Database Password

[Keith W]

I have some code which uses the now unsupported "ChrB" function. The code
worked in A97 but does not with A2k3. Can anyone tell me what the following
arguments equate to? Many thanks.

ChrB(19)
ChrB(40)
ChrB(54)
ChrB(55)
ChrB(68)
ChrB(84)
ChrB(93)
ChrB(94)
ChrB(96)
ChrB(123)
ChrB(134)
ChrB(138)
ChrB(148)
ChrB(156)
ChrB(182)
ChrB(198)
ChrB(230)
ChrB(236)
ChrB(251)
ChrB(250)

[Lyle Fairfield]

ChrB(X) simply returns a one byte string representation of X. It may be
difficult to print or see.
Chr(X) returns a two byte unicode representation of X which is easy to
print or see.

Since you are asking in a Password thread I'm guessing these one bytes
are easier, better to use in some kind of byte comparison or operation,
perhaps XOR in Western. There is not much point on operating on zeros as
every other byte.
If so, I'm guessing that just loading the string into a byte array would
be easier, but I'm speculating here.

--
Lyle Fairfield

[Keith W]

"Lyle Fairfield" <lylefa...@aim.com> wrote in message
news:_3Anf.6837$eo....@read1.cgocable.net...

>
> ChrB(X) simply returns a one byte string representation of X. It may be
> difficult to print or see.
> Chr(X) returns a two byte unicode representation of X which is easy to
> print or see.
>
> Since you are asking in a Password thread I'm guessing these one bytes are
> easier, better to use in some kind of byte comparison or operation,
> perhaps XOR in Western. There is not much point on operating on zeros as
> every other byte.
> If so, I'm guessing that just loading the string into a byte array would
> be easier, but I'm speculating here.
>

Hi Lyle, thanks for your response. I'm right on the edge of my knowledge on
this so thanks for your patience. Here's the full code (you're right about
the XOR) - IIRC it originated from Micheal Kaplan (and I've probably spelt
that wrong). It works in A97 but not in A2k3. It seems to fall over where
the empty password array is set. Any help greatly appreciated. And before
anyone jumps in with the rights and wrongs of password cracking, I have a
genuine and legal use for a working version of this code.

Public Function StPasswordOfStDatabase(stDatabase As String) As String
Dim hFile As Integer
Dim ich As Integer
Dim stBuffer As String
Dim rgbytRaw() As Byte
Dim rgbytPassword() As Byte
Dim rgbytNoPassword() As Byte

' Create the byte array with the 20 bytes that are present when there
' is no database password
rgbytNoPassword = ChrB(134) & ChrB(251) & ChrB(236) & ChrB(55) &
ChrB(93) & _
ChrB(68) & ChrB(156) & ChrB(250) & ChrB(198)
& ChrB(94) & _
ChrB(40) & ChrB(230) & ChrB(19) & ChrB(182)
& ChrB(138) & _
ChrB(96) & ChrB(84) & ChrB(148) & ChrB(123)
& ChrB(54)

' Grab the 20 bytes from the real file whose password
' we are supposed to retrieve
hFile = FreeFile
Open stDatabase For Binary As #hFile
Seek #hFile, 66 + 1
rgbytRaw = InputB(20, #hFile)
Close #hFile

' Enough prep, lets get the password now.
ReDim rgbytPassword(0 To 19)
For ich = 0 To 19
rgbytPassword(ich) = rgbytRaw(ich) Xor rgbytNoPassword(ich)
Next ich

' Add a trailing Null so one will always be found, even if the password
is 20
' characters. Then grab up to the first null we find and return the
password
stBuffer = StrConv(rgbytPassword, vbUnicode) & vbNullChar
'StPasswordOfStDatabase = Left$(stBuffer, InStr(1, stBuffer, vbNullChar,
vbBinaryCompare) - 1)
StPasswordOfStDatabase = stBuffer

'To reveal the password, type this into the debug window: ?
StPasswordOfStDatabase("c:\foo.mdb")
'Where("c:\foo.mdb") is the path to and name of the db file

End Function

[Douglas J. Steele]

ChrB is still supported in Access 2003. From the Help file:

The Chr function in Microsoft Access always returns 2-byte characters. In
previous versions of Microsoft Access, Chr(&H41) and ChrB(&H41) were equal,
but in the current version of Microsoft Access, Chr(&H41) and ChrB(&H41) +
ChrB(0) are equal.

?Chr(19) = (ChrB(19) & ChrB(0))
True

--
Doug Steele, Microsoft Access MVP
http://I.Am/DougSteele
(no e-mails, please!)

"Keith W" <he...@there.com> wrote in message
news:439ec03c$1...@glkas0286.greenlnk.net...

[Keith W]

"Douglas J. Steele" <NOSPAM_djsteele@NOSPAM_canada.com> wrote in message
news:M-adnXOc4NX...@rogers.com...

> ChrB is still supported in Access 2003. From the Help file:
>
> The Chr function in Microsoft Access always returns 2-byte characters. In
> previous versions of Microsoft Access, Chr(&H41) and ChrB(&H41) were
> equal, but in the current version of Microsoft Access, Chr(&H41) and
> ChrB(&H41) + ChrB(0) are equal.
>
> ?Chr(19) = (ChrB(19) & ChrB(0))
> True
>

So it looks like my problem is that the blank database password string is
different between 97 and 2k3, is that a reasonable assumption? As I stated
in my reply to Lyle, this code works in A97.

Keith.

[Lyle Fairfield]

Or its location is different. Or the whole procedure has been changed.
Or there are bad sunspots today.
This !!!!!should be!!!! easy (with the example in front of us) but
maybe it isn't. Regardless, I have qualms.
I'd start on location.

[Douglas J. Steele]

"Keith W" <he...@there.com> wrote in message

news:439edb93$1...@glkas0286.greenlnk.net...

Looks like you're talking about the code MichKa has at
http://www.trigeminal.com/code/DatabasePassword.bas

Note that that code is only for Jet 3.0/3.5 databases (i.e. Access 95 or
Access 97)

As MichKa says at http://www.trigeminal.com/codes.asp?ItemID=5#5, "the Jet
4.0 database password is not even close to this easy to crack"

[Keith W]

"Douglas J. Steele" <NOSPAM_djsteele@NOSPAM_canada.com> wrote in message

news:juGdnez3gNDLeQPe...@rogers.com...

>
> As MichKa says at http://www.trigeminal.com/codes.asp?ItemID=5#5, "the Jet
> 4.0 database password is not even close to this easy to crack"
>

Ah, thanks for that, I vaguely remember reading that ages ago but had
forgotten about it.

Regards,
Keith.

[Lyle Fairfield]

Douglas J. Steele wrote:

> As MichKa says at http://www.trigeminal.com/codes.asp?ItemID=5#5, "the Jet
> 4.0 database password is not even close to this easy to crack"

How close is not even close? Perhaps, Michka was crying wolf (maybe
that's not the right expression) in order to discourage the casual
hacker.

[Douglas J. Steele]

"Lyle Fairfield" <lylefa...@aim.com> wrote in message

news:1134511409.1...@g47g2000cwa.googlegroups.com...

Don't know. Since I never use database passwords, I've never bothered
checking.

OTOH, since he gave the code to retrieve 3.0/3.5 passwords, if the 4.0
passwords were that easy to retrieve, I see no reason why he wouldn't have
given that code as well.

[Lyle Fairfield]

Douglas J. Steele wrote:
> "Lyle Fairfield" <lylefa...@aim.com> wrote in message
> news:1134511409.1...@g47g2000cwa.googlegroups.com...
>> Douglas J. Steele wrote:
>>
>>> As MichKa says at http://www.trigeminal.com/codes.asp?ItemID=5#5, "the
>>> Jet
>>> 4.0 database password is not even close to this easy to crack"
>> How close is not even close? Perhaps, Michka was crying wolf (maybe
>> that's not the right expression) in order to discourage the casual
>> hacker.
>
> Don't know. Since I never use database passwords, I've never bothered
> checking.
>
> OTOH, since he gave the code to retrieve 3.0/3.5 passwords, if the 4.0
> passwords were that easy to retrieve, I see no reason why he wouldn't have
> given that code as well.

It's that easy. (I THINK!) I've only just mucked about since the first
post in this thread and I've been out a bit and busy a bit but I can
recover my passwords. Can I recover others? Don't know.

I'm assuming that if I can do it, Michka can do it. I think he wanted to
discourage us from looking. That's fair. Maybe I should have shut up too.

--
Lyle Fairfield

[Lyle Fairfield]

Well, Keith I think this can be done if one follows Michka's lead and
reads between the bytes. But one must find a new key, a different way
of iterating, and a trick that is applied to some bytes but not to
others. Other than that, it's a cinch!
I'm torn about publishing my adaptation of Michka's code (but for JET
4.0). I'm not a great admirer of Michka personally, but I am a great
admirer of his Access. I know that he's very bright and he's very much
in the know about who's doing what to whom. I'd bet 1000000 to 1 that
he broke this a long time ago. So why did he publish the crack for 3.5
but not for 4.0?
He says he did 3.5 to put the crack sellers out of business. Maybe it
didn't work out and he found that his work had been used in a way he
did not want it to be used. Maybe MS suggested he desist. Maybe
something else. I don't know.
Perhaps someone will point out a site or post where it's freely
available which means I could forget about it and do that other thing
... what's it called now?... oh yeah! ... work!

(Of course I've tested this on no one else's DB so I can't say that it
works for sure).

Well a root canal (same tooth, fourth try) goes in the morning. In the
afternoon I'll be all sweetness and light and see if there has been any
further wisdom posted on this topic.

[Larry Linson]

"Lyle Fairfield" <lylefa...@aim.com> wrote

> Well a root canal (same tooth, fourth try) goes in the morning. In the
> afternoon I'll be all sweetness and light and see if there has been any
> further wisdom posted on this topic.

Lyle,

Hope the root canal went smoothly and with as little discomfort as possible.

Larry

[Lyle Fairfield]

It went awry and filled my mouth permanently with the taste and feel of
________. Fill in the blank!

[Larry Linson]

My recollection was that someone said that it wasn't _quite_ as easy to
retrieve the password in Jet 4 because it is stored differently.

But, clearly, it still CAN be retrieved, as witness the many inexpensive
"password recovery packages" available and your effort. Too, User and Group
security can be broken, too, but it must be more effort and/or research,
judging from the difference in cost of those "cracks".

Larry Linson
Microsoft Access MVP

"Lyle Fairfield" <lylefa...@aim.com> wrote in message

news:L1Jnf.6865$eo....@read1.cgocable.net...

[Lyle Fairfield]

Larry Linson wrote:
> My recollection was that someone said that it wasn't _quite_ as easy to
> retrieve the password in Jet 4 because it is stored differently.
>
> But, clearly, it still CAN be retrieved, as witness the many inexpensive
> "password recovery packages" available and your effort. Too, User and Group
> security can be broken, too, but it must be more effort and/or research,
> judging from the difference in cost of those "cracks".

I'd agree about the "wasn't_quite_ as easy". But Michka says:
(http://www.trigeminal.com/lang/1033/codes.asp?ItemID=5#5)
"For what its worth, the Jet 4.0 database password is not even close to
this easy to crack, and no, I will not help you crack it, so don't ask."

I charge zero to get the password for a JET 4.0 db, provided that I can
be assured that everything is legal and ethical. How can one do that? I
have no idea.

--
Lyle Fairfield

[rkc]

Lyle Fairfield wrote:
> It went awry and filled my mouth permanently with the taste and feel of
> ________. Fill in the blank!

Redmound.

[Lyle Fairfield]

If you can read my mind then why do we both need to post things here?

[rkc]

Lyle Fairfield wrote:
> If you can read my mind then why do we both need to post things here?

Because you're Robert De Niro and I'm just some shmuck pretending
to be an actor.

[Lyle Fairfield]

rkc <r...@rochester.yabba.dabba.do.rr.bomb> wrote in news:UHlof.30104
$XC4....@twister.nyroc.rr.com:

> Because you're Robert De Niro ....

He was great in Shane.

--
Lyle Fairfield

[rkc]

Lyle Fairfield wrote:
> rkc <r...@rochester.yabba.dabba.do.rr.bomb> wrote in news:UHlof.30104
> $XC4....@twister.nyroc.rr.com:
>
>
>>Because you're Robert De Niro ....
>
>
> He was great in Shane.

I liked him as Gabby Hayes.

[CDMAP...@fortunejames.com]

If you guys don't behave I'll reply to this post and change the subject
to:

INVEST $6 AND MAKE THOUSANDS LEGALLY!!!

then no one will bother looking at this thread :-).

James A. Fortune