
                    WPcrak Password Retrieval Software
                         Version 1.0

1       Copyright Notice: (C) Copyright by John E. Kuslich 1993
                     All Rights Reserved

     This is copyrighted software.  You may not make or distribute 
copies of this software or any part of this software (including but
not limited to electronic copies) except as noted in the following
license agreement:

     License Agreement:

     You may freely make and distribute as many as copies of the
shareware version of WPcrak as you desire.  You must, however,
distribute/copy the entire shareware package including this file
each time you do so.  You must not make any alterations or
deletions to this software or the supporting documentation.  You
must not change the filename of WPcrak shareware package as it is
distributed/copied to various software archive distribution
entities such as Internet or Compuserve.   You must not use WPcrak
for longer than ten days unless you register your copy and pay the
required fee.

PLEASE COPY AND FREELY DISTRIBUTE THE WPCRAK1.ZIP FILE. 

2       Liability:

     The author assumes no liability whatsoever no matter what
happens under any conceivable circumstance no matter what, period. 
If you don't like this condition, don't use the software. It's that
simple.  The author assumes no responsibility for any damages
resulting from the use or misuse of this software.  

3       Registration:
     
     You must register this software if you use it for longer than
ten(10) days. When you register you will receive a full featured
version of WPcrak by mail on a 3 1/2 inch floppy. Be sure to
include you name and address - I'm not psychic.  Future versions
may find passwords for other programs as well as for Word Perfect
(TM).  

4       Program Capabilities:

     a)  Word Perfect (TM) Password protection:

     The Word Perfect (TM) program has an option allowing password 
protection for files.  This password protection supposedly
disallows reading or alteration (through the Word Perfect (TM)
program) of files by anyone not in possession of the "password"
used to protect the file.

     This protection happens to be very weak and is easily broken.
It relies on an encryption technique which can be successfully
attacked, especially if one is in possession of a
"non-password-protected" file of arbitrary contents but which uses
the same printerand base font setup.  

     Certain information associated with printer and base font is
known or can be known by simply creating a Word Perfect (TM) file
and setting up for the particular printer and base font.  This
information, together with knowledge of the encryption algorithm, 
(which is easily discovered by examining a known file encrypted 
with a given password) is used by the WPcrak program to discover 
the file password.

     WPcrak uses this technique to quickly and easily discover Word
Perfect (TM) file passwords.


     b)  Legitimate Uses

     Nobody  likes the idea of snooping on private information
belonging to others, but there are a number of legitimate uses for
a program such as WPcrak.  These uses justify having a copy and
using it to overcome password difficulties.

          1)  Bad Memory (yours) ---      Say you have a lot of
private files that you have been password protecting and, as time
goes by, you forget what passwords you used to protect certain
data.  Without WPcrak you are out of luck!  Chances are, if you
have gone to all  the trouble of protecting unauthorized access to
files, the data they contain is extremely valuable to you.  Before
WPcrak you were lost!  With WPcrak, you can easily recover those
files! (Perhaps someone else can also and you should be considering
a stronger encryption algorithm for you private files)

          2)  Malicious Behavior (theirs)  ---     Say one of your
trusted and key employees gets a wild hair and decides life in the
Bahamas (at your expense) would be a good idea.  He/she password
protects some really important business data and attempts to extort
money or a promotion in exchange for your business data.  Now you
have a choice of going out of business or writing some checks. With
WPcrak you call the cops, document the extortion attempt, and
recover you data. (Or you don't call the cops, document the
extortion attempt, recover your data and start receiving some
checks yourself!!!!) It's up to you.  WPcrak puts you in control.


          3) Shark Attack ---  You are a lawyer and through
discovery proceedings in a lawsuit,  the judge grants you access to
data files relevant to your case.  These files are in the
possession of your opponent.  Your worthy opponent dutifully gives
you the required data except that, all of a sudden, his/her memory
goes blanker than Ronald Regan's brain on Halcion. He/she cannot
remember a single solitary character of the passwords used to
protect the data.  You out of luck unless you have WPcrak!

          4) Cops and Robbers ---   You are a law enforcement
officer investigating some evil doings by your local assemblyman.
You subpoena his computer and files,  but to your chagrin, they are
password protected!  You are out of luck unless you have WPcrak!
With WPcrak, you look at the files which lead you to information
your target has no idea you know about.  You are a hero and the bad
guy goes to the slammer.

          5) Illigitimus Non Carborundum* ---  You suspect your
teenage daughter of illicit activity with Andrew Dice Clay and she
writes password protected letters to him all the time.  Or your 10
year old son is writing password protected letters to Michael
Jackson.  What does a good parent do? I'll tell you what a good
parent does. He/she gets a copy of WPcrak and does some snooping.
Hopefully you don't discover that the little tyke is running a drug
ring on the side!

          6) Paradise Lost  --- You suspect your husband/wife of
cheating and writing password protected love letters to
Joesephine/Joe  Husbandstealer/Wifestealer. What do you do?  I'll
tell you what you do. You divorce the ^%@%&#% and collect the
insurance.  Get a life! Forget WPcrak!

5       Program Usage Instructions

WPcrak RUNS ONLY UNDER MICROSOFT WINDOWS!!! IF YOU DO NOT HAVE
WINDOWS INSTALLED ON YOUR COMPUTER YOU CANNOT RUN WPcrak!

NOTA BENE:  YOU MUST COPY THE VISUAL BASIC RUN TIME LIBRARY
"VBRUN300.DLL" TO YOUR \WINDOWS\SYSTEM DIRECTORY BEFORE RUNNING
WPcrak.  (This library is in the public domain and available from
thousands of BBS's, Compuserve, Internet anonymous FTP sites,
etc.).

     a)      Installation

          1) Unzip the WPcrak.zip file to any working directory
(suggest WPcrak).  Make sure vbrun300.dll is resident in the
windows/system directory.

          2) Select FILE from the Windows Program Manager.


          3) Select RUN under the FILE window.

          4) Type "path\setup" where path is the path to the
working directory containing the unzipped WPcrak files.  The setup
program will then use standard Windows tools and install WPcrak
in its own program group and the required DLL's to the
windows\system directory.  If you would rather install WPcrak in
some other group, just drag the Icon to that group, drop it and
delete the WPcrak program group.
          5) You may then delete all the *.xx_ files (compressed
files) from the working directory.  Don't delete any other files or
when you click on the WPcrak Icon, you will get nada. 
     b)      Using WPcrak

          1) Starting Up ---  Double click on the program Icon and
wait a few seconds for the program to load.  A dialogue box will
appear telling you to select the "FILE'  item from the menu bar in
the upper left hand corner of the WPcrak window.  If this detailed
level of direction is bothersome, just select
Suppress_Help_Messages from the FILE menu and this feature will
mercifully cease to exist.  The flashing red arrow will continue to
suggest file selection as appropriate however.  These program
operational features were added after the WPcrak program was
subjected to the "Dumb User Test". We pride ourselves at having
some of the best "Dumb Users" available These users complained that
the next operation was not obvious to the casual observer.  Let me
know if you like or dislike these features.  My E-mail address is
show at the end of this diatribe.
 
          2) Loading Files --- Remember...when you want to crack
open a password protected file,  you must have first loaded a
different non-password protected file according to the menu
selections.  If you get mixed up and load the wrong file first just
choose the 'NEW' or 'CLOSE' selections from the file menu and start
over.  The menu will only allow one type of file to be loaded at
one time so just do what you are told!

          3) Non-Protected file ---  The non-protected file must
have been created with the same printer setup as your password-
protected file.  Usually, if the file to be cracked is one of your
own files, the number of possible choices is probably quite
limited.  After all how many printers does one man/woman own? -
usually. The question of base fonts is a little more problematic
but again, most folks making password protected files for their own
use don't go wild and use every font in the book. In almost all
circumstances, there are a very limited number of possibilities and
simple trial and error will eventually produce the desired result.

          Remember, you can use any text as long as the printer
setups correspond.  Whatever else the file contains is completely
irrelevant.

          4) Automatic Search ---  The automatic search feature is
selected by clicking on the 'START' command button located within
the 'AUTO SEARCH' area.  When AUTO search is selected,  the program
will assume the password length is one character and begin trying
to find the password.  After searching through 'ANALYSIS LENGTH'
number of characters, (default=200) the program will increment the
password length by one and repeat the search of the same number of
characters until passwords with lengths up to and including 25
characters have been tried.  The 'ANALYSIS LENGTH' parameter
controls the length of file header searched for passwords in bytes.

This parameter may be reduced to quicken the search process or
increased to avoid missing a password.  Let your own experience be
your guide in setting this parameter.  
          You may stop the search at any time by clicking on the
'STOP' command button.

          You may change the default setting of the 'PASSWORD
LENGTH' parameter if you have a registered copy of WPcrak. 
Otherwise you will be stuck with 10 character passwords.  The
shareware version of WPcrak will only show the user discovered
passwords of exactly ten characters in length. This version finds
all the passwords...it just tells you about the 10 character ones. 
The registered version will show all passwords discovered.  (Hey,
I have to eat...so register the software).
  
          5)    The 'MANUAL SEARCH' feature of WPcrak allows the
user to change the starting value of the password length.  This
allows for faster searches if you know in advance that the password
is unlikely to be less than some value.  This feature is disabled
until you register your copy of WPcrak.

          6)    The grid window in the lower center of the screen
displays five rows of information in columns.  There is one column
for each byte field in the Word Perfect file header.  You may
scroll horizontally to see more of the header up to 'ANALYSIS
LENGTH' rows.  This grid does not provide much added value in this
particular version of WPcrak but we have future plans for this
display.  Register your copy of WPcrak and you may be kept
appraised of future developments.
          The first row shows the Hex values of the password
protected file.  The second row show the plaintext file data.  The
third row shows a sequence used to encrypt the protected file.  The
derived 'KEY" or password in Hex is shown in the next row.  The
ASCII value of this 'KEY' is shown in the last row.  Some of the
bytes in the last row are corrupted by the particular encryption
algorithm Word Perfect used to "protect" the files.  WPcrak filters
out this trash and discovers the correct password.

Happy password hunting!!!

If you use this program for longer than 10 days and would like a
full featured registered copy of WPcrak and a license to freely use
it, please send $20 (check or money order) and your mailing address
to the following address:

               John E. Kuslich
               814 E. Coral Gables Dr.
               Phoenix, Az. 85022 

This is version 1.0 software, if you find bugs I would appreciate
hearing about them.  Unfortunately, that's all I can do at this
point in time.  Perhaps in the future, I will be able to offer free
updates for those who find significant bugs.  

Please direct any questions or comments to "johnk@indirect.com". 
I will try my best to answer any of your questions concerning
WPcrak.        


Copyright Notice: (C) Copyright by John E. Kuslich  1993  

Word Perfect is a trademark of Word Perfect Corporation.          

Compuserve is a trademark of some other outfit.                   
                                    

*Translation available on request. Thanks. It means "Don't let the 
BASTARDS grind you down"
                                                                 

     This is copyrighted software.
by John E. Kuslich 1993 All Rights Reserved

