionary attack with several features that enhance its ability to successfully complete its attack. Most of the documentation on FZC is "online" in the .exe file. While stand-alone documentation is sparse, it lists a pair of ftp sites from which you can replenish your password dictionary.
	The Known Plaintext Attack: This attack removes any added security from using long, obscure passwords. Using the attack requires that a few bytes (at least 13, more is better) of plaintext be known. Plaintext is simply the unencrypted version of an encrypted file. If you're paying attention to this, you just asked yourself why you need to crack an encrypted file if you already know what the decrypted (plaintext) file contains... good question! There's also a good answer: You don't have to know all of the plaintext, just several bytes (13 in this case). Since most file types contain a header or trailer which does not vary from file to file the required plaintext is generally available. Determining these plaintext header values is an exercise left to the reader... Kocher & Biham's paper on the subject is "A Known Plaintext Attack on the PKZIP Stream Cipher".
	PkCrack: PkCrack (not to be confused with the PKCRACK dictionary attack above) is an implementation of the known plaintext attack. It was developed by Peter Conrad of Germany based on the techniques described in Biham & Kocher's paper. Using it will require some work to define the known plaintext values for the encrypted, compressed files. As of this writing there are no known sources of plaintext for common filetypes; you'll have to get these on your own. The latest version of PkCrack can be found at Peter Conrad's website. It is available as "C" source, DOS and Win '95 executeables.
	ZipSuperFastAttack: If your data is protected with WinZip encryption, and you adversaries can scrape up $59 you are toast! AccessData's latest Zip Cracker is 100% guaranteed to decrypt files encrypted with WinZip, NetZip and MS CAB, and to do it "within hours".


	MS Windows: Jos Visser at OSP has created a very good source on cracking passwords on Windows NT®. The L0pht has released a Windows NT® password cracker that has attracted a LOT of attention. Download executables and read all about the latest version of L0phtcrack at their website. Teardrop and Land denial-of-service attacks as well as a host of other hacks are described at rootshell.com, as reported in TechWeb News. The Bonk denial-of-service attack is an enhanced version of Teardrop which counters Microsoft's patch for that attack - as reported in Wired News. Does Bonk really work?... apparently so. The folks who brought you "Back Orifice" were nice enough to share some insights into how it works in this piece on NetBIOS Attacks over TCP. This related article on the same subject is also worth reading (an excerpt from Carolyn Meinel's book?)
	Novell®: The Novell Netware® Hack FAQ exposes the dangers of entrusting your secrets to Novell's security system; available as a downloadable file, a web page, and occasionally posted to comp.security.misc A command line NLM for setting any user's password on a NetWare® server to anything you want. Thanks to KRP, one of our readers, for this one.
	WWW, Windows NT and Novell: From Simple Nomad, the guy who brought you the Novell Hack FAQ... this is an all new site with an enlarged agenda - The Nomad Mobile Research Centre.
	Web Browsers: Ed Kubaitis' site has a page on WWW Browser Security & Privacy Flaws. No software is available, but this is a good source of information on the risks of simply browsing the Web. The L0pht has published an advisory documenting their discovery of a security flaw in IE 4.x which gives away user control over execution of code on their machine. ActiveX: The Chaos Computer Club's website in Germany has a page devoted to security problems with ActiveX® controls. They demonstrated these flaws on a German television program by using their ActiveX control to cause Quicken® to transfer money from the dupe's bank account to the hacker's account - klicken sie hier for the full story. If you're using Internet Explorer® you can try some of their malicious ActiveX controls for yourself... be careful!


	Has cracking become an industry? Apparently so... these are now at least three companies who develop and market software designed to recover information protected with "built-in" encryption software.
	CRAK Software: John Kuslich and the folks at CRAK Software are selling software crackers for many of the popular Windows applications, most of it for $99. They have demo (crippled) versions of at least some of their products. But hey, I'm stealing their thunder...you can go visit CRAK's web site from here.
	Access Data Corp: AccessData Corp. also markets an extensive line of utilities to recover passwords from a wide variety of Windows applications. Prices and demo versions are available from AccessData's website.
	Passware: Dmitry Sumin & company have recently commercialized their successful crackers for Office '95 and Office '97 applications including Word, Access and Excel. They offer demo versions of most of their products which extract partial passwords. Prices and product offerings are available from Passware's website in Russia.
	Password Crackers, Inc: Removed from the list due to their spam policy.

Application	Commercial Cracker Sources	Free Cracker Utilities
Microsoft Money	AccessData MsOfPass - (Office '95 & '97)	?
Microsoft Word	AccessData CRAK Software MsOfPass - (Office '95 & '97) WordLocksmith	WU- Word 2.0 WFWCD R8- Word 6.0 word97cr.zip
Microsoft Excel	AccessData CRAK Software MsOfPass - (Office '95 & '97) ExcelLocksmith	excrak.zip Excel (v 4.0 & up) for "sheets"
Word Perfect	AccessData CRAK Software	WPCRACK - WP 5.1
Data Perfect	AccessData	?
Professional Write	AccessData	?
Lotus 1-2-3	AccessData CRAK Software	?
Quattro Pro	AccessData CRAK Software	?
Paradox	AccessData	?
Symantec Q&A	AccessData	?
Quicken	CRAK Software AccessData	?
PKZIP	AccessData	ZIPCRACK 2.0 - PKZIP 1.1 PKCRACK - PKZIP 2.04 FZC 1.04 - PKZIP 2.04 Peter Conrad's Known Plaintext Code

NOTE: Our original idea for this page was just to publish a list of all the cracker software we could find. After casting our nets and examining the catch it occurred to us that there might be a larger and more interesting story here... drop us a line if you've got some opinions or information you'd like to share relevant to this page.

PLEASE NOTE: THIS PAGE CONCERNS CRYPTOGRAPHY. IT HAS NOTHING TO DO WITH "WAREZ" AND THE LIKE. WE DO NOT TRADE IN UTILITIES TO DEFEAT SOFTWARE COPY PROTECTION, AND WILL NOT ANSWER REQUESTS FOR SUCH UTILITIES.

Copyright ©, 1995-2001 Bokler Software Corp. All rights reserved. DEScipher, TDEScipher and HASHcipher are trademarks of Bokler Software Corp. The "animated_cipher.gif" is copyrighted by Bokler Software Corp. Microsoft, Windows, Visual Basic, Visual C++ and ActiveX are trademarks of Microsoft Corp.


	The latest "Zip Cracker"from AccessData Corp. makes your data available to anyone with $59.00.
		The Edgar Allan Poe Cryptographic Challenge HAS BEEN SOLVED! See the Press Release for details.
	More Word and Excel password crackers available from intertek. Commercial versions of their Word and Excel password cracker software are available, or you can simply buy their service.
	A Norwegian group calling themselves the Masters of Reverse Engineering (MoRE) has developed a utility that defeats the CSS encryption algorithm used to protect DVDs from being copied. The small decryption utility called DeCSS is available as a Windows binary, and in source code form. See the "official" mirror listing for download sites, and Frank Stevenson's cryptanalysis for code and details.
	A company called Elcomsoft is offering licenses for password cracker utilities that handle MS Office '95 and '97 (Word, Excel and Access), WinZip (.zip files). Their website also has a nifty collection of dictionaries and dictionary generators.
	The FBI's National Infrastructure Protection Center publishes a list of "Bugs, holes and Patches" in PDF format every two weeks. This is good stuff, but the PDF format leaves much to be desired as a searchable medium - it needs better organization!).
	Check out our bookstore for some titles of interest. The current "hot title" is "Hacking Exposed: Network Security Secrets and Solutions".
	A couple of tutorials on Windows vulnerabilities that you should be aware of... Guide to (mostly) Harmless Hacking, and one on NetBIOS attacks over TCP from Cult of the Dead Cow.
	Dmitry Sumin's password cracker software has gone commercial. The new site address is http://www.lostpassword.com. He now offers versions to crack Office '95, '97 and 2000 password-protected files including Word, Excel and Access. See Industry listings for further details.
	Fernando Papa Budzyn has released an updated version of his Fast ZIP Cracker. Version 1.05 was released o/a 16 February, 1998, and is available from our web server, or from one of these sites: ftp://ftp.ox.ac.uk/pub/crypto/cryptanalysis/fzc105.zip, or ftp://ftp.elf.stuba.sk/pub/pc/pack/fzc105.zip.
	Bruce Schneier has released an application to brute-force S/MIME-protected messages which use 40 bit RC2. S/MIME is employed in Netscape's Communicator™, and Microsoft's Outlook Express™.
	One of the operatives at the L0pht has found another flaw in Internet Explorer which allows arbitrary code on the IE4 host to be executed.
	A serious bug in the Excite for Web Servers search engine has been discovered which would allow anonymous users to execute shell commands on the server.
	rootshell.com's site lists over 500 source code modules & "recipes" for hackers, including the recently advertised Land, Teardrop, and Bonk attacks. See the Operating Systems section.
	The Chaos Computer Club in Germany has devoted a page to detailing security flaws they've discovered with ActiveX® and Internet Explorer®. See the Operating Systems section.
	Ed Kubaitis' site: WWW Browser Security & Privacy Flaws. See the Operating Systems section.
	Pavel Semjanov's Homepage - site of the Russian Cracker Page. Thanks to Pavel for notifying us about his site. See the Other Sites section.
	The L0pht houses numerous resources. Their most recent release of L0phtcrack successfully defeated Microsoft's patch for an earlier Windows NT® password crack. See the Oper. Systems section.
	The Nomad Mobile Research Centre has FAQs and files for cracking Windows NT, Novell, and both web browsers and servers. See the Operating Systems section.

WFWCD vs. Word for Windows® 6.0:

Word Unprotect (WU) vs. MS Word® 2.0:

WPCRACK vs. WordPerfect® 5.1:

Excel Password Remover:

The Dictionary Attack:

ZIPCRACK:

EPILOGUE:

PKCRACK:

FZC:

The Known Plaintext Attack:

PkCrack:

MS Windows:

Novell®:

WWW, Windows NT and Novell:

Web Browsers:

ActiveX:

Pavel Semjanov's Home Page:

CRAK Software:

Access Data Corp:

Passware: