Microsoft Word Document Unprotect Program
-------- ----- ------ --------
Word has a fairly simpleminded encryption facility you can use
to protect your documents from prying eyes. Unfortunately,
three seconds with the hex dump of a "protected" file will
tell you how it's done, and how to undo it without knowing the
passphrase.
In any case, I went to work building wu.exe because I had
forgotten a passphrase I used to protect an important document
I quickly discovered that Word's protection was useless, got
my document back, and started using better encryption.
I still don't know what the passphrase was that I used on my
document, because wu.exe doesn't need to know it. It just
builds a new file with the encryption removed. I decided to
publish this mainly to make the point that it is probably a
very bad idea to depend on Word to protect confidential
information.
There are two versions in this packet; one for Windows and one
for DOS. Copy the one you want to use to wu.exe in some
directory on your path.
winwu.exe is a Windows App, so you can only run it
from Windows.
doswu.exe is a DOS app which will run from DOS or
Windows.
WU.EXE WILL NOT CHANGE YOUR DOCUMENT. It will
only create a new one with the name you specify.
When you want to unprotect a document whose passphrase you
have forgotten (or convince somebody that they should get
better security), use the [File,Run] menu item in Program
Manager or File Manager and enter the line
wu infile outfile
replacing infile and outfile with the names of the file you
want unprotected and of the resulting unprotected file. If
everything goes well, the output file will simply appear in
the current directory, or where you specified if you included
a path in the file name. If something went wrong, you'll get a
message in a window that stays open until you close it. Sorry,
no fancy dialog boxes; the program is really expecting to be
launched by a command-line interpreter (I use and recommend
Eschalon's WinCLI Pro).
The encryption/decryption technical details are contained in
the comments to the source code file.
The source code was compiled with Turbo C++ for Windows and
Zortech C++ for DOS, but I've tried to keep it generic. It
should compile under any C++ compiler with few if any changes.
NOTE:
I haven't tested this on a huge number of Word documents; just
a bunch created with Word for Windows Versions 1 and 2. There
may be some version or versions that use the part of the
header record that wu.exe expects to find all zero. If this
happens, wu.exe will just refuse to function (with an
appropriate message). I would appreciate a note from anyone
who discovers such a situation or any other that interferes
with decryption. The technique used is very simple and there
is more technique that can be applied if this doesn't work in
every case.
COPYRIGHT, etc:
This work is released into the Public Domain and may be freely
used, distributed and copied. I would appreciate attribution
when it is appropriate. It is released with all the usual
disclaimers; in short, you are solely responsible for anything
you do to yourself or anybody else with this program. If
that's a problem you should erase it immediately.
Authentication:
The file doswu.sig contains a PGP Version 2 digital signature for
doswu.exe. My key is published on the end of just about every
message I put on a BBS or UseNet. You can't right off trust
the key at the end of this file to authenticate doswu.exe, but
you can use it to send me a message. If I can read the
message, either you've got a trustworthy key or we are in deep
doodoo with some very powerful people. If you live in the USA
or France, where using PGP may be illegal, I can only
sympathise. In any case, you can always recompile the source
if you have any concern about the executable.
HELLO MICROSOFT:
If any of you are listening; it would be very nice if future
versions of Winword had competent encryption that can't be
broken by any kid who understands his Spiderman Secret Decoder
Ring. A false sense of security is much worse than none at
all. It misleads people into thinking that they have assured
the confidentiality of their documents when they have in fact
not, and should have used another method to do so. The best
approach is to have winword call an external program to do the
encryption. This would let us plug in our favourite
cryptengine and save you a lot of hassle vis-a-vis export
controls on useful crypto technology.
---
Marc Thibault | Automation Architect | All we are saying
[email protected] | R.R.1, Oxford Mills, | is give global
CIS:71441,2226 | Ontario, Canada K0G 1S0 | warming a chance.
NC FreeNet: aa185 | |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.0
mQBNAiqxYTkAAAECALfeHYp0yC80s1ScFvJSpj5eSCAO+hihtneFrrn+vuEcSavh
AAUwpIUGyV2N8n+lFTPnnLc42Ms+c8PJUPYKVI8ABRG0I01hcmMgVGhpYmF1bHQg
PG1hcmNAdGFuZGEuaXNpcy5vcmc+
=HLnv
-----END PGP PUBLIC KEY BLOCK-----
|