Y A A C (Yet Another ARJ Cracker) v. 1.0a (c) Copyright PSW-soft 1994-2001 by P. Semjanov THIS PROGRAM VERSION IS DISTRIBUTED "AS IS". YOU MAY USE IT AT YOUR OWN RISK. ALL THE CLAIMS TO PROGRAM OPERATION WILL BE REJECTED. THE AUTHOR DOES NOT ALSO GUARANTEE THIS PROGRAM FUTURE MAINTENANCE AND UPDATE. This is FREEWARE program, so it can be distributed under the following conditions: program code is kept unchanged and the program is distributed in the form of distributive archive. Any commercial use of this program is prohibited! 1. PURPOSES AND CHARACTERISTICS The YAAC program is designed to determine a "forgotten" password for ARJ-archives. This program operates adequately with ARJ-archives versions 2.30-2.75 and also with ARJ32-archives versions 3.0-3.08 (but also is to be adequate to the later ARJ versions provided that file format will still be the same). From 2.55 version and on, the author of ARJ has added a new encryption procedure (according to GOST standard), but this program does not support it (see section 6). To proceed with YAAC program you need a computer with the 80386 compatible processor or later. It is recommended to use as powerful processor as possible (the code is optimized for Pentium II). YAAC is the tool for professionals, no GUI or great service is provided. But it tries to maximize your abilities for passwords definition and to minimize search time. YAAC uses Password Cracking Library (PCL), a very powerful tool allowing you to define rules to generate passwords. The YAAC program DOES NOT use exhaustive search; in particular, it determines the first and the third character of the password reliably. Furthermore, most of passwords to be searched through is discarded beforehand, provided the beginning of these passwords does not met some heuristics. So it is quite difficult to estimate the rate of this program. The rate of password search is approximately 1000000 passwords per second on Pentium II/333. What actually happens is that you will get your password much faster. In principle, YAAC can crack potentially 12-14-character password, which is beyond the po- wer of any other program. The rate for dictionary attack is approximately 300000 passwords per second. 2. REQUIREMENTS FOR INPUT ARCHIVE To ensure the program to process an ARJ-archive under test successfully, the following requirements are to be met: - All the files were encrypted with the same password; - A new encryption procedure (-hg) was not used; - -jh, -m0, -m4 options were not used in archiving. The program will perform at its best if - there are a lot of files in the archive. On no account some (large) files should be removed from the archive before the program runs; - there are some small (100-500 byte) files in the archive. YAAC supports some types of self-extracting archives (see section 5.8). If you have one plaintext file at least in addition to the encrypted archive, an effective plaintext attack can be performed. For this purpose you can use known-plaintext crackers (look at http://www.password-crackers.com) 3. WORKING WITH THE PROGRAM. The program has two modes of operation: automatic mode and advanced user mode. To run the program in either YOU ARE TO CREATE PASSWORD DEFINITION FILE firstly (see section 4). You may run the program under MS-DOS, any Windows, Linux. You need any DPMI-host to run the program under MS-DOS. If you have no DPMI-host, you may use FREEWARE CWSDPMI (it is not included in this package), get it at ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp/v2misc/csdpmi5b.zip. 3.1. Automatic mode (most convenient). To run the program in this mode you are to use the command YAAC [options] archive [.ARJ] If the password is 3 characters length at most, then it is printed immediately. Otherwise the program produces all possible combinations of two first characters of the password ("The password may begin with:") and the third character ("The 3rd char is:"). These suggestions are based on all the possible characters from the set '?' (see section 4.2.1). Then the program produces the recommended set of characters ("Recommended set of chars:"). Relying on these data, you may guess the characters that comprise your password. The following advices may be given here: - in most cases passwords are limited by lower-case Latin letters ($a); - the program determines the first and the third characters of the password most exactly, so it is these characters that allow you to determine the character set to be used; - when the whole set of characters is used the time of password search is several orders longer than that for the set $a. The password determined is printed in such a form: truepass CRC OK All the other program messages both with "CRC ERROR" label and without it are not passwords. The options in this mode are: -lXX - to set password length to XX at least (XX = 0..255, XX = 1 by default). This parameter affects password length only when '*' is used in its definition (see section 4.2.1); -gXX - to set password length to XX at most (XX = 0..255, XX = 8 by default); -n - as usual, the program truncates a set of two first characters $s(2) up to those, which fall within a recommended set. This option lifts this restriction. -pXXXX - to set the name of password definition file ("PASSWORD.DEF" by default). Long file names are valid for Windows 95/98 only (not MS DOS or Windows NT); -b - to perform benchmarking; -v - debug mode (see section 5.1). It may be used to show character sets in use. This option generates also all the passwords according to with their definition; it does not test but prints them, so you can check their validity. ATTENTION: when this mode is used for the passwords with '*' regular character, the program does not print all the passwords, because some of them are discarded beforehand. Actually tested passwords are marked as "slow test". 3.2. Advanced user mode The necessity of considering this mode stems from the fact that the author failed to design such a function, which can exactly determine two first characters of the password. But this can be done manually according to the following scheme: 1) Choose several small files from your archive (let it be called YOUR.ARJ); 2) Run the program YAAC -c YOUR.ARJ in order to determine the original length and compression ratio of these files and the version of ARJ used; Carry out the following operations for each of these files (for example, for the file SAMPLE.EXE of the length 10000 and of the compression ratio = 0.6): 3) Find files with the same extension (*.EXE) and approximately of the same length +-50% (7500-15000) on your hard disk; 4) Compress these files with the same version of ARJ archiver to the other archive OTHER.ARJ; 5) Run the program YAAC -c OTHER.ARJ, and choose out of these files those ones, which compression ratio differs by 2-3% (0.57-0.63) at most from the original one; 6) Find maximum and minimum values from the column Block ratio (let it be 0.66 and 0.75) for these files; 7) Add a line SAMPLE.EXE 0.66 0.75 into the file YAAC.SIZ; After you have finished with all the files 8) Run the program YAAC -f YOUR.ARJ Some remarks: - If you have failed to find any file with such an extension, try to find files of the similar length (+-10%), and choose those giving the same compression; - If you have found only 1-2 suitable files, then you are to subtract 0.05 from the minimum value of the Block ratio and to add 0.05 to the maximum one; - The Block ratio values may exceed 1.0, but not 1.2, and are unlikely to be exceeded by 0.3. Regular values are in 0.75..0.95; - You may also try to archive the files found with ARJ options -jm, -m2, -m3. Any option of automatic mode can be used in conjunction with -f option in this mode. 4. THE USE OF PASSWORD DEFINITION FILE IN CHOOSING OF MODE OF OPERATION AND PASSWORD SET Password definition file is the main control file. Its translation and processing are the main task of PCL library. Its format doesn't depend on application, to which PCL is linked, so this library can be used for any password searching program. 4.1. Password definition file format Password definition file is an ordinary text file and consists of two parts: firstly, dictionary and character set definition, and secondly, passwords definition; the parts are separated by a line of two '##' symbols: [ ] ## The first part may be omitted, in that case password definition file is to begin with '##' symbols. Anywhere else the symbol '#' is considered as a comment beginning. Space characters and tabs are ignored in password definition file and may separate any components. For convenience, let password definition mechanism be our first concern and character set definition be the second one, contrary to their position in password definition file. 4.2. Password definition This is the main part of the file. IT NECESSARILY PRESENTS IN ANY PASSWORD DEFINITION FILE (PASSWORD.DEF) AFTER THE LINE '##' and presets password generation rules to be checked later on. It consists of text lines, each giving its own password set and mode of operation, i. e. an algorithm of password search. Each line is in its own right and is processed separately, so the total number of passwords checked is computed. Character sets and dictionary words form password definition. They preset one or more characters, which will hold the appropriate position in a password. 4.2.1. Character sets Character set (charset) is a set of characters, which can occupy current position in a password (but, of course, only one of them holds it). These characters may be following: 1) Ordinary characters (a, b, etc.). It means that it is this character that occupies given position in a password; 2) Shielded characters. Special characters, if ever occur in the password, are to be shielded. The meaning is identical with mentioned above. Among these are: \$, \., \*, \?, \= '$', '.', '*', '?', '=' \], \[, \{, \}, \(, \) corresponding brackets; \ (space character) space character \XX, where X is a hexadecimal digit any hex-code character \0 no character. It is usually used in conjunction with "real" character (see examples below). Generally, any character can be shielded except hexadecimal digits. 3) Macros of character set. It means that current position in the password can be occupied by any character from the set. These sets are specified in the first part of password defini- tion file (see section 4.3.2) and are denoted as: $a - lower-case Latin letters (26 letters, unless otherwise specified); $A - upper-case Latin letters (26 letters, unless otherwise specified); $! - special characters (32 characters, unless otherwise specified); $1 - digits (10 digits, unless otherwise specified); $i - lower-case letters of national alphabet (33 letters for Russian alphabet); $I - upper-case letters of national alphabet (33 letters for Russian alphabet); $o - other user-specified characters; ? - any character (i. e. all the characters, included into the macros mentioned above). NOTE: macros $v and $p (see section 4.3.4) cannot be used for password definition. 4) Any combinations of the characters mentioned above. It is written in square brackets. The meaning is identical with mentioned above. For example: [$a $A] any Latin letter; [abc] a, or b, or c; [$1 abcdef] hexadecimal digit; [s \0] s or nothing; [$a $A $1 $! $i $I $o] this is equivalent to ?. 5) Regular duplication character '*'. It means that the preceding character set is to be duplicated 0 or more times in corresponding (next) positions of the password. For example: $a * - a password of arbitrary length, consisting of lower-case Latin letters; [ab] * - space character, a, b, aa, ab, ba, bb, aaa, ... [$a $A] [$a $A $1] * - "identifier", i. e. a sequence of letters and digits with a letter at first position. Note that password of zero length is physically meaningful and is not always the same as no password at all. The length of duplication is computed automatically by options, on the basis of given maximum and minimum password length. Note, that these parameters influence only password length, generated with the use of '*' character, and are not taken into account for password, consisting of words or static characters only. It is recommended to use '*' as wide as possible. This is because it allows to perform the most powerful search. Although the constructions '? *' and '? ? *' seem to be alike from the logic standpoint, the first one will be searched through faster. Current restriction: '*' can be the last character in the line only. 4.2.2. Dictionary words and their modifiers The words present several consecutive characters of the password as opposed to character set. Two dictionaries are supported in PCL library: main (with ordinary words, as usual) and user (where special information can be stored, for example, names, dates, etc.), though there is no difference between them. Dictionary is a text file, consisting of words, separated by the end-of-line characters. Both DOS-format (CR/LF) and UNIX-format (LF) files may be used. It is desirable (to increase search rate, among other factors) to use words of the same (lower) case in dictionaries. Thus, there are two macros: $w a word from the main dictionary; $u a word from the user dictionary. It is known that altered words are often used as passwords. So to determine such passwords a whole set of word modifiers is put into use. Among these are: .u (upper) to upper-case; .l (lower) to lower-case; .t (truncate) to truncate up to the given length; .c (convert) to convert the word; .j (joke) to upper-case some letters; .r (reverse) to reverse the word; .s (shrink) to shrink the word; .d (duplicate) to duplicate the word. Modifiers may have parameters, written in round brackets. For modifiers, intended for use with single letters, the number of the letter can be considered as a parameter; no parameters or null parameter means "the whole word". Letters can be numerated both from the beginning of the word and from the end. The end of the word is denoted with the character '-'. There are only three such modifiers for today: .u, .l, .t. So, use .u or .u(0) to upper-case the whole word (PASSWORD); .u(1), .u(2) to upper-case only the first (the second) letter (Password, pAssword); .u(-), .u(-1) to upper-case the last (the next to last) letter (passworD, passwoRd); .t(-1) to truncate the last letter in the word (passwor). The other modifiers operate with the whole words only and their parameters give the way of modification. The following modifier parameters are specified for today: .j(0) or .j to upper-case odd letters (PaSsWoRd); .j(1) to upper-case even letters (pAsSwOrD): .j(2) to upper-case vowels (pAsswOrd); .j(3) to upper-case consonants (PaSSWoRD); .r(0) or .r to reverse the word (drowssap); .s(0) or .s to reduce the word by discarding vowels unless the first one is a vowel (password -> psswrd, offset -> offst); .d(0) or .d to duplicate the word (passwordpassword); .d(1) to add reversed word (passworddrowssap); .c() to convert all the letters in the word according to the appropriate conversion string (see section 4.3.3). All the modifiers operate adequately with both Latin and national letters, provided that the rules of national character sets definition are observed. Clearly there can be more than one modifier (the number of consecutive modifiers is limited by 63, which is unlikely to be exceeded). For example: (let $w mean a password): $w.u(1).u(-) PassworD $w.s.t(4) pssw $w.t(4).s pss Special character sets are also considered as words, because they can be of arbitrary length. They are denoted as $s(1), $s(2), ... and depend on peculiarities of the task. Three special sets are specified for this program: $s(1) the first letter of the password $s(2) two first letters $s(3) the third letter. You are to bear in mind that special character sets are worth using only in a certain position, namely $s(1) and $s(2) are to be the first (they are of 1 and 2 characters length, respectively), and $s(3) is to occupy the third position in the password (its length is 1), so the following examples are meaningful: $s(2) $s(3) $s(2) ? $s(1) ? $s(3) $s(1) ?? ?? $s(3). All the other, even though they can generate passwords, cannot be considered valid. 4.2.3. Permutation brackets The problem is widely met, when you remember your password, but it is not do for some reason. Probably, you have mistaken while typing it. This program has its own algorithm to restore such passwords. The following typing mistakes are considered: two neighboring letters are swapped (psasword), a letter is omitted (pasword), an unneeded letter is inserted (passweord) or one letter is replaced with another (passwird). Such password changes will be referred to as permutations. To indicate the beginning and the end of that portion of the password where permutations could appear, permutation brackets '{' and '}' are used. The bracket '}' can be followed by a number of permutations (1 by default), separated by a point (or in round brackets). The physical meaning of the number of permutations is the number of simultaneous mistakes. For example: {abc} - 182 (different) passwords will be obtained, including: bac, acb 2 swaps; bc, ac, bc 3 omissions; aabc, babc ... 4 * 26 - 3 insertions; bbc, cbc ... 3 * 25 replacements; abc the desired word; {password}.2 or {password}(2) - the following words will be generated: psswrod, passwdro, paasswor, etc.; {$w} - all the words, containing one mistake, from the main dictionary. Notes: 1) It is obvious that some passwords will be obtained more than once, so the larger is the number of permutations, the larger is the number of replicas. Efforts were made in this program to reduce replicas, but they are purely empirical and were made for two permutations at most. In other words, for the large numbers there is no certainty that a particular password cannot be discarded erroneously. Fanatics of the theory of combinations can compute the exact number for {password}.3, for example, then I'll be able to compare it with that one obtained by the program. 2) For insertion and replacement you are to know the set of characters to be inserted or replaced. In the event this set is not specified explicitly (see section 4.3.4), this program forms it automatically for character sets, in relation to standard set these characters are from (i. e. for {password} $a will be inserted, for {Password} [$a $A] will be inserted). The similar operation with words is performed, based on the first word from the dictionary with modifiers being taken into account. In the event this set is specified explicitly, it is just the set to be used. 3) Current restriction is that the character '{' must necessarily be the first in the line. Such expressions as good_{password} remain to be supported, but {good}_password is quite possible. 4.3. Dictionaries and character sets definitions All the definitions are set in the beginning of password definition file up to the characters '##'. 4.3.1. Dictionaries definition The main and user dictionaries in use (see section 4.2.2) are initially defined as usual. It is necessary only if you are going to use words from the dictionaries when defining passwords, i. e. $w or $u. The dictionaries are given as follows: $w = "main.dic" # main dictionary $u = "c:\\dict\\user.dic" # user dictionary File name is to be quoted, the path characters are to be shielded. Long file names are adequate for Windows 95/98 only (not for MSDOS or Windows NT). 4.3.2. Definition of the character sets in use Then character sets in use are defined, as usual. They are classified in two groups: predefined and user-defined. Predefined sets include: $a lower-cased Latin letters, 26 letters in all; $A upper-cased Latin letters, 26 letters in all; $! special characters {}:"<>?[];\',./~!@#$%^&*()_+`-=\|, 32 characters in all; $1 digits, 10 digits in all. User-defined sets include $i lower-cased letters of national alphabet; $I upper-cased letters of national alphabet; $o additional character set (for example, any non-typable characters). Character sets are defined as follows: $ = [ ] To put this another way, character set is written as combination of characters (see section 4.2.1), for example: $i = [ ¡¢£¤¥¦§¨©ª«¬­®¯àáâãäåæçèéêëìíîïñ] $o = [$! $1 \FF] NOTES: 1) Any character sets are allowed to be defined, including pre-defined. For example, you may include additional characters, such as space character or \FF into the set $! 2) When the sets $i and $I are being defined, the function of switching between lower/upper case is defined automatically. So it is important to have letters being ordered uniformly in these sets. The full character set '?', consisting of [$a $A $1 $!$i $I $o] (just such an order is of importance in the next section), is never formed until all the characters are defined. 4.3.3. Definition of conversion modifiers Then conversion modifiers .c may be defined (see section 4.2.2) in relation to the certain character set ?. It is performed with the line of the form ?.c() = "" Any character from the whole set is converted into an appropriate character, occupying the same position in transformation string. For example, let ? = [1234567890], then ?.c(0) = "!@#$%^&*()" gives transformation identical to that for Shift keystroke. The characters '\' and ' " ' are to be shielded in conversion string. The numbers of modifiers may vary from 0 to 255. 4.3.4.Special character sets definition Among special character sets are: $v - a set of vowels (in all alphabets being used). It is needed only when .s and .j modifiers are used. $p - a set for insertion and replacement for permutation brackets. It is needed only if automatic generation of this set does not suit you for some reason (see section 4.2.3). These sets are defined in a similar way to the other character sets. 4.4. USEFUL EXAMPLES OF PASSWORD DEFINITION 0) The most typical password definition, similar to that of preceding program versions, is "$s(2) $s(3) $a *". It means that the first three characters, obtained by the program, are to be used and lower-cased Latin letters are to be added next. The second password character is determined rather inaccurately, so the following definition is recommended also: "$s(1) $a $s(3) $a *" (don't use quotes!) If you are searching through some other character set, don't forget to set it to the second position of the password. For example: "$s(1) [$! $1] $s(3) [$! $1] *" (don't use quotes!) 1) Let me cite ZEXPL2L program specification: "Let you have an archive with the password looking like "Heaven!!!", but you have forgotten, how many !s were there in the end and what kind of letters lower- or upper-cased were used: "HeAvEn!!!", "Heaven!" or "HeAven!!!!". But fortunately you remember your password to be 10 characters at most and 7 characters at least." This password will be written in PCL language as follows: "He [aA] v [eE] n ! *" (don't use quotes!) and options -l7 -g10. Suppose that among other things you have mistaken while typing the main part of the password. So the following one is worth attention: "{He [aA] v [eE] n} ! *" (don't use quotes!) and options -l7 -g10. 2) One more citation from the same specification: "Let you have two variants of the password string: "myprog", "MyProg", "my_prog" and "My_Prog". It will be written as: "[mM] y [_ \0] [pP] rog" (don't use quotes!) 3) It is often recommended to use two meaningful words, separated by certain character, as a password. The description is as following: "$w [$1 $!] $w" or "$w.u(1) [$1 $!] $w.u(1)" (don't use quotes!) It should be mentioned that both $w are distinct here (these are distinct words), so a total of 20000 * 42 * 20000 = 1.68E10 passwords (if there are 20000 dictionary words) will be generated , i. e. it takes, on the average, less than a day to crack passwords, considered to be extremely hard for crac- king. Thus, just two successive words are cracked 42 times faster. 4) Password consists of exactly six letters from national alphabet: "$i $i $i $i $i $i" (don't use quotes!) But "$i *" and -16 -g6 options are far more efficient. 6) You remember your password to be "MyVeryLongGoodPassword", but it is not do for some reason. Try to use the following ones: "{MyVeryLongGoodPassword}" 2382 passwords in 1 second "{MyVeryLongGoodPassword}.2" 2836413 passwords in 1 minute "{MyVeryLongGoodPassword}.3" ??? passwords in 2-3 days 7) You know you password to be a meaningful word with a digit inserted elsewhere. The definition file is: $p = [$1] # the insertion set is defined as a set of digits ## {$w} 8) Syllable attack. You are to set up a dictionary of possible syllables of your language and then to search through all the meaningful words by proceeding as follows: $u # monosyllabic words $u$u # disyllabic words $u$u$u # etc. $u$u$u$u ... 9) In order to run your program in parallel on two computers, give them the following definition files: "[abcdefghijklm] $a *" for the first one, "[nopqrstuvwxyz] $a *" for the second one. Proceed similarly with n computers. 5. Frequently Asked Questions (FAQ) 1. A message "No matching passwords" is displayed. Following are possible reasons and how to clear them away: 1) If there are many files in your archive then the error may be caused by automatic mode imperfection. Start with removing all large files (exceeding 1015K) from your archive. 2) If this effort is of no avail, then you are to run YAAC program with -v option and to analyze output information. Such information includes file name, followed by four digits and a set of the first two possible password characters, which has become appropriate after this file is processed, for each file from the password. So, if this information is somewhat like: FILE1.EXT 1881 940 2050 1504 po = 422 pp = 421 pr = 427 ps = 426 pt = 425 pu = 424 pv = 431 pw = 430 px = 429 py = 428 pz = 435 FILE2.EXT 959 479 1045 764 FILE3.EXT 1317 658 1435 1052 so, it is evident that the set of the first two characters for FILE2.EXT became empty and this file IS NEEDED TO BE REMOVED from the archive. It may similarly occur that a set of first two characters becomes stable for a while and then decreases drastically; when such is the case you should better to remove this file too. If this effort is of no avail, remove the first half of files from the archive. 3) Non-standard characters were used in the password. Include all possible characters into the $o set. 4) Do away with automatic mode of operation. 2. How to break and then to continue the search. The program may be broken painlessly once the message "Testing XX-chars passwords..." is displayed, and then the search may be continued with - lXX option (both XX are equal). 3. How to resume search from the password XXX? In no way as yet. I hope, it will be done in the PCL 3.0. 4. The program has been searching for 10 days, but my password is not yet at hand. Alas! It can't be helped. May be your password is too long, or the search set is wrong, or the first two characters are determined incorrectly. See section 5.1. 5. There are files with different passwords in the archive. What am I to do? You will have to search files with the same passwords manually. It seems likely that you are to leave the smallest file in the archive, find its password and check the rest files for being suitable for this password. After all remove all these files and repeat the procedure once again. 6. My password is "abc", but your program cannot find it. If the password consists of less than four characters, it may be determined as "doubled" password (two times longer). This is not an error but a small inherited defect. 6a. My password is "A$rrr", but your program does not find it, though the set of the first two characters is produced correctly. Try -n option. Without this option the program truncates the set of two first possible characters up to recommended set, which does not need to include the second character '$' of your password. 6b. I have tested your program. To my mind, your program is nothing but utter error, it cannot even find "aaa2"-like password. RTFM. Distributive file password.def searches through only lo- wer-cased Latin letters. Change your password definition to "$s(2) $s(3) [$a $1] *" and all will be OK. 7. I have one plaintext file. Will it be useful to me? Surely. Use plain-text crackers at http://www.password- crackers.com 8. Your program does not want to recognize self-extracting archive. You are to find the beginning of archived data (60 EA signature) and to remove all the code from the beginning up to this position, thus you get an ordinary ARJ-archive. 9. Is there any option to save program operation log? Probably, you have never dealt with UNIX. Use yaac [parameters] > log_file. If you don't like this, you may use "tee" utility. 10. Your program operates in Windows NT two times slower than in MS-DOS. Allow this program the 100% CPU time. All you have to do is to click mouse button at the free space in the taskbar and then click at your program window. 11. Your distribution kit is packed with a password in itself!!! I do not find it funny! You are reading this file, so you have solved this problem. 6. Conclusions and perspectives 1) It is likely that it is possible to design more or less adequate function for block ratio determination and thereby to do away with inconvenient nonautomatic mode of operation. 2) It seems to me, it is possible to extend the algorithm in use in order to make it search through 7-9 character passwords only and then to search through nothing but those passwords, the first 7-9 characters of which meet certain criterion. This will allow to increase the effective length of the password being searched up to 13-15 characters. 3) The password is cracked very easy if there are files with the compression ratio equal to 1 (-m0) in the archive. Archive encryption with GOST (-hg option) was included into ARJ 2.55 version. Supporting this kind of encryption by this program, if at all, will decrease its rate by 1-2 orders. 7. On PCL library PCL library is distributed by the author as FREEWARE in the form of source text as well as .LIB (for Borland, Watcom C) or .a (for DJGPP) files. The reference to PCL as an obligatory requirement for your programs. Now it is under development, so I'll be very glad to any comments on defect and errors in the program, especially to those guiding the way for improvements and supplements. 8. How to contact the author Only by e-mail. FIDO: 2:5030/145.17 e-mail: psw@ssl.stu.neva.ru WWW: http://www.ssl.stu.neva.ru/psw/ Program support URL is: http://www.password-crackers.com/crack/yaac.html A lot of free, benchmarked password crackers you'll find at http://www.password-crackers.com YAAC is a FREE program, so all the claims will be rejected. Anyway, I'll be very grateful for pointing out manifest errors, such as: - the program hangs up while searching (the lack of displayed messages is not an evidence of hangup); - the program cannot find such-and-such password in such-and-such archive, although the set of characters in search is specified correctly and the first three characters produced are right; - the third character of the password is determined incor- rectly; - in non-automatic mode the program cannot find password for the scheme outlined above. I'll be also glad to any constructive suggestions on improvements of program operation. The discussion of program algorithm and souse codes is possible if you are just interested in this program development. 9. Acknowledgments I am grateful to Anatoly Skoblov for the program BRKARJ, which impelled me to write this program; Mikael Malakhov for the program ARJ_PSW, which source codes were used; Vyacheslav Semenov for his invaluable help in heuristics improving; all those who were assisting, advising and testing YAAC. Good luck! Pavel Semjanov, St.-Petersburg