121 lines
5.7 KiB
Plaintext
121 lines
5.7 KiB
Plaintext
|
|
Microsoft Word Document Unprotect Program
|
|
-----------------------------------------
|
|
|
|
Word has a fairly simpleminded encryption facility you can use
|
|
to protect your documents from prying eyes. Unfortunately,
|
|
three seconds with the hex dump of a "protected" file will
|
|
tell you how it's done, and how to undo it without knowing the
|
|
passphrase.
|
|
|
|
In any case, I went to work building wu.exe because I had
|
|
forgotten a passphrase I used to protect an important document
|
|
I quickly discovered that Word's protection was useless, got
|
|
my document back, and started using better encryption.
|
|
|
|
I still don't know what the passphrase was that I used on my
|
|
document, because wu.exe doesn't need to know it. It just
|
|
builds a new file with the encryption removed. I decided to
|
|
publish this mainly to make the point that it is probably a
|
|
very bad idea to depend on Word to protect confidential
|
|
information.
|
|
|
|
There are two versions in this packet; one for Windows and one
|
|
for DOS. Copy the one you want to use to wu.exe in some
|
|
directory on your path.
|
|
|
|
winwu.exe is a Windows App, so you can only run it
|
|
from Windows.
|
|
|
|
doswu.exe is a DOS app which will run from DOS or
|
|
Windows.
|
|
|
|
WU.EXE WILL NOT CHANGE YOUR DOCUMENT. It will
|
|
only create a new one with the name you specify.
|
|
|
|
When you want to unprotect a document whose passphrase you
|
|
have forgotten (or convince somebody that they should get
|
|
better security), use the [File,Run] menu item in Program
|
|
Manager or File Manager and enter the line
|
|
|
|
wu infile outfile
|
|
|
|
replacing infile and outfile with the names of the file you
|
|
want unprotected and of the resulting unprotected file. If
|
|
everything goes well, the output file will simply appear in
|
|
the current directory, or where you specified if you included
|
|
a path in the file name. If something went wrong, you'll get a
|
|
message in a window that stays open until you close it. Sorry,
|
|
no fancy dialog boxes; the program is really expecting to be
|
|
launched by a command-line interpreter (I use and recommend
|
|
Eschalon's WinCLI Pro).
|
|
|
|
The encryption/decryption technical details are contained in
|
|
the comments to the source code file.
|
|
|
|
The source code was compiled with Turbo C++ for Windows and
|
|
Zortech C++ for DOS, but I've tried to keep it generic. It
|
|
should compile under any C++ compiler with few if any changes.
|
|
|
|
NOTE:
|
|
I haven't tested this on a huge number of Word documents; just
|
|
a bunch created with Word for Windows Versions 1 and 2. There
|
|
may be some version or versions that use the part of the
|
|
header record that wu.exe expects to find all zero. If this
|
|
happens, wu.exe will just refuse to function (with an
|
|
appropriate message). I would appreciate a note from anyone
|
|
who discovers such a situation or any other that interferes
|
|
with decryption. The technique used is very simple and there
|
|
is more technique that can be applied if this doesn't work in
|
|
every case.
|
|
|
|
COPYRIGHT, etc:
|
|
This work is released into the Public Domain and may be freely
|
|
used, distributed and copied. I would appreciate attribution
|
|
when it is appropriate. It is released with all the usual
|
|
disclaimers; in short, you are solely responsible for anything
|
|
you do to yourself or anybody else with this program. If
|
|
that's a problem you should erase it immediately.
|
|
|
|
Authentication:
|
|
The file doswu.sig contains a PGP Version 2 digital signature for
|
|
doswu.exe. My key is published on the end of just about every
|
|
message I put on a BBS or UseNet. You can't right off trust
|
|
the key at the end of this file to authenticate doswu.exe, but
|
|
you can use it to send me a message. If I can read the
|
|
message, either you've got a trustworthy key or we are in deep
|
|
doodoo with some very powerful people. If you live in the USA
|
|
or France, where using PGP may be illegal, I can only
|
|
sympathise. In any case, you can always recompile the source
|
|
if you have any concern about the executable.
|
|
|
|
HELLO MICROSOFT:
|
|
If any of you are listening; it would be very nice if future
|
|
versions of Winword had competent encryption that can't be
|
|
broken by any kid who understands his Spiderman Secret Decoder
|
|
Ring. A false sense of security is much worse than none at
|
|
all. It misleads people into thinking that they have assured
|
|
the confidentiality of their documents when they have in fact
|
|
not, and should have used another method to do so. The best
|
|
approach is to have winword call an external program to do the
|
|
encryption. This would let us plug in our favourite
|
|
cryptengine and save you a lot of hassle vis-a-vis export
|
|
controls on useful crypto technology.
|
|
|
|
---
|
|
Marc Thibault | Automation Architect | All we are saying
|
|
marc@tanda.isis.org | R.R.1, Oxford Mills, | is give global
|
|
CIS:71441,2226 | Ontario, Canada K0G 1S0 | warming a chance.
|
|
NC FreeNet: aa185 | |
|
|
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
Version: 2.0
|
|
|
|
mQBNAiqxYTkAAAECALfeHYp0yC80s1ScFvJSpj5eSCAO+hihtneFrrn+vuEcSavh
|
|
AAUwpIUGyV2N8n+lFTPnnLc42Ms+c8PJUPYKVI8ABRG0I01hcmMgVGhpYmF1bHQg
|
|
PG1hcmNAdGFuZGEuaXNpcy5vcmc+
|
|
=HLnv
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
|