home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2001 May
/
PCWorld_2001-05_cd.bin
/
Software
/
TemaCD
/
yaac
/
YAAC.TXT
< prev
next >
Wrap
Text File
|
2001-02-16
|
36KB
|
938 lines
Y A A C
(Yet Another ARJ Cracker)
v. 1.0a
(c) Copyright PSW-soft 1994-2001 by P. Semjanov
THIS PROGRAM VERSION IS DISTRIBUTED "AS IS". YOU MAY USE IT
AT YOUR OWN RISK. ALL THE CLAIMS TO PROGRAM OPERATION WILL BE
REJECTED. THE AUTHOR DOES NOT ALSO GUARANTEE THIS PROGRAM
FUTURE MAINTENANCE AND UPDATE.
This is FREEWARE program, so it can be distributed under the
following conditions: program code is kept unchanged and the
program is distributed in the form of distributive archive.
Any commercial use of this program is prohibited!
1. PURPOSES AND CHARACTERISTICS
The YAAC program is designed to determine a "forgotten"
password for ARJ-archives. This program operates adequately
with ARJ-archives versions 2.30-2.75 and also with
ARJ32-archives versions 3.0-3.08 (but also is to be adequate
to the later ARJ versions provided that file format will still
be the same). From 2.55 version and on, the author of ARJ has
added a new encryption procedure (according to GOST standard),
but this program does not support it (see section 6).
To proceed with YAAC program you need a computer with the
80386 compatible processor or later. It is recommended to use
as powerful processor as possible (the code is optimized for
Pentium II).
YAAC is the tool for professionals, no GUI or great service
is provided. But it tries to maximize your abilities for
passwords definition and to minimize search time. YAAC uses
Password Cracking Library (PCL), a very powerful tool
allowing you to define rules to generate passwords. The YAAC
program DOES NOT use exhaustive search; in particular, it
determines the first and the third character of the password
reliably. Furthermore, most of passwords to be searched
through is discarded beforehand, provided the beginning of
these passwords does not met some heuristics. So it is quite
difficult to estimate the rate of this program. The rate of
password search is approximately 1000000 passwords per second
on Pentium II/333. What actually happens is that you will get
your password much faster. In principle, YAAC can crack
potentially 12-14-character password, which is beyond the po-
wer of any other program. The rate for dictionary attack is
approximately 300000 passwords per second.
2. REQUIREMENTS FOR INPUT ARCHIVE
To ensure the program to process an ARJ-archive under test
successfully, the following requirements are to be met:
- All the files were encrypted with the same password;
- A new encryption procedure (-hg) was not used;
- -jh, -m0, -m4 options were not used in archiving.
The program will perform at its best if
- there are a lot of files in the archive. On no account
some (large) files should be removed from the archive before
the program runs;
- there are some small (100-500 byte) files in the archive.
YAAC supports some types of self-extracting archives (see
section 5.8).
If you have one plaintext file at least in addition to the
encrypted archive, an effective plaintext attack can be
performed. For this purpose you can use known-plaintext
crackers (look at http://www.password-crackers.com)
3. WORKING WITH THE PROGRAM.
The program has two modes of operation: automatic mode and
advanced user mode.
To run the program in either YOU ARE TO CREATE PASSWORD
DEFINITION FILE firstly (see section 4).
You may run the program under MS-DOS, any Windows, Linux.
You need any DPMI-host to run the program under MS-DOS. If
you have no DPMI-host, you may use FREEWARE CWSDPMI (it is
not included in this package), get it at
ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp/v2misc/csdpmi5b.zip.
3.1. Automatic mode (most convenient).
To run the program in this mode you are to use the command
YAAC [options] archive [.ARJ]
If the password is 3 characters length at most, then it is
printed immediately.
Otherwise the program produces all possible combinations of
two first characters of the password ("The password may begin
with:") and the third character ("The 3rd char is:"). These
suggestions are based on all the possible characters from the
set '?' (see section 4.2.1).
Then the program produces the recommended set of characters
("Recommended set of chars:"). Relying on these data, you may
guess the characters that comprise your password.
The following advices may be given here:
- in most cases passwords are limited by lower-case Latin
letters ($a);
- the program determines the first and the third characters of
the password most exactly, so it is these characters that
allow you to determine the character set to be used;
- when the whole set of characters is used the time of
password search is several orders longer than that for the set
$a.
The password determined is printed in such a form:
truepass CRC OK
All the other program messages both with "CRC ERROR" label and
without it are not passwords.
The options in this mode are:
-lXX - to set password length to XX at least (XX =
0..255, XX = 1 by default). This parameter affects password
length only when '*' is used in its definition (see section
4.2.1);
-gXX - to set password length to XX at most (XX = 0..255,
XX = 8 by default);
-n - as usual, the program truncates a set of two first
characters $s(2) up to those, which fall within a recommended
set. This option lifts this restriction.
-pXXXX - to set the name of password definition file
("PASSWORD.DEF" by default). Long file names are valid for
Windows 95/98 only (not MS DOS or Windows NT);
-b - to perform benchmarking;
-v - debug mode (see section 5.1). It may be used to show
character sets in use. This option generates also all the
passwords according to with their definition; it does not test
but prints them, so you can check their validity.
ATTENTION: when this mode is used for the passwords with '*'
regular character, the program does not print all the
passwords, because some of them are discarded beforehand.
Actually tested passwords are marked as "slow test".
3.2. Advanced user mode
The necessity of considering this mode stems from the fact
that the author failed to design such a function, which can
exactly determine two first characters of the password. But
this can be done manually according to the following scheme:
1) Choose several small files from your archive (let it be
called YOUR.ARJ);
2) Run the program
YAAC -c YOUR.ARJ
in order to determine the original length and compression
ratio of these files and the version of ARJ used;
Carry out the following operations for each of these files
(for example, for the file SAMPLE.EXE of the length 10000 and
of the compression ratio = 0.6):
3) Find files with the same extension (*.EXE) and
approximately of the same length +-50% (7500-15000) on your
hard disk;
4) Compress these files with the same version of ARJ archiver
to the other archive OTHER.ARJ;
5) Run the program
YAAC -c OTHER.ARJ,
and choose out of these files those ones, which compression
ratio differs by 2-3% (0.57-0.63) at most from the original
one;
6) Find maximum and minimum values from the column Block ratio
(let it be 0.66 and 0.75) for these files;
7) Add a line
SAMPLE.EXE 0.66 0.75
into the file YAAC.SIZ;
After you have finished with all the files
8) Run the program
YAAC -f YOUR.ARJ
Some remarks:
- If you have failed to find any file with such an extension,
try to find files of the similar length (+-10%), and choose
those giving the same compression;
- If you have found only 1-2 suitable files, then you are to
subtract 0.05 from the minimum value of the Block ratio and to
add 0.05 to the maximum one;
- The Block ratio values may exceed 1.0, but not 1.2, and are
unlikely to be exceeded by 0.3. Regular values are in
0.75..0.95;
- You may also try to archive the files found with ARJ options
-jm, -m2, -m3.
Any option of automatic mode can be used in conjunction with
-f option in this mode.
4. THE USE OF PASSWORD DEFINITION FILE IN CHOOSING OF MODE OF
OPERATION AND PASSWORD SET
Password definition file is the main control file.
Its translation and processing are the main task of PCL
library. Its format doesn't depend on application, to which
PCL is linked, so this library can be used for any password
searching program.
4.1. Password definition file format
Password definition file is an ordinary text file and consists
of two parts: firstly, dictionary and character set
definition, and secondly, passwords definition; the parts are
separated by a line of two '##' symbols:
[ <dictionary and character set definition> ]
##
<passwords definition>
The first part may be omitted, in that case password
definition file is to begin with '##' symbols.
Anywhere else the symbol '#' is considered as a comment
beginning.
Space characters and tabs are ignored in password definition
file and may separate any components.
For convenience, let password definition mechanism be our
first concern and character set definition be the second one,
contrary to their position in password definition file.
4.2. Password definition
This is the main part of the file. IT NECESSARILY PRESENTS IN
ANY PASSWORD DEFINITION FILE (PASSWORD.DEF) AFTER THE LINE
'##' and presets password generation rules to be checked later
on. It consists of text lines, each giving its own password
set and mode of operation, i. e. an algorithm of password
search. Each line is in its own right and is processed
separately, so the total number of passwords checked is
computed.
Character sets and dictionary words form password definition.
They preset one or more characters, which will hold the
appropriate position in a password.
4.2.1. Character sets
Character set (charset) is a set of characters, which can
occupy current position in a password (but, of course, only
one of them holds it). These characters may be following:
1) Ordinary characters (a, b, etc.). It means that it is this
character that occupies given position in a password;
2) Shielded characters. Special characters, if ever occur in
the password, are to be shielded. The meaning is identical
with mentioned above. Among these are:
\$, \., \*, \?, \= '$', '.', '*', '?', '='
\], \[, \{, \}, \(, \) corresponding brackets;
\ (space character) space character
\XX, where X is a hexadecimal digit
any hex-code character
\0 no character. It is usually
used in conjunction with "real" character (see examples below).
Generally, any character can be shielded except hexadecimal
digits.
3) Macros of character set. It means that current position in
the password can be occupied by any character from the set.
These sets are specified in the first part of password defini-
tion file (see section 4.3.2) and are denoted as:
$a - lower-case Latin letters (26 letters, unless
otherwise specified);
$A - upper-case Latin letters (26 letters, unless
otherwise specified);
$! - special characters (32 characters, unless
otherwise specified);
$1 - digits (10 digits, unless otherwise specified);
$i - lower-case letters of national alphabet (33
letters for Russian alphabet);
$I - upper-case letters of national alphabet (33
letters for Russian alphabet);
$o - other user-specified characters;
? - any character (i. e. all the characters, included
into the macros mentioned above).
NOTE: macros $v and $p (see section 4.3.4) cannot be used for
password definition.
4) Any combinations of the characters mentioned above. It is
written in square brackets. The meaning is identical with
mentioned above. For example:
[$a $A] any Latin letter;
[abc] a, or b, or c;
[$1 abcdef] hexadecimal digit;
[s \0] s or nothing;
[$a $A $1 $! $i $I $o] this is equivalent to ?.
5) Regular duplication character '*'. It means that the
preceding character set is to be duplicated 0 or more times
in corresponding (next) positions of the password. For
example:
$a * - a password of arbitrary length, consisting
of lower-case Latin letters;
[ab] * - space character, a, b, aa, ab, ba, bb,
aaa, ...
[$a $A] [$a $A $1] * - "identifier", i. e. a sequence
of letters and digits with a letter at first
position.
Note that password of zero length is physically meaningful and
is not always the same as no password at all.
The length of duplication is computed automatically by
options, on the basis of given maximum and minimum
password length. Note, that these parameters influence
only password length, generated with the use of '*'
character, and are not taken into account for password,
consisting of words or static characters only. It is
recommended to use '*' as wide as possible. This is because
it allows to perform the most powerful search. Although the
constructions '? *' and '? ? *' seem to be alike from the
logic standpoint, the first one will be searched through
faster.
Current restriction: '*' can be the last character
in the line only.
4.2.2. Dictionary words and their modifiers
The words present several consecutive characters of the
password as opposed to character set. Two dictionaries are
supported in PCL library: main (with ordinary words, as usual)
and user (where special information can be stored, for
example, names, dates, etc.), though there is no difference
between them.
Dictionary is a text file, consisting of words, separated by
the end-of-line characters. Both DOS-format (CR/LF) and
UNIX-format (LF) files may be used. It is desirable (to
increase search rate, among other factors) to use words of the
same (lower) case in dictionaries.
Thus, there are two macros:
$w a word from the main dictionary;
$u a word from the user dictionary.
It is known that altered words are often used as passwords. So
to determine such passwords a whole set of word modifiers is
put into use. Among these are:
.u (upper) to upper-case;
.l (lower) to lower-case;
.t (truncate) to truncate up to the given length;
.c (convert) to convert the word;
.j (joke) to upper-case some letters;
.r (reverse) to reverse the word;
.s (shrink) to shrink the word;
.d (duplicate) to duplicate the word.
Modifiers may have parameters, written in round brackets. For
modifiers, intended for use with single letters, the number of
the letter can be considered as a parameter; no parameters or
null parameter means "the whole word". Letters can be
numerated both from the beginning of the word and from the end.
The end of the word is denoted with the character '-'.
There are only three such modifiers for today: .u, .l, .t. So,
use
.u or .u(0) to upper-case the whole word (PASSWORD);
.u(1), .u(2) to upper-case only the first (the second)
letter (Password, pAssword);
.u(-), .u(-1) to upper-case the last (the next to last)
letter (passworD, passwoRd);
.t(-1) to truncate the last letter in the word
(passwor).
The other modifiers operate with the whole words only and
their parameters give the way of modification. The following
modifier parameters are specified for today:
.j(0) or .j to upper-case odd letters (PaSsWoRd);
.j(1) to upper-case even letters (pAsSwOrD):
.j(2) to upper-case vowels (pAsswOrd);
.j(3) to upper-case consonants (PaSSWoRD);
.r(0) or .r to reverse the word (drowssap);
.s(0) or .s to reduce the word by discarding vowels
unless the first one is a vowel
(password -> psswrd, offset -> offst);
.d(0) or .d to duplicate the word (passwordpassword);
.d(1) to add reversed word (passworddrowssap);
.c(<number>) to convert all the letters in the word
according to the appropriate conversion
string (see section 4.3.3).
All the modifiers operate adequately with both Latin and
national letters, provided that the rules of national
character sets definition are observed. Clearly there can be
more than one modifier (the number of consecutive modifiers
is limited by 63, which is unlikely to be exceeded). For
example: (let $w mean a password):
$w.u(1).u(-) PassworD
$w.s.t(4) pssw
$w.t(4).s pss
Special character sets are also considered as words, because
they can be of arbitrary length. They are denoted as $s(1),
$s(2), ... and depend on peculiarities of the task. Three
special sets are specified for this program:
$s(1) the first letter of the password
$s(2) two first letters
$s(3) the third letter.
You are to bear in mind that special character sets are worth
using only in a certain position, namely $s(1) and $s(2) are
to be the first (they are of 1 and 2 characters length,
respectively), and $s(3) is to occupy the third position in
the password (its length is 1), so the following examples are
meaningful:
$s(2) $s(3)
$s(2) ?
$s(1) ? $s(3)
$s(1) ??
?? $s(3).
All the other, even though they can generate passwords, cannot
be considered valid.
4.2.3. Permutation brackets
The problem is widely met, when you remember your password,
but it is not do for some reason. Probably, you have mistaken
while typing it. This program has its own algorithm to restore
such passwords. The following typing mistakes are considered:
two neighboring letters are swapped (psasword), a letter is
omitted (pasword), an unneeded letter is inserted (passweord)
or one letter is replaced with another (passwird). Such
password changes will be referred to as permutations.
To indicate the beginning and the end of that portion of the
password where permutations could appear, permutation brackets
'{' and '}' are used. The bracket '}' can be followed by a
number of permutations (1 by default), separated by a point
(or in round brackets). The physical meaning of the number of
permutations is the number of simultaneous mistakes. For
example:
{abc} - 182 (different) passwords will be obtained,
including:
bac, acb 2 swaps;
bc, ac, bc 3 omissions;
aabc, babc ... 4 * 26 - 3 insertions;
bbc, cbc ... 3 * 25 replacements;
abc the desired word;
{password}.2 or {password}(2) - the following words will
be generated: psswrod, passwdro, paasswor, etc.;
{$w} - all the words, containing one mistake, from the
main dictionary.
Notes:
1) It is obvious that some passwords will be obtained more
than once, so the larger is the number of permutations, the
larger is the number of replicas. Efforts were made in this
program to reduce replicas, but they are purely empirical and
were made for two permutations at most. In other words, for
the large numbers there is no certainty that a particular
password cannot be discarded erroneously. Fanatics of the
theory of combinations can compute the exact number for
{password}.3, for example, then I'll be able to compare it
with that one obtained by the program.
2) For insertion and replacement you are to know the set of
characters to be inserted or replaced. In the event this set
is not specified explicitly (see section 4.3.4), this program
forms it automatically for character sets, in relation to
standard set these characters are from (i. e. for {password}
$a will be inserted, for {Password} [$a $A] will be inserted).
The similar operation with words is performed, based on the
first word from the dictionary with modifiers being taken into
account. In the event this set is specified explicitly, it is
just the set to be used.
3) Current restriction is that the character '{' must
necessarily be the first in the line. Such
expressions as good_{password} remain to be supported, but
{good}_password is quite possible.
4.3. Dictionaries and character sets definitions
All the definitions are set in the beginning of password
definition file up to the characters '##'.
4.3.1. Dictionaries definition
The main and user dictionaries in use (see section 4.2.2) are
initially defined as usual. It is necessary only if you are
going to use words from the dictionaries when defining
passwords, i. e. $w or $u.
The dictionaries are given as follows:
$w = "main.dic" # main dictionary
$u = "c:\\dict\\user.dic" # user dictionary
File name is to be quoted, the path characters are to be
shielded. Long file names are adequate for Windows 95/98 only
(not for MSDOS or Windows NT).
4.3.2. Definition of the character sets in use
Then character sets in use are defined, as usual. They are
classified in two groups: predefined and user-defined.
Predefined sets include:
$a lower-cased Latin letters, 26 letters in all;
$A upper-cased Latin letters, 26 letters in all;
$! special characters {}:"<>?[];\',./~!@#$%^&*()_+`-=\|,
32 characters in all;
$1 digits, 10 digits in all.
User-defined sets include
$i lower-cased letters of national alphabet;
$I upper-cased letters of national alphabet;
$o additional character set (for example, any
non-typable characters).
Character sets are defined as follows:
$<charset> = [ <single characters or character sets> ]
To put this another way, character set is written as
combination of characters (see section 4.2.1), for example:
$i = [áíóúñѪº¿⌐¬½¼¡«»αßΓπΣσµτΦΘΩδ∞φε∩±]
$o = [$! $1 \FF]
NOTES:
1) Any character sets are allowed to be defined, including
pre-defined. For example, you may include additional
characters, such as space character or \FF into the set $!
2) When the sets $i and $I are being defined, the function of
switching between lower/upper case is defined automatically.
So it is important to have letters being ordered uniformly in
these sets.
The full character set '?', consisting of [$a $A $1 $!$i $I
$o] (just such an order is of importance in the next section),
is never formed until all the characters are defined.
4.3.3. Definition of conversion modifiers
Then conversion modifiers .c may be defined (see section
4.2.2) in relation to the certain character set ?. It is
performed with the line of the form
?.c(<a number>) = "<conversion string>"
Any character from the whole set is converted into an
appropriate character, occupying the same position in
transformation string. For example, let
? = [1234567890], then
?.c(0) = "!@#$%^&*()"
gives transformation identical to that for Shift keystroke.
The characters '\' and ' " ' are to be shielded in conversion
string. The numbers of modifiers may vary from 0 to 255.
4.3.4.Special character sets definition
Among special character sets are:
$v - a set of vowels (in all alphabets being used). It is
needed only when .s and .j modifiers are used.
$p - a set for insertion and replacement for permutation
brackets. It is needed only if automatic generation
of this set does not suit you for some reason (see
section 4.2.3).
These sets are defined in a similar way to the other character
sets.
4.4. USEFUL EXAMPLES OF PASSWORD DEFINITION
0) The most typical password definition, similar to that of
preceding program versions, is "$s(2) $s(3) $a *". It means
that the first three characters, obtained by the program, are
to be used and lower-cased Latin letters are to be added next.
The second password character is determined rather inaccurately, so the
following definition is recommended also:
"$s(1) $a $s(3) $a *" (don't use quotes!)
If you are searching through some other character set, don't
forget to set it to the second position of the password. For
example:
"$s(1) [$! $1] $s(3) [$! $1] *" (don't use quotes!)
1) Let me cite ZEXPL2L program specification:
"Let you have an archive with the password looking like
"Heaven!!!", but you have forgotten, how many !s were there in
the end and what kind of letters lower- or upper-cased were
used: "HeAvEn!!!", "Heaven!" or "HeAven!!!!". But fortunately
you remember your password to be 10 characters at most and 7
characters at least." This password will be written in PCL
language as follows:
"He [aA] v [eE] n ! *" (don't use quotes!)
and options -l7 -g10.
Suppose that among other things you have mistaken while typing
the main part of the password. So the following one is worth
attention:
"{He [aA] v [eE] n} ! *" (don't use quotes!)
and options -l7 -g10.
2) One more citation from the same specification: "Let you
have two variants of the password string: "myprog",
"MyProg", "my_prog" and "My_Prog".
It will be written as:
"[mM] y [_ \0] [pP] rog" (don't use quotes!)
3) It is often recommended to use two meaningful words,
separated by certain character, as a password. The
description is as following:
"$w [$1 $!] $w" or
"$w.u(1) [$1 $!] $w.u(1)" (don't use quotes!)
It should be mentioned that both $w are distinct here (these
are distinct words), so a total of 20000 * 42 * 20000 =
1.68E10 passwords (if there are 20000 dictionary words) will
be generated , i. e. it takes, on the average, less than a day
to crack passwords, considered to be extremely hard for crac-
king. Thus, just two successive words are cracked 42 times
faster.
4) Password consists of exactly six letters from national
alphabet:
"$i $i $i $i $i $i" (don't use quotes!)
But "$i *" and -16 -g6 options are far more efficient.
6) You remember your password to be "MyVeryLongGoodPassword",
but it is not do for some reason. Try to use the following
ones:
"{MyVeryLongGoodPassword}" 2382 passwords in 1 second
"{MyVeryLongGoodPassword}.2" 2836413 passwords in 1 minute
"{MyVeryLongGoodPassword}.3" ??? passwords in 2-3 days
7) You know you password to be a meaningful word with a digit
inserted elsewhere. The definition file is:
$p = [$1] # the insertion set is defined as a set of digits
##
{$w}
8) Syllable attack. You are to set up a dictionary of possible
syllables of your language and then to search through all the
meaningful words by proceeding as follows:
$u # monosyllabic words
$u$u # disyllabic words
$u$u$u # etc.
$u$u$u$u
...
9) In order to run your program in parallel on two computers,
give them the following definition files:
"[abcdefghijklm] $a *" for the first one,
"[nopqrstuvwxyz] $a *" for the second one.
Proceed similarly with n computers.
5. Frequently Asked Questions (FAQ)
1. A message "No matching passwords" is displayed. Following
are possible reasons and how to clear them away:
1) If there are many files in your archive then the error may
be caused by automatic mode imperfection. Start with removing
all large files (exceeding 1015K) from your archive.
2) If this effort is of no avail, then you are to run YAAC
program with -v option and to analyze output information. Such
information includes file name, followed by four digits and a
set of the first two possible password characters, which has
become appropriate after this file is processed, for each file
from the password. So, if this information is somewhat like:
FILE1.EXT 1881 940 2050 1504
po = 422
pp = 421
pr = 427
ps = 426
pt = 425
pu = 424
pv = 431
pw = 430
px = 429
py = 428
pz = 435
FILE2.EXT 959 479 1045 764
FILE3.EXT 1317 658 1435 1052
so, it is evident that the set of the first two characters for
FILE2.EXT became empty and this file IS NEEDED TO BE REMOVED
from the archive. It may similarly occur that a set of first
two characters becomes stable for a while and then decreases
drastically; when such is the case you should better to remove
this file too. If this effort is of no avail, remove the first
half of files from the archive.
3) Non-standard characters were used in the password. Include
all possible characters into the $o set.
4) Do away with automatic mode of operation.
2. How to break and then to continue the search.
The program may be broken painlessly once the message "Testing
XX-chars passwords..." is displayed, and then the search may
be continued with - lXX option (both XX are equal).
3. How to resume search from the password XXX?
In no way as yet. I hope, it will be done in the PCL 3.0.
4. The program has been searching for 10 days, but my password
is not yet at hand.
Alas! It can't be helped. May be your password is too long, or
the search set is wrong, or the first two characters are
determined incorrectly. See section 5.1.
5. There are files with different passwords in the archive.
What am I to do?
You will have to search files with the same passwords
manually. It seems likely that you are to leave the smallest
file in the archive, find its password and check the rest
files for being suitable for this password. After all remove
all these files and repeat the procedure once again.
6. My password is "abc", but your program cannot find it.
If the password consists of less than four characters, it may
be determined as "doubled" password (two times longer). This
is not an error but a small inherited defect.
6a. My password is "A$rrr", but your program does not find it,
though the set of the first two characters is produced
correctly.
Try -n option. Without this option the program truncates the
set of two first possible characters up to recommended set,
which does not need to include the second character '$' of
your password.
6b. I have tested your program. To my mind, your program is
nothing but utter error, it cannot even find "aaa2"-like
password.
RTFM. Distributive file password.def searches through only lo-
wer-cased Latin letters. Change your password definition to
"$s(2) $s(3) [$a $1] *" and all will be OK.
7. I have one plaintext file. Will it be useful to me?
Surely. Use plain-text crackers at http://www.password-
crackers.com
8. Your program does not want to recognize self-extracting
archive.
You are to find the beginning of archived data (60 EA
signature) and to remove all the code from the beginning up
to this position, thus you get an ordinary ARJ-archive.
9. Is there any option to save program operation log?
Probably, you have never dealt with UNIX. Use
yaac [parameters] > log_file.
If you don't like this, you may use "tee" utility.
10. Your program operates in Windows NT two times slower than
in MS-DOS.
Allow this program the 100% CPU time. All you have to do is
to click mouse button at the free space in the taskbar and
then click at your program window.
11. Your distribution kit is packed with a password in
itself!!! I do not find it funny!
You are reading this file, so you have solved this problem.
6. Conclusions and perspectives
1) It is likely that it is possible to design more or less
adequate function for block ratio determination and thereby to
do away with inconvenient nonautomatic mode of operation.
2) It seems to me, it is possible to extend the algorithm in
use in order to make it search through 7-9 character passwords
only and then to search through nothing but those passwords,
the first 7-9 characters of which meet certain criterion. This
will allow to increase the effective length of the password
being searched up to 13-15 characters.
3) The password is cracked very easy if there are files with
the compression ratio equal to 1 (-m0) in the archive.
Archive encryption with GOST (-hg option) was included into
ARJ 2.55 version. Supporting this kind of encryption by this
program, if at all, will decrease its rate by 1-2 orders.
7. On PCL library
PCL library is distributed by the author as FREEWARE in the
form of source text as well as .LIB (for Borland, Watcom C) or
.a (for DJGPP) files. The reference to PCL as an obligatory
requirement for your programs. Now it is under development, so
I'll be very glad to any comments on defect and errors in the
program, especially to those guiding the way for improvements
and supplements.
8. How to contact the author
Only by e-mail.
FIDO: 2:5030/145.17
e-mail: psw@ssl.stu.neva.ru
WWW: http://www.ssl.stu.neva.ru/psw/
Program support URL is:
http://www.password-crackers.com/crack/yaac.html
A lot of free, benchmarked password crackers you'll find at
http://www.password-crackers.com
YAAC is a FREE program, so all the claims will be rejected.
Anyway, I'll be very grateful for pointing out manifest
errors, such as:
- the program hangs up while searching (the lack of displayed
messages is not an evidence of hangup);
- the program cannot find such-and-such password in
such-and-such archive, although the set of characters in
search is specified correctly and the first three characters
produced are right;
- the third character of the password is determined incor-
rectly;
- in non-automatic mode the program cannot find password for
the scheme outlined above.
I'll be also glad to any constructive suggestions on
improvements of program operation.
The discussion of program algorithm and souse codes is
possible if you are just interested in this program
development.
9. Acknowledgments
I am grateful to
Anatoly Skoblov for the program BRKARJ, which impelled me to
write this program;
Mikael Malakhov for the program ARJ_PSW, which source codes
were used;
Vyacheslav Semenov for his invaluable help in heuristics
improving;
all those who were assisting, advising and testing YAAC.
Good luck!
Pavel Semjanov, St.-Petersburg
