--------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5L00000 Date: 05/15/97 From: CAREY BLOODWORTH Time: 09:05pm \/To: MAREK ISALSKI (Read 1 times) Subj: Lost password 1/2 MI> SG> I lost the stupid password from some an archive, well it is actualy MI> SG> hell here without this password. Can I remove this password from the MI> SG> archive or maybe bypass it, or is my archive lost forever? (I hope MI> SG> not ..) MI>AFAIK, the only way round this is to do a brute force method of trying all t MI>possible passwords. Bad news, passwords seem to be case sensitive too! I Here's a text file I found on ARJ's passwording. I don't know how accurate it is. If it is accurate, then it's not really worth using ARJ's passwording! Needless to say, I don't have a program to do this. This text (of questionable accuracy) is all I have. -------- I'm forwarding this sci.crypt for those who may be interested and don't know how the ARJ encryption works. Please don't flame me, I'm not a professional mathematician nor a cryptologist, just someone who was given the right incentive ($$$ :)) to figure out how it works and retrieve a critical file. I know there are those who already know how it works, so you may safely ignore this post > > Hi, my name is John. > Someone told me that you are able to find the password on a ARJ file. > Could you please tell me how? > > Cheers...John. > I'm forwarding a document on the internal structure of .ARJ after the discussion. ARJ encrypts a file by using a simple XOR on a permutation of the password with the text to be encrypted (in this case the compressed file). This permutation of the password is done by XORing each character of the password with some constant that seems to depend on the current clock count. This last point isn't too critical since ARJ stores the value of the count in the local file header of the encrypted file. So .... A = password B = compressed text to be encrypted A' = permuted password B' = encrypted compressed text C = constant ^ = XOR A' = A ^ C B' = B ^ A' So how do we decrypt? Well, let's solve A = A' ^ C A' = B' ^ B ==> A = C ^ B ^ B' We already know C and B', the problem is that we need B (the compressed plaintext) in order to find the password (which is probably why you asked the question in the first place, to get back the compressed plaintext). If you have an old copy of the plaintext or can make an *extremely* good guess of the initial contents of the plaintext, you can compress the plaintext without encryption (B) and then you *should* be able to generate the password as demonstrated above (or at least most of the characters in the password). Then it will take some good old-fashioned deductive-logic and eyeballing to get the length and the rest of the assword. This last part is important if you don't have the original plaintext. Hope this helps, Ralph ARJ TECHNICAL INFORMATION January 1992 ** IMPORTANT NEWS **************************************************** There is an extended header bug in older versions of ARJ, AV.C and UNARJ.C. The extended header processing in read_header() should skip 4 bytes for the extended header CRC and not 2. This is NOT a current problem as no versions of ARJ use the extended header. ********************************************************************** Modification history: Date Description of modification: -------- ------------------------------------------------------------ 12/03/91 Added BACKUP flag to header arj flags. 11/21/91 Described the two types of headers separately. 11/11/91 Added information about the change in text mode processing. 06/28/91 Added several new HOST OS numbers. 05/19/91 Improved the description of extended header processing. 05/11/91 Simplified this document. Added volume label type. 03/11/91 Added directory file type. 02/23/91 Added more comments. 01/10/91 Corrected timestamp description and header order of file mode. 10/30/90 Corrected values of flags in ARJ flags. ARJ archives contains two types of header blocks: Archive main header - This is located at the head of the archive Local file header - This is located before each archived file Structure of main header (low order byte first): Bytes Description ----- ------------------------------------------------------------------ 2 header id (main and local file) = 0xEA60 or 60000U 2 basic header size (from 'first_hdr_size' thru 'comment' below) = first_hdr_size + strlen(filename) + 1 + strlen(comment) + = 0 if end of archive 1 first_hdr_size (size up to and including 'extra data') 1 archiver version number 1 minimum archiver version to extract 1 host OS (0 = MSDOS, 1 = PRIMOS, 2 = UNIX, 3 = AMIGA, 4 = MAC-OS) (5 = OS/2, 6 = APPLE GS, 7 = ATARI ST, 8 = NEXT) (9 = VAX VMS) 1 arj flags (0x01 = NOT USED) (0x02 = RESERVED) (0x04 = VOLUME_FLAG) indicates presence of succeeding volume (0x08 = NOT USED) (0x10 = PATHSYM_FLAG) indicates archive name translated ("\" changed to "/") (0x20 = BACKUP_FLAG) indicates backup type archive 1 reserved 1 file type (2 = comment header) 1 reserved 4 date time when original archive was created 4 reserved 4 reserved 4 reserved 2 filespec position in filename 2 (currently not used) 2 (currently not used) ? (currently none) (Continued to next message) --- QScan/PCB v1.19b / 01-0162 * Origin: Jackalope Junction 501-785-5381 Ft Smith AR (1:3822/1) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5L00001 Date: 05/15/97 From: CAREY BLOODWORTH Time: 09:05pm \/To: MAREK ISALSKI (Read 1 times) Subj: Lost password 2/2 (Continued from previous message) ? filename of archive when created (null-terminated string) ? archive comment (null-terminated string) 4 basic header CRC 2 1st extended header size (0 if none) ? 1st extended header (currently not used) 4 1st extended header's CRC (not present when 0 extended header e) Structure of local file header (low order byte first): Bytes Description ----- ------------------------------------------------------------------ 2 header id (main and local file) = 0xEA60 or 60000U 2 basic header size (from 'first_hdr_size' thru 'comment' below) = first_hdr_size + strlen(filename) + 1 + strlen(comment) + = 0 if end of archive 1 first_hdr_size (size up to and including 'extra data') 1 archiver version number 1 minimum archiver version to extract 1 host OS (0 = MSDOS, 1 = PRIMOS, 2 = UNIX, 3 = AMIGA, 4 = MAC-OS) (5 = OS/2, 6 = APPLE GS, 7 = ATARI ST, 8 = NEXT) (9 = VAX VMS) 1 arj flags (0x01 = GARBLED_FLAG) indicates passworded file (0x02 = RESERVED) (0x04 = VOLUME_FLAG) indicates continued file to next volume (file is split) (0x08 = EXTFILE_FLAG) indicates file starting position field (for split files) (0x10 = PATHSYM_FLAG) indicates filename translated ("\" changed to "/") (0x20 = BACKUP_FLAG) indicates file marked as backup 1 method (0 = stored, 1 = compressed most ... 4 compressed fastest) 1 file type (0 = binary, 1 = 7-bit text) (3 = directory, 4 = volume label) 1 value used to xor against password 4 date time modified 4 compressed size 4 original size (this will be different for text mode compression) 4 original file's CRC 2 filespec position in filename 2 file access mode 2 host data (currently not used) ? extra data 4 bytes for extended file starting position when used (this is present when EXTFILE_FLAG is set) ? filename (null-terminated string) ? comment (null-terminated string) 4 basic header CRC 2 1st extended header size (0 if none) ? 1st extended header (currently not used) 4 1st extended header's CRC (not present when 0 extended header ze) ... ? compressed file Time stamp format: 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 |<---- year-1980 --->|<- month ->|<--- day ---->| 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 |<--- hour --->|<---- minute --->|<- second/2 ->| Compression methods: ARJ methods 1 to 3 use Lempel-Ziv 77 sliding window with static Huffman encoding. ARJ method 4 uses Lempel-Ziv 77 sliding window with pointer/length unary encoding. There is one decoder for methods 1 to 3 and one decoder for method 4. Encryption technology: ARJ does NOT use DES encryption algorithms. It uses a combination of simple exclusive-or operations. Text mode processing: As of ARJ 2.30 and UNARJ 2.30, files archived with the -t1 option will not have the 8th bit stripped unless the file is extracted to a different platform than the original one. Therefore, it is now possible to use ARJ to compress 8-bit text files in text mode and extract them back in 8-bit mode. end of document --- QScan/PCB v1.19b / 01-0162 * Origin: Jackalope Junction 501-785-5381 Ft Smith AR (1:3822/1) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5L00002 Date: 05/15/97 From: HANS MANGOLD Time: 04:39pm \/To: HORST HACKENBRUCH (Read 1 times) Subj: The new ARJ v2.55c public beta test vers16:39:3105/15/97 Hello Horst! 14 May 97 16:31, Horst Hackenbruch wrote to ALL: HH> You can found this files here : HH> or at internet minimal on the FTP sites : HH> FTP://FTP.STD.COM/pub/arj/*.* (both versions) Thanks Horst; I've been trying www.arjsoft.com but cannot connect for well over a week, but I have been able to get 2.55c from Robert's old ftp site :-) The following files are now also available for FReq only from the address below; usual 23hrs/day: ARJ250A.EXE 276,237 12-12-95 5:22p Last official release ARJ255B.EXE 204,733 07-16-96 2:55p Alpha test release "B" ARJ255BX.EXE 201,834 07-16-96 2:55p Same, but export version ARJ255C.EXE 351,441 05-08-97 2:55p Beta test release "C" ARJ255CX.EXE 348,546 05-08-97 2:55p Same, but export version Note the above are *original* file dates & times. Freundliche Gruesse, Hans ... "Frankly my Dear, I don't give a download." -- Rhett SysOp --- GoldED/386 2.50+ / Squish / Maximus / Binkley / WINDOWS 95 / V34+ * Origin: Digital Encounters * Kamloops BC Canada 604/374-6168 (1:353/710) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5P00000 Date: 05/16/97 From: DAMIEN VANEBERCK Time: 10:32pm \/To: ALL (Read 1 times) Subj: * NEW ARJ & JAR last release ARJ and JAR : Last release _ARJ_ : Last official release : 2.50a Date 12 dec 95 Last public beta release : 2.55cx Date 08 may 97 ARJ v2.50a - Official release of the file archiver ARJ, which has hundreds of options. 2.50a fixes wrong password handling. This ARJ release features the ability to archive up to 32,000 files at one time, enhanced SFX modules, a multi-volume SFX module, a search and extract feature, and more. $45 shareware from ARJ Software. ARJ v2.55cx - public BETA TEST release of the file archiver ARJ (world-wide version), which has hundreds of options. This version features Win95 long filename support in ARJ and REARJ, support for archiving up to 65,000 files at one time, multiple volume update support, file version management, and data damage protection options. _JAR_ : Last public beta release : 1.01 Date 24 jan 97 JAR v1.01 - public BETA_3 TEST release of the new file archiver JAR from the makers of ARJ. JAR beats the leading archivers in both compression and features. JAR comes in DOS and Win95/WinNT versions and provides powerful features like multiple volumes, data recovery, file version management, and support for handling over 50,000 filenames. Where to download ? *Programmer's Paradise* 2:293/2009 101:320/1001 2400 - 33600 F/REQ JAR for JAR101DX.EXE ARJ for ARJ250A.EXE ARJ255CX.EXE for last ARJ Beta A new version of the most popular ARJ/JAR Web pages is available on the WWW. The address is http://www.arjsoft.com On the World-Wide-Web: http://www.arjsoft.com or http://www.glo.be/tsf --- ARJ & JAR BBS support * Origin: Programmer's Paradise _Belgium_ 32-10-813088 (2:293/2009) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5P00001 Date: 05/16/97 From: ERIC VANEBERCK Time: 10:40pm \/To: ALL (Read 1 times) Subj: File/Area Archiver Hello All, If you want to receive via BBS or Internet the file/area _ARCHIVER_ Send me a netmail at 2:293/2009 or Eric.Vaneberck@f1001.belqique.fm.alphanet.ch Via BBS : V34+ or ISDN Via Internet : I send it in you mailbox via Fido2Int (great soft) All with TIC files and file_id.diz Eric --- Terminate 4.0+ * Origin: Terminate + Fmail + Golded : the point solution (2:293/2009) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5P00002 Date: 05/14/97 From: CLIFF HETHERINGTON Time: 06:16am \/To: ARJAN VAN DER WERF (Read 1 times) Subj: ARJ/2 Quoted From: Arjan van der Werf To: Cliff Hetherington Date: 02-May-97 Hello Arjan, 02-May-97 19:48:00, Arjan van der Werf wrote to Cliff Hetherington Subject: ARJ/2 CH>> Win95 not just win 3.11 or WfWg 3.11 would enable the use of CH>> JAR32 under OS/2.. AvdW> I believe IBM announced not to support any win32 code beyond AvdW> 1.25 so i don't think that is gonna happen. :( Yup, versions above 1.25 from MSoft were desisgned to cause problems with OS/2's linear memory map apparently:-( Cheers, Cliff Hetherington Written offline at 06:16 Hrs --- Terminate 4.10g02/Pro*at _Tester_ _UK_ * Origin: Cliff's pointing at you from Crystal Tower,London. (2:254/220.105) --------------- FIDO MESSAGE AREA==> TOPIC: 141 ARJ Ref: E5P00003 Date: 05/18/97 From: BENJAMIN GRUND Time: 10:00am \/To: ALL (Read 1 times) Subj: Final Version Sonntag, den 18.05.97. Hallo ! What is the release-date for the final versions of ARJ and JAR ? Bye, Benjamin --- CrossPoint v3.11 * Origin: (2:246/1901.50)