MI> SG> I lost the stupid password from some an archive, well it is actualy
MI> SG> hell here without this password. Can I remove this password from the
MI> SG> archive or maybe bypass it, or is my archive lost forever? (I hope
MI> SG> not ..)
MI>AFAIK, the only way round this is to do a brute force method of trying all
t
MI>possible passwords. Bad news, passwords seem to be case sensitive too! I
Here's a text file I found on ARJ's passwording. I don't know how
accurate it is. If it is accurate, then it's not really worth using
ARJ's passwording!
Needless to say, I don't have a program to do this. This text (of
questionable accuracy) is all I have.
--------
I'm forwarding this sci.crypt for those who may be interested and
don't know how the ARJ encryption works. Please don't flame me,
I'm not a professional mathematician nor a cryptologist, just someone
who was given the right incentive ($$$ :)) to figure out how it works
and retrieve a critical file.
I know there are those who already know how it works, so you may safely
ignore this post
>
> Hi, my name is John.
> Someone told me that you are able to find the password on a ARJ file.
> Could you please tell me how?
>
> Cheers...John.
>
I'm forwarding a document on the internal structure of .ARJ after the
discussion.
ARJ encrypts a file by using a simple XOR on a permutation of the
password with the text to be encrypted (in this case the compressed file).
This permutation of the password is done by XORing each character of the
password with some constant that seems to depend on the current clock
count. This last point isn't too critical since ARJ stores the value
of the count in the local file header of the encrypted file.
So ....
A = password
B = compressed text to be encrypted
A' = permuted password
B' = encrypted compressed text
C = constant
^ = XOR
A' = A ^ C
B' = B ^ A'
So how do we decrypt? Well, let's solve
A = A' ^ C
A' = B' ^ B
==>
A = C ^ B ^ B'
We already know C and B', the problem is that we need B (the
compressed plaintext) in order to find the password (which is probably
why you asked the question in the first place, to get back the
compressed plaintext).
If you have an old copy of the plaintext or can make an *extremely* good
guess of the initial contents of the plaintext, you can compress the
plaintext without encryption (B) and then you *should* be able to generate
the password as demonstrated above (or at least most of the characters
in the password). Then it will take some good old-fashioned
deductive-logic and eyeballing to get the length and the rest of the
assword.
This last part is important if you don't have the original plaintext.
Hope this helps,
Ralph
ARJ TECHNICAL INFORMATION January 1992
** IMPORTANT NEWS ****************************************************
There is an extended header bug in older versions of ARJ, AV.C and
UNARJ.C. The extended header processing in read_header() should
skip 4 bytes for the extended header CRC and not 2. This is NOT a
current problem as no versions of ARJ use the extended header.
**********************************************************************
Modification history:
Date Description of modification:
-------- ------------------------------------------------------------
12/03/91 Added BACKUP flag to header arj flags.
11/21/91 Described the two types of headers separately.
11/11/91 Added information about the change in text mode processing.
06/28/91 Added several new HOST OS numbers.
05/19/91 Improved the description of extended header processing.
05/11/91 Simplified this document. Added volume label type.
03/11/91 Added directory file type.
02/23/91 Added more comments.
01/10/91 Corrected timestamp description and header order of file mode.
10/30/90 Corrected values of flags in ARJ flags.
ARJ archives contains two types of header blocks:
Archive main header - This is located at the head of the archive
Local file header - This is located before each archived file
Structure of main header (low order byte first):
Bytes Description
-----
------------------------------------------------------------------
2 header id (main and local file) = 0xEA60 or 60000U
2 basic header size (from 'first_hdr_size' thru 'comment' below)
= first_hdr_size + strlen(filename) + 1 + strlen(comment) +
= 0 if end of archive
1 first_hdr_size (size up to and including 'extra data')
1 archiver version number
1 minimum archiver version to extract
1 host OS (0 = MSDOS, 1 = PRIMOS, 2 = UNIX, 3 = AMIGA, 4 = MAC-OS)
(5 = OS/2, 6 = APPLE GS, 7 = ATARI ST, 8 = NEXT)
(9 = VAX VMS)
1 arj flags
(0x01 = NOT USED)
(0x02 = RESERVED)
(0x04 = VOLUME_FLAG) indicates presence of succeeding
volume
(0x08 = NOT USED)
(0x10 = PATHSYM_FLAG) indicates archive name translated
("\" changed to "/")
(0x20 = BACKUP_FLAG) indicates backup type archive
1 reserved
1 file type (2 = comment header)
1 reserved
4 date time when original archive was created
4 reserved
4 reserved
4 reserved
2 filespec position in filename
2 (currently not used)
2 (currently not used)
? (currently none)
(Continued to next message)
--- QScan/PCB v1.19b / 01-0162
---------------
* Origin: Jackalope Junction 501-785-5381 Ft Smith AR (1:3822/1)
|