-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathD_README
executable file
·124 lines (97 loc) · 4.1 KB
/
D_README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
WORD97 DECRYPTION
=================
The document test97.doc is encrypted with the password
password1.
To compile this download version 0.5.31 of wv
(later version should have this code integrated into
wv itself) from
http://www.csn.ul.ie/~caolan/publink/mswordview/development/wv-0.5.31.tar.gz
./configure
make &
make install that first.
now run make in this wvDecrypt dir
./wvDecrypt97Test password1 test97.doc
will verify that password1 is the correct password for
test97.doc and will start decrypting the file.
Some quick background on word files.
Each word 97 file consists of a bundle of streams,
the Table stream, the WordDocument stream, and others
such as the SummaryInformation stream, the
DocumentSummaryStream and sometimes a Data stream.
en.01 is the extracted table stream from test97.doc
en.02 is the extracted WordDocument stream from test97.doc
tablefd (when wvDecrypt is run) is the decrypted tablefd
mainfd (when wvDecrypt is run) is the decrypt mainfd, where
the main text is.
The table stream contains the salt that is used by
the decryption process, and is itself encrypted.
So the wvDecrypt97Test program validates the password
and outputs the decrypted table stream to the file
named "tablefd". The main document stream is decrypted
to the file "mainfd"
Most of the code you see here was not written by me,
what was, got rewritten by Fauzan Mirza. I basically
just put the right people together, and provided
the wv api into the word document. The CREDITS file
lists those involved, and what they did.
As promised in previous versions of this document,
the wvDecrypt is now released under the BSD licence,
so anyone can use this whether for commercial use
or not.
Word97 decryption is now an open book. Thanks all !!
its a little shocking that its been so long since
word97 was released and a publically available
compatible decryption engine, but that gap has
been filled now.
The one small thing missing is to use cole to put
the streams back together into a decrypted word
document, rather than the seperated streams, as it
stands it does exactly what I want for the wv
library, but i'll get around to that unless someone
else wants to do it, its pretty trivial to wrap
it back into a word doc, only you will just have to
set the fEncrypted bit in the fib to 0, to show that
the doc is decrypted.
WORD95 DECRYPTION
=================
The document test95.doc is encrypted with the password
password1.
To compile this download version 0.5.31 of wv
(later version should have this code integrated into
wv itself) from
http://www.csn.ul.ie/~caolan/publink/mswordview/development/wv-0.5.31.tar.gz
./configure
make &
make install that first.
now run make in this wvDecrypt dir
./wvDecrypt95Test password1 test95.doc
will verify that password1 is the correct password for
test95.doc and will start decrypting the file.
Some quick background on word files.
Each word 95 files consists of a number of streams
but unlike word97 only one is of importance, i.e.
the WordDocument stream.
encrypt95.01 is the extracted WordDocument stream from test95.doc
mainfd (when wvDecrypt is run) is the decrypt mainfd
The word95 code was written by me and is also released under the
BSD licence unlike the rest of wv, coz I want to see the
password stuff as widely distributed as possible.
The word95 decryption is simpler than the word97 one, but might
not be 100% complete as it is freshly added in here. It also
might be the exact same as word 6 encryption, though someone
has to test that for me.
The one small thing missing is to use cole to put
the streams back together into a decrypted word
document, rather than the seperated streams, as it
stands it does exactly what I want for the wv
library, but i'll get around to that unless someone
else wants to do it, its pretty trivial to wrap
it back into a word doc, only you will just have to
set the fEncrypted bit in the fib to 0, to show that
the doc is decrypted.
C.
If you want something to investigate ole2 streams
try the perl laola at
http://wwwwbs.cs.tu-berlin.de/~schwartz/pmh/laola.html
More information on the wv library can be got at
http://www.csn.ul.ie/~caolan/docs/MSWordView.html