Microsoft Word Document Unprotect Program ----------------------------------------- Word has a fairly simpleminded encryption facility you can use to protect your documents from prying eyes. Unfortunately, three seconds with the hex dump of a "protected" file will tell you how it's done, and how to undo it without knowing the passphrase. In any case, I went to work building wu.exe because I had forgotten a passphrase I used to protect an important document I quickly discovered that Word's protection was useless, got my document back, and started using better encryption. I still don't know what the passphrase was that I used on my document, because wu.exe doesn't need to know it. It just builds a new file with the encryption removed. I decided to publish this mainly to make the point that it is probably a very bad idea to depend on Word to protect confidential information. There are two versions in this packet; one for Windows and one for DOS. Copy the one you want to use to wu.exe in some directory on your path. winwu.exe is a Windows App, so you can only run it from Windows. doswu.exe is a DOS app which will run from DOS or Windows. WU.EXE WILL NOT CHANGE YOUR DOCUMENT. It will only create a new one with the name you specify. When you want to unprotect a document whose passphrase you have forgotten (or convince somebody that they should get better security), use the [File,Run] menu item in Program Manager or File Manager and enter the line wu infile outfile replacing infile and outfile with the names of the file you want unprotected and of the resulting unprotected file. If everything goes well, the output file will simply appear in the current directory, or where you specified if you included a path in the file name. If something went wrong, you'll get a message in a window that stays open until you close it. Sorry, no fancy dialog boxes; the program is really expecting to be launched by a command-line interpreter (I use and recommend Eschalon's WinCLI Pro). The encryption/decryption technical details are contained in the comments to the source code file. The source code was compiled with Turbo C++ for Windows and Zortech C++ for DOS, but I've tried to keep it generic. It should compile under any C++ compiler with few if any changes. NOTE: I haven't tested this on a huge number of Word documents; just a bunch created with Word for Windows Versions 1 and 2. There may be some version or versions that use the part of the header record that wu.exe expects to find all zero. If this happens, wu.exe will just refuse to function (with an appropriate message). I would appreciate a note from anyone who discovers such a situation or any other that interferes with decryption. The technique used is very simple and there is more technique that can be applied if this doesn't work in every case. COPYRIGHT, etc: This work is released into the Public Domain and may be freely used, distributed and copied. I would appreciate attribution when it is appropriate. It is released with all the usual disclaimers; in short, you are solely responsible for anything you do to yourself or anybody else with this program. If that's a problem you should erase it immediately. Authentication: The file doswu.sig contains a PGP Version 2 digital signature for doswu.exe. My key is published on the end of just about every message I put on a BBS or UseNet. You can't right off trust the key at the end of this file to authenticate doswu.exe, but you can use it to send me a message. If I can read the message, either you've got a trustworthy key or we are in deep doodoo with some very powerful people. If you live in the USA or France, where using PGP may be illegal, I can only sympathise. In any case, you can always recompile the source if you have any concern about the executable. HELLO MICROSOFT: If any of you are listening; it would be very nice if future versions of Winword had competent encryption that can't be broken by any kid who understands his Spiderman Secret Decoder Ring. A false sense of security is much worse than none at all. It misleads people into thinking that they have assured the confidentiality of their documents when they have in fact not, and should have used another method to do so. The best approach is to have winword call an external program to do the encryption. This would let us plug in our favourite cryptengine and save you a lot of hassle vis-a-vis export controls on useful crypto technology. --- Marc Thibault | Automation Architect | All we are saying marc@tanda.isis.org | R.R.1, Oxford Mills, | is give global CIS:71441,2226 | Ontario, Canada K0G 1S0 | warming a chance. NC FreeNet: aa185 | | -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.0 mQBNAiqxYTkAAAECALfeHYp0yC80s1ScFvJSpj5eSCAO+hihtneFrrn+vuEcSavh AAUwpIUGyV2N8n+lFTPnnLc42Ms+c8PJUPYKVI8ABRG0I01hcmMgVGhpYmF1bHQg PG1hcmNAdGFuZGEuaXNpcy5vcmc+ =HLnv -----END PGP PUBLIC KEY BLOCK-----